In a previous blog we explained how open-appsec, an open source WAF project, is using machine-learning to preemptively block attacks against Web Apps & APIs.
Machine learning is often a black-box which is difficult to understand and track. open-appsec uses gamification in order to demonstrate the learning progress.
We developed a system that uses human understandable terms to describe the progress of learning as well as explanation as to what is needed in order to reach the next level.
Depending on amount and variance of traffic the machine learning engine will reach a stage where it has observed a sufficient amount of web requests to understand how the application is used. The faster this stage is reached, the faster detection is accurate and it is recommended to move to Prevent mode.
When the learning level becomes Graduate, it is recommended to change the Mode to Prevent. Graduate level ensures very good level of accuracy (e.g. low amount of false positives). To reach Master or PhD level is is necessary to configure Trusted Sources. The Phd level is the highest level, which means that more learning is less likely going to improve the model further.
To speed up the learning period the Contextual Machine Learning engine proposes tuning suggestions. The administrator can review the tuning suggestions and help the engine reach even better accuracy, a Machine Learning process also known as supervised learning.
We get nice feedbacks from users saying that this allows them to understands the status and what they are expected to do no next.
For additional details see here.
Top comments (0)