Development of an Intelligent Web Application Firewall (WAF) Using Machine Learning for Attack Detection and Prevention

Main Article Content

Padet Sawipan
Tipaporn Supamid

Abstract

This research Development of an Intelligent Web Application Firewall (WAF) Using Machine
Learning for Attack Detection and Prevention. The models used in this research consist of Machine
Learning techniques, including Random Forest and Support Vector Machine (SVM), and a Deep
Learning technique, namely Deep Neural Network (DNN). The system was trained and evaluated
using data from the CIC-IDS2017 Dataset and the OWASP Benchmark Dataset. The experimental
results indicate that the Deep Neural Network (DNN) model, which belongs to the Deep Learning
group, achieved the highest performance, with an average accuracy of 97.60% and an F1-Score of
96.65%, outperforming the Machine Learning models, namely Random Forest and SVM. The
developed WAF system is integrated with the trained model through a RESTful API and is
capable of detecting web attacks in real time, with an average response time of 120 milliseconds.
The system evaluation results show that the developed system achieved an average detection
accuracy of 96.10%. In addition, user satisfaction with the system was at the highest level
(mean score of 4.53 out of 5), particularly in terms of detection accuracy and response speed.
The findings demonstrate that the application of Deep Learning techniques, especially the Deep
Neural Network (DNN) model, can significantly enhance the effectiveness of web attack detection
compared to traditional Machine Learning techniques. Furthermore, the proposed system shows
strong potential as a cybersecurity tool capable of accurately detecting both known and previously
unseen web attacks.

Downloads

Download data is not yet available.

Article Details

How to Cite
[1]
P. Sawipan and T. . Supamid, “Development of an Intelligent Web Application Firewall (WAF) Using Machine Learning for Attack Detection and Prevention”, Def. Technol. Acad. J., vol. 8, no. 17, pp. R61 - R72, Jun. 2026.
Section
Research Articles

References

The Open Web Application Security Project, “OWASP Top 10 - 2021,” 2021. [Online]. Available: https://owasp.org/Top10/. [Accessed: Mar. 11, 2026].

M. E. Durmuşkaya and S. Bayraklı, “Web application firewall based on machine learning models,” PeerJ Computer Science, vol. 11, Art. no. e2975, 2025, doi: 10.7717/ peerj-cs.2975.

M. Ito and H. Iyatomi, “Web application firewall using character-level convolutional neural network,” in Proc. IEEE 14th Int. Colloquium on Signal Processing and Its Applications (CSPA), Kuala Lumpur, Malaysia, Mar. 9-10, 2018, pp. 103-106, doi: 10.1109/ CSPA.2018.8368694.

B. Işık and I. Sogukpinar, “Machine learning based web application firewall,” Expert Systems, vol. 42, Art. no. e13467, 2025, doi: 10.1111/exsy.13467.

G. Betarte, Á. Pardo, and R. Martínez, “Web application attacks detection using machine learning techniques,” in Proc. IEEE 17th Int. Conf. Machine Learning and Applications (ICMLA), Orlando, FL, USA, Dec. 16-19, 2018, pp. 1065-1072, doi: 10.1109/ICMLA. 2018.00167.

B. R. Dawadi, B. Adhikari, and D. K. Srivastava, “Deep learning technique-enabled web application firewall for the detection of web attacks,” Sensors, vol. 23, no. 4, p. 2073, Feb. 2023, doi: 10.3390/s23042073.

A. Moradi Vartouni, M. Teshnehlab, and S. Sedighian Kashi, “Leveraging deep neural networks for anomaly-based web application firewall,” IET Information Security, vol. 13, no. 4, pp. 352-361, Jul. 2019, doi: 10.1049/iet-ifs.2018.5212.

M. Krishnan, Y. Lim, S. Perumal, and G. Palanisamy, “Detection and defending the XSS attack using novel hybrid stacking ensemble learning-based DNN approach,” Digital Communications and Networks, vol. 8, no. 1, pp. 49-60, Feb. 2022, doi: 10.1016/j.dcan.2021.06.004.

R. Vinayakumar et al., “Deep learning approach for intelligent intrusion detection system,” IEEE Access, vol. 7, pp. 41525- 41550, 2019, doi: 10.1109/ACCESS. 2019.2895334.

D. S. Berman, A. L. Buczak, J. S. Chavis, and C. L. Corbett, “A survey of deep learning methods for cyber security,” Information, vol. 10, no. 4, p. 122, Apr. 2019, doi: 10.3390/ info10040122.

D. Chen and D. Zhang, “Deep learning for vulnerability and attack detection on web applications: A systematic literature review,” Sensors, vol. 22, no. 4, Art. no. 118, Mar. 2022, doi: 10.3390/s22010118.

A. S. Alnami and T. B. Kim, “Adaptive web application firewall using risk-based adaptation,” Computers & Security, vol. 101, Art. no. 102120, Feb. 2021, doi: 10.1016/j.cose.2020.102120.

I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” in Proc. 4th Int. Conf. Information Systems Security and Privacy (ICISSP), Funchal, Madeira, Portugal, Jan. 2018, pp. 108-116, doi: 10.5220/0006639801080116.