Bypassing Web Application Firewalls Using Deep Reinforcement Learning

Web application firewalls (wafs) are used for protecting web applications from attacks such as sql injection, cross-site request forgery, and cross-site scripting. as a result of the growing complexity of web attacks, wafs need to be tested and updated on a regular basis. there are various tools and techniques to verify the correct performance of a waf. but most of the techniques are manual or use brute-force attacks, so suffer from poor eficacy. in this work, we propose a solution based on reinforcement learning (rl) to discover malicious payloads, which are able to bypass wafs. we provide an rl framework with an environment compatible with openai gym toolset standards. the environment is employed for training agents to implement waf circumvention tasks. the agent mutates the syntax of a malicious payload using a set of modification operators as actions, without changes to its semantic. then, upon waf's reaction to the payload, the environment ascertains a reward for the agent. eventually, based on these rewards, the agent learns a suitable sequence of mutations for any malicious payload. the payloads, which bypass the waf determine rules defects, which can be further used in rule tuning for rule-based wafs. also, it can enrich the machine learning-based wafs datasets for retraining. we use q-learning, advantage actor-critic (a2c), and proximal policy optimization (ppo) algorithms with the deep neural network. our solution is successful in evading signature-based and machine learning-based wafs. while our focus in this work is on sql injection, the method can be simply extended to use for any string-based injection attacks.