| --- |
| language: |
| - en |
| pipeline_tag: text-classification |
| tags: |
| - web-application-firewall |
| - waf |
| - security |
| --- |
| |
| # 4thwall WAF Model |
|
|
| This model is a custom Web Application Firewall (WAF) classifier built by fine-tuning the `distilbert` (DistilBertForSequenceClassification) architecture. It is designed to identify and classify HTTP requests as either safe or potentially malicious (similarly to ModSecurity). |
|
|
| ## Model Details |
|
|
| - **Model Type:** Text Classification (DistilBERT) |
| - **Task:** Identifying Malicious HTTP Requests (Web Application Firewall) |
| - **Use Case:** Can be used as a standalone classifier or inline ML-based proxy to analyze real-time HTTP traffic and reject high-risk requests (e.g., 403 Forbidden). |
|
|
| ## Intended Uses & Limitations |
|
|
| - **Intended Use:** Inspecting HTTP paths, headers, and payloads for malicious intent (e.g., SQL Injection, XSS, etc.). Ideal for use within an ML pipeline integrating with services like Nginx or a customized inline WAF proxy. |
| - **Limitations:** The model acts as a learning proxy and can still result in False Positives or False Negatives. Continuous learning and manual feedback over time can help improve model confidence. |
|
|
| ## Metrics |
|
|
| During evaluation, the model achieved the following metrics: |
| - **Accuracy:** 94.23% |
| - **Precision:** 92.50% |
| - **Recall:** 93.10% |
| - **F1 Score:** 92.80% |
|
|
| ## How to Get Started with the Model |
|
|
| ```python |
| from transformers import pipeline |
| |
| # Load the WAF classifier |
| waf_classifier = pipeline("text-classification", model="your-username/my-waf-model") |
| |
| # Example request payload |
| payload = "GET /index.php?id=1 UNION SELECT 1,2,3-- HTTP/1.1" |
| |
| # Predict if malicious or benign |
| result = waf_classifier(payload) |
| print(result) |
| ``` |
|
|
