Tuesday, March 20, 2018

Longjing - Deep Learning Driven Web Application Firewall

Longjing is Chinese green tea and full of antioxiants. It is good for health and to fight against cancer. Longjing Web Application Firewall (WAF) is deep learning driven and developed with Python 3 and Scikit-Learn library. To define it as deep learning is that it uses neural network MLP Classifier to build the model. Even it is a simple neural network MLP classifier, the accuracy rate is very high. It supports Linux system only.

Longjing WAF is mainly design to protect the web applications from being attacked by SQL Injection (SQLi) which is at the top of OWASP Top 10 in 2017. If successfully attacked, data leakage and/or system compromised will be caused. It is a critical vulnerability for web applications.

Longjing WAF is well tested on Damn Vulnerable Web Application (DVWA) with Burp Suite, SQLMap, OWASP ZAP, XSSER and Commix. Not only detects SQLi but also XSS (Cross-site Scripting). The accuracy rate is over 99% under the samples testing. It can be further tune for the false positive easily as the running code is an open source project that released under GPLv3 by Samiux. However, the training data and modelling are not open sourced.

It is not very complicate to install and deploy it. The latest version as at this writing is version 0.9.1. It works with Anaconda 3 and MitmProxy 3.0.3. Anaconda will install all required SciKit-Learn Python Libraries for you and it is also very easy to maintain. MitmProxy will act as a proxy to deal with the HTTP/HTTPS requests and responses.

Longjing is the next generation Web Application Firewall! Fetch it and try!

That's all! See you.


Reference

Longjing - Web Application Firewall