SPARTA Results

WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs

Luca Demetrio, Gabriele Costa, Andrea Valenza and Giovanni Lagorio

Web Application Firewalls (WAFs) are plug-and-play security gateways that promise to enhance the security of a (potentially vulnerable) system with minimal cost and configuration. In recent years, machine learning-based WAFs are catching up with traditional, signature-based ones. They are competitive because they do not require predefined rules; instead, they infer their rules through a learning process. In this paper, we present WAF-A-MoLE, a WAF breaching tool. It uses guided mutational-based fuzzing to generate adversarial examples. The main applications include WAF penetration testing, benchmarking and hardening.

Full paper