Improving Protection Of Web Applications Through A Machine Learning–Based Firewall Framework

Abstract

Web applications are a prime target for cyberattacks such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and distributed denial-of-service (DDoS). Traditional Web Application Firewalls (WAFs), which rely on static rule-based methods, are effective against known threats but often fail to detect zero-day exploits and adaptive attack patterns. To address these limitations, this study introduces a Machine Learning–Driven Web Application Firewall (ML-WAF) that combines rule-based filtering, feature-aware traffic analysis, and a new Hybrid Feature-Aware Neural Ensemble (HyFANE) model. HyFANE integrates Random Forest, Gradient Boosting, and a lightweight Deep Neural Network with adaptive weighting to enhance detection accuracy while reducing false positives. The framework was tested across multiple datasets, including CSIC 2010, CICIDS 2017, and a custom dataset simulating SQLi, XSS, CSRF, and DDoS traffic. Results show that ML-WAF with HyFANE achieves outstanding performance: 96.8% accuracy, 95.3% precision, 94.6% recall, and a 4.3% false positive rate outperforming rule-based WAFs, Random Forest, CNN-WAF, and LSTM-WAF baselines. These results confirm that ensemble learning and adaptive feature selection significantly improve the protection of web applications against evolving threats.