DEV Community

openappsec
openappsec

Posted on

3 1

open-appsec NGINX WAF makes machine learning friendly using gamification

In a previous blog we explained how open-appsec, an open source WAF project, is using machine-learning to preemptively block attacks against Web Apps & APIs.

Machine learning is often a black-box which is difficult to understand and track. open-appsec uses gamification in order to demonstrate the learning progress.

We developed a system that uses human understandable terms to describe the progress of learning as well as explanation as to what is needed in order to reach the next level.

open-appsec machine learning levels

Depending on amount and variance of traffic the machine learning engine will reach a stage where it has observed a sufficient amount of web requests to understand how the application is used. The faster this stage is reached, the faster detection is accurate and it is recommended to move to Prevent mode.

When the learning level becomes Graduate, it is recommended to change the Mode to Prevent. Graduate level ensures very good level of accuracy (e.g. low amount of false positives). To reach Master or PhD level is is necessary to configure Trusted Sources. The Phd level is the highest level, which means that more learning is less likely going to improve the model further.

open-appsec machine learning gamification

To speed up the learning period the Contextual Machine Learning engine proposes tuning suggestions. The administrator can review the tuning suggestions and help the engine reach even better accuracy, a Machine Learning process also known as supervised learning.

We get nice feedbacks from users saying that this allows them to understands the status and what they are expected to do no next.

For additional details see here.

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more →

Top comments (0)

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

đź‘‹ Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay