Correlation analysis for reducing signature-based WAF false positives rates
This paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysi...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Moscow Engineering Physics Institute
2015-12-01
|
Series: | Bezopasnostʹ Informacionnyh Tehnologij |
Subjects: | |
Online Access: | https://bit.mephi.ru/index.php/bit/article/view/63 |
id |
doaj-23ae035fbac742bbac8637eceb7054db |
---|---|
record_format |
Article |
spelling |
doaj-23ae035fbac742bbac8637eceb7054db2020-11-24T23:52:57ZengMoscow Engineering Physics Institute Bezopasnostʹ Informacionnyh Tehnologij2074-71282074-71362015-12-0122463Correlation analysis for reducing signature-based WAF false positives ratesValeriya Grigorjevna Shervarly0Dennis Yurievich Gamayunov1Lomonosov Moscow State UniversityLomonosov Moscow State UniversityThis paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysis of the relationship between the total number of HTTP-transactions observed by WAF, and the number of signatures alerts. The proposed method doesn't require the learning phase, and may be used in production in continuous manner, making it more comfortable for the end user of the WAF.https://bit.mephi.ru/index.php/bit/article/view/63intrusion detectionweb application securitycorrelation analysis |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Valeriya Grigorjevna Shervarly Dennis Yurievich Gamayunov |
spellingShingle |
Valeriya Grigorjevna Shervarly Dennis Yurievich Gamayunov Correlation analysis for reducing signature-based WAF false positives rates Bezopasnostʹ Informacionnyh Tehnologij intrusion detection web application security correlation analysis |
author_facet |
Valeriya Grigorjevna Shervarly Dennis Yurievich Gamayunov |
author_sort |
Valeriya Grigorjevna Shervarly |
title |
Correlation analysis for reducing signature-based WAF false positives rates |
title_short |
Correlation analysis for reducing signature-based WAF false positives rates |
title_full |
Correlation analysis for reducing signature-based WAF false positives rates |
title_fullStr |
Correlation analysis for reducing signature-based WAF false positives rates |
title_full_unstemmed |
Correlation analysis for reducing signature-based WAF false positives rates |
title_sort |
correlation analysis for reducing signature-based waf false positives rates |
publisher |
Moscow Engineering Physics Institute |
series |
Bezopasnostʹ Informacionnyh Tehnologij |
issn |
2074-7128 2074-7136 |
publishDate |
2015-12-01 |
description |
This paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysis of the relationship between the total number of HTTP-transactions observed by WAF, and the number of signatures alerts. The proposed method doesn't require the learning phase, and may be used in production in continuous manner, making it more comfortable for the end user of the WAF. |
topic |
intrusion detection web application security correlation analysis |
url |
https://bit.mephi.ru/index.php/bit/article/view/63 |
work_keys_str_mv |
AT valeriyagrigorjevnashervarly correlationanalysisforreducingsignaturebasedwaffalsepositivesrates AT dennisyurievichgamayunov correlationanalysisforreducingsignaturebasedwaffalsepositivesrates |
_version_ |
1725471300712923136 |