Correlation analysis for reducing signature-based WAF false positives rates

Valeriya Grigorjevna Shervarly; Dennis Yurievich Gamayunov

Безопасность информационных технологий (Dec 2015)

Correlation analysis for reducing signature-based WAF false positives rates

Valeriya Grigorjevna Shervarly,
Dennis Yurievich Gamayunov

Affiliations

Valeriya Grigorjevna Shervarly: Lomonosov Moscow State University
Dennis Yurievich Gamayunov: Lomonosov Moscow State University

Journal volume & issue: Vol. 22, no. 4

Abstract

Read online

This paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysis of the relationship between the total number of HTTP-transactions observed by WAF, and the number of signatures alerts. The proposed method doesn't require the learning phase, and may be used in production in continuous manner, making it more comfortable for the end user of the WAF.

Published in Безопасность информационных технологий

ISSN: 2074-7128 (Print); 2074-7136 (Online)
Publisher: Joint Stock Company "Experimental Scientific and Production Association SPELS
Country of publisher: Russian Federation
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Science: Science (General): Cybernetics: Information theory
Website: https://bit.spels.ru

About the journal

Abstract

Keywords