Journal of Advances in Cryptography and Network Security (e-ISSN:3107-9431)

Web applications are increasingly exposed to application-layer cyberattacks such as SQL injection, Cross-Site Scripting (XSS), and malicious request manipulation. Traditional Web Application Firewalls (WAFs) rely on static rule-based detection, which is often ineffective against evolving or obfuscated attack patterns and requires continuous manual updates. To address these limitations, this research proposes a Hybrid Web Application Firewall that integrates signature-based filtering with machine learning–based anomaly detection for intelligent web request security.

The proposed system is trained using the CSIC 2010 HTTP dataset containing both legitimate and malicious web traffic. HTTP request data is pre-processed and transformed using TF-IDF vectorization, and a Random Forest classifier is trained to distinguish benign and malicious requests. The trained model is integrated into a Python-based WAF engine that first applies rule-based signature detection and then evaluates requests using machine learning probability thresholds. The system is deployed through a Flask-based API interface that performs real-time request analysis and logs detection results in a database.

Experimental evaluation demonstrates high detection accuracy and effective blocking of malicious patterns while maintaining usability for legitimate requests. The hybrid architecture improves adaptability compared to traditional WAFs and provides a lightweight, deployable security solution suitable for academic and small-scale web applications.

I. Spangler, “HTTP Dataset CSIC 2010,” Spanish National Research Council (CSIC), 2010. [Online]

F. Valeur, D. Mutz, and G. Vigna, “A learning-based approach to the detection of SQL attacks,” in Proc. 2nd Int. Conf. Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2005, pp. 123–140.

Y. Li, R. Xia, Q. Liu, and X. Li, “Learning to detect malicious web requests using convolutional neural networks,” Computers & Security, vol. 77, pp. 311–324, 2018.

A. K. Singh and M. Kumar, “Machine learning-based web application firewall for web attack detection,” International Journal of Computer Applications, vol. 179, no. 40, pp. 1–6, 2018.

P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges,” Computers & Security, vol. 28, no. 1–2, pp. 18–28, 2009.

K. Gupta, D. P. Kesarkar, M. M. Jadhav, S. S. Lagad, N. B. Korade, and V. Bhutnal, “Smart Defense: Machine Learning-Based Web Application Firewall,” in Proc. IEEE Conf., 2024.

Y. Nikam, S. Ware, T. Patil, H. Waghmare, S. Dedgaonkar, and P. Futane, “AI-Based Web Application Firewall,” in Proc. IEEE Conf., 2025.