Machine Learning-Based Web Application Firewall for Real-Time Threat Detection

The increasing vulnerability of web applications to cyber threats necessitates the development of adaptive defense mechanisms. This paper presents the design and implementation of a Machine Learning-Based Web Application Firewall (WAF), which uses the XGBoost algorithm for real-time detection of SQL Injection (SQLi), Cross-Site Scripting (XSS), and Local File Inclusion (LFI) attacks. Unlike traditional WAFs that rely on static rule-based systems, this ML-driven solution adapts to new attack patterns by learning from web traffic data. The paper workflow encompasses data preprocessing, feature engineering, model training, and application deployment. The machine learning model was trained on a comprehensive dataset of web traffic logs, which included a diverse set of both legitimate and malicious activities. Advanced feature engineering techniques were employed to extract relevant data points from the http requests, allowing the model to capture critical details necessary for accurate threat detection. Once trained, the model was used to build the WAF. The WAF application was then placed in front of the Webserver. All incoming traffic hits the WAF and based on its analysis, it would drop the malicious traffic and allow only normal traffic to the backend Webserver.