Enhancing Cloud Based Web Application Firewall with Machine Learning models for Bot Detection and HTTP Traffic Classification

Recently, cybersecurity attacks has become increasingly complex, with an increase in automated attacks and vulnerabilities exploitations in web applications. Online threats, such as bots or Cross-Site Scripting attacks, represent new challenges for data or user protection. According to the Imperva 2023 report, 49.6% of Internet traffic is composed of bots. Of these, 32% are bad bots, that perform automated tasks with malicious intent, such as extracting data from websites without permission to reuse them and gain a competitive advantage. Cross-Site Scripting and Injection in general, are firmly planted in the OWASP annual report. In the 2023 report, the category dedicated to Injection is in third place. Improvements in machine learning, particularly through unsupervised learning techniques, have opened up new solutions for the detection and prevention of these cyber threats. Past researches have identified machine learning models for detecting bot-generated traffic and for detecting XSS attacks, already demonstrating the potential of these tools. However, implementing these technologies requires a robust and flexible infrastructure, capable of handling large amounts of data and providing adequate computing capacity. The aim of the following thesis is therefore to implement an architecture on the Amazon Web Services public cloud, to enable the use of machine learning models for the detection of automated bots and XSS attacks. The use of cloud computing offers several advantages, such as scalability, the availability of on-demand resources, and the ability to integrate different services together. This architecture aims to combine the strengths of unsupervised machine learning techniques with the computational capabilities offered by cloud platforms, providing a scalable solution for web application security. In this thesis, a cloud architecture will be examined to implement a threat detection system based on machine learning, including the analysis of a each architectural component, the integration with other related cloud services, and the integration with a proprietary tool for the defense of web applications. Furthermore, the effectiveness of this architecture will be evaluated on real use cases, in terms of model accuracy but also in terms of execution time.