Web applications are increasingly exposed to application-layer cyberattacks such as SQL injection, Cross-Site Scripting (XSS), and malicious request manipulation. Traditional Web Application Firewalls (WAFs) rely on static rule-based detection, which is often ineffective against evolving or obfuscated attack patterns and requires continuous manual updates. To address these limitations, this research proposes a Hybrid Web Application Firewall that integrates signature-based filtering with machine learning–based anomaly detection for intelligent web request security. The proposed system is trained using the CSIC 2010 HTTP dataset containing both legitimate and malicious web traffic. HTTP request data is pre-processed and transformed using TF-IDF vectorization, and a Random Forest classifier is trained to distinguish benign and malicious requests. The trained model is integrated into a Python-based WAF engine that first applies rule-based signature detection and then evaluates requests using machine learning probability thresholds. The system is deployed through a Flask-based API interface that performs real-time request analysis and logs detection results in a database. Experimental evaluation demonstrates high detection accuracy and effective blocking of malicious patterns while maintaining usability for legitimate requests. The hybrid architecture improves adaptability compared to traditional WAFs and provides a lightweight, deployable security solution suitable for academic and small-scale web applications.
Prasad et al. (Mon,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: