https://6a9cf20d.website-1u6.pages.dev/tags/machinelearning/Recent content in CRS Projecthttps://6a9cf20d.website-1u6.pages.dev/20210519/a-new-attempt-to-combine-the-crs-with-machine-learning/Wed, 19 May 2021 09:24:47 +0200<p><em>The following is a contributing blog post by Floriane Gilliéron. You can reach Floriane via firstname dot lastname at gmail.com.</em></p> <p>My Master Thesis from <a href="https://www.epfl.ch">EPFL</a> tackled the challenge of using machine learning to improve the performance of a ModSecurity web application firewall, used with the <a href="https://coreruleset.org">OWASP Core Rule Set</a>. The initiators of the project were concerned about the high number of false alerts (around 90 per day) issued by their WAF, which from a business point of view did not allow the use of blocking mode. The project was also motivated by the fact that it’s now a common thing to rely on machine learning in web application security, like big WAF vendors such as F5 or Fortinet do.</p>