README.md

---
language:
- en
pipeline_tag: text-classification
tags:
- web-application-firewall
- waf
- security
---

# 4thwall WAF Model

This model is a custom Web Application Firewall (WAF) classifier built by fine-tuning the `distilbert` (DistilBertForSequenceClassification) architecture. It is designed to identify and classify HTTP requests as either safe or potentially malicious (similarly to ModSecurity).

## Model Details

- **Model Type:** Text Classification (DistilBERT)
- **Task:** Identifying Malicious HTTP Requests (Web Application Firewall)
- **Use Case:** Can be used as a standalone classifier or inline ML-based proxy to analyze real-time HTTP traffic and reject high-risk requests (e.g., 403 Forbidden).

## Intended Uses & Limitations

- **Intended Use:** Inspecting HTTP paths, headers, and payloads for malicious intent (e.g., SQL Injection, XSS, etc.). Ideal for use within an ML pipeline integrating with services like Nginx or a customized inline WAF proxy.
- **Limitations:** The model acts as a learning proxy and can still result in False Positives or False Negatives. Continuous learning and manual feedback over time can help improve model confidence.

## Metrics

During evaluation, the model achieved the following metrics:
- **Accuracy:** 94.23%
- **Precision:** 92.50%
- **Recall:** 93.10%
- **F1 Score:** 92.80%

## How to Get Started with the Model

```python
from transformers import pipeline

# Load the WAF classifier
waf_classifier = pipeline("text-classification", model="your-username/my-waf-model")

# Example request payload
payload = "GET /index.php?id=1 UNION SELECT 1,2,3-- HTTP/1.1"

# Predict if malicious or benign
result = waf_classifier(payload)
print(result)
```