Bridging the Gap Between Research and Practice in Intelligently Bypassing WAF

AI-enabled cyber attack is fast becoming a prevalent topic. One of the representative topics is to utilize AI to learn how to bypass web application firewalls (WAFs). The general workflow includes three steps. First, build the original payload dataset that may be blocked by WAF, and collect the mutation operation set such as case substitution and adding comments in SQL injection. Second, use heuristic algorithm or reinforcement learning (RL) to explore a combination of operations to bypass the WAF. Finally, …

ai-enabled algorithm application attack blocked build bypass bypassing case collect comments cyber fast firewalls gap general injection learn may operations payload practice research sql sql injection topics waf web web application web application firewalls