The general objective of this project is to build machine learning-assisted web application firewall mechanisms for the identification, analysis and prevention of computer attacks on web applications. The main idea is to combine the flexibility provided by the classification procedures obtained from machine learning models with the codified knowledge integrated in the specification of the OWASP Core Rule Set used by the ModSecurity WAF to detect attacks, while reducing false positives. The next figure shows a high-level overview of the architecture:
This is an auxiliary repository that contains a logging module for WACE and its plugins.
Please see the WACE core repo and the machine learning model repo for the rest of the components.
You can find more information about the project, including published research articles, at the WAF Mind site
RPM packages for Red Hat Enterprise Linux 8 (or any compatible distribution) are provided in the releases page.
For compilation and manual installation instructions, please see the docs directory.
Copyright (c) 2022 Tilsor SA, Universidad de la República and Universidad Católica del Uruguay. All rights reserved.
WACE and its components are distributed under Apache Software License (ASL) version 2. Please see the enclosed LICENSE file for full details.