Correlation analysis for reducing signature-based WAF false positives rates
This paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysi...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Joint Stock Company "Experimental Scientific and Production Association SPELS
2015-12-01
|
Series: | Безопасность информационных технологий |
Subjects: | |
Online Access: | https://bit.mephi.ru/index.php/bit/article/view/63 |
Summary: | This paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysis of the relationship between the total number of HTTP-transactions observed by WAF, and the number of signatures alerts. The proposed method doesn't require the learning phase, and may be used in production in continuous manner, making it more comfortable for the end user of the WAF. |
---|---|
ISSN: | 2074-7128 2074-7136 |