Bridging the Gap Between Research and Practice in Intelligently Bypassing WAF

AI-enabled cyber attack is fast becoming a prevalent topic. One of the representative topics is to utilize AI to learn how to bypass web application firewalls (WAFs). The general workflow includes three steps. First, build the original payload dataset that may be blocked by WAF, and collect the mutation operation set such as case substitution and adding comments in SQL injection. Second, use heuristic algorithm or reinforcement learning (RL) to explore a combination of operations to bypass the WAF. Finally, the mutated payloads that can bypass WAF are obtained.This workflow has laid a solid foundation for the intelligentization of cyber attacks, but we encounter two key problems in practice. 1) The payloads used in practice are diverse, and their bypass methods are also different. It is difficult for one algorithm to cover all types. 2) Different payloads have different degrees of difficulty to bypass. It is challenging to balance during the search process...

By: Cheng Chi

Full Abstract and Presentation Materials: