Welcome to the repository of our Final Year Project (FYP)! This project showcases the development of a Web Application Firewall (WAF) with Machine Learning capabilities, aimed at protecting websites from common web attacks like SQL Injection (SQLi) and Cross-Site Scripting (XSS).
- Machine Learning Model: Trained using the Random Forest algorithm, achieving 90% accuracy in detecting anomalous or benign traffic.
- Web Technologies: Integrated with ModSecurity, DVWA hosted locally on NGINX running on Ubuntu OS for real-time traffic analysis.
- Tested on DVWA: The ML-powered WAF was tested using the Damn Vulnerable Web Application (DVWA) to simulate attacks and measure the firewallβs effectiveness.
- Real-Time Traffic Detection: The model communicates with ModSecurity to detect and mitigate SQLi and XSS attacks dynamically.
- Django Web Application: ML model deployed using a web interface built with Django and JavaScript, providing real-time insights and security alerts via a dashboard.
- /ml_model: Contains the trained machine learning model and code for traffic classification.
- /django_app: The Django-based web application integrated with ModSecurity to process and display security logs.
- /nginx_modsecurity_setup: Configuration files for setting up ModSecurity with NGINX on Ubuntu.
- /dvwa_testing: Scripts and notes from the testing phase using DVWA.
- Clone the repository:
git clone https://github.com/yourusername/WAF-ML-FYP.git
- Install the necessary dependencies:
sudo apt-get update sudo apt-get install nginx modsecurity python3-pip pip3 install -r requirements.txt
- Configure NGINX and ModSecurity by following the guide in the
nginx_modsecurity_setup/directory, or https://blog.nginx.org/blog/compiling-and-installing-modsecurity-for-open-source-nginx - Train the model or use the pre-trained model from the
ml_model/directory.
- Traffic Flow: Incoming web traffic is routed through DVWA hosted locally on NGINX to ModSecurity, then to Django app on which ML trained model is deployed locally.
- Traffic Classification: ModSecurity logs are passed to the Django application, where the Machine Learning model classifies the traffic as either malicious or benign.
- Alerts & Actions: If malicious traffic is detected (e.g., SQLi or XSS), the system triggers appropriate actions like logging, alerts, or blocking the request.
The system was tested using DVWA to simulate web attacks:
- SQL Injection (SQLi): x% success rate in detection.
- Cross-Site Scripting (XSS): x% success rate in detection.
- Overall Accuracy: 90% accuracy using the Random Forest algorithm.
- Sharif Danish (Team Lead, AI/ML model trainer, & Security Tester)
- Abidullah Nasiri (Backend & Frontend Developer)
- Ismail Karimi (Documentation)
This project is not yet licensed under the MIT License.
- ModSecurity Documentation: https://modsecurity.org/
- Django Framework: https://www.djangoproject.com/
- NGINX Web Server: https://www.nginx.com/
- Kudos to us for our hard work!!!
Note: So far, we have not released the full documentation and code of this project. After we release it, you can contribute, or use it for your own web security research! π
ML model training for http traffic.
Django web app dashboard for ML trained model and modsecurity results.
Nginx configurations on Ubuntu O.S.