In this project I'm trying to create machine learning WAF against injection attacks:
-
Classical SQL-injections (in-band): error-based and union-based.
-
Blind SQL-injections (blind): time-based and boolean-based.
-
Obfuscated SQL-injections (blacklist).
-
Cross-site scripting (XSS).
-
Directory traversal attack (directory traversal).
-
Server-side template injection (SSTI).
-
Benign traffic (benign).
There are used some metrics:
- Balanced Accuracy
- Micro Precision
- Micro Recall
- Micro F1-score
- Macro Precision
- Macro Recall
- Macro F1-score
- Weighted Precision
- Weighted Recall
- Weighted F1-score
- MCC (Matthews Correlation Coefficient)
- Youden's J statistic
And some graphics:
- Micro and Macro ROC-curves. Macro ROC-curve was made using linear interpolation.
- ROC-curves for every class with it's best threshold
- Commented out graphic for cheking if model is overfitting or underfitting (underfit_or_overfit func)
- Precision-recall curves with it's best threshold
Video-demo - https://youtu.be/mOANuc6V80U