Explore the challenges and solutions in using AI to bypass web application firewalls (WAFs) in this Black Hat conference talk. Delve into the three-step workflow of building payload datasets, applying mutation operations, and utilizing heuristic algorithms or reinforcement learning to evade WAFs. Examine two key practical issues: the diversity of payloads and their varying difficulty in bypassing security measures. Learn about innovative approaches to address these challenges, including device and semantic environments, and a core algorithm for more effective WAF evasion. Gain insights into experimental results and the broader implications for cybersecurity research and practice in this 26-minute presentation.
Overview
Syllabus
Introduction
Agenda
Related Works
Key Issues
Our Research
Our Workflow
Our Scheme
Device Environment
Semantic Environment
Core Algorithm
Experimental Results
Taught by
Black Hat