AI-Driven Framework WAMM Achieves Near‑Perfect Accuracy in Web Attack Detection

Global: AI-Driven Framework WAMM Achieves Near‑Perfect Accuracy in Web Attack Detection

A novel AI‑driven framework called WAMM has demonstrated the ability to classify web‑based attack traffic with up to 99.59% accuracy, offering a potential alternative to traditional rule‑based web application firewalls (WAFs). The study, presented in an arXiv preprint, evaluates the system against both machine‑learning baselines and the widely deployed OWASP Core Rule Set (CRS).

Limitations of Existing Rule‑Based Defenses

Conventional WAFs rely on static rule sets such as the OWASP CRS, which can miss obfuscated, polymorphic, or zero‑day payloads without extensive manual tuning. This shortfall has motivated research into adaptive detection methods that can keep pace with evolving threat vectors.

WAMM’s Multi‑Phase Data Enhancement Pipeline

The authors constructed a multi‑phase pipeline applied to the SR‑BH 2020 dataset. The pipeline includes large‑scale deduplication, large language model (LLM)‑guided relabeling, realistic attack data augmentation, and LLM‑based filtering, resulting in three refined datasets that better reflect contemporary attack patterns.

Model Evaluation and Performance

Four machine‑learning and deep‑learning models were trained on a unified feature space comprising statistical and text‑based representations. On the augmented, LLM‑filtered dataset, the XGBoost model achieved 99.59% accuracy with inference times measured in microseconds. In contrast, deep‑learning models experienced performance degradation when exposed to noisy augmentation.

Comparison with OWASP CRS

When evaluated against the OWASP CRS using an unseen augmented dataset, WAMM’s detection engine recorded true‑positive block rates ranging from 96% to 100%, representing improvements of up to 86% over the rule‑based baseline.

Implications for Production WAF Environments

The findings suggest that curated training pipelines combined with efficient machine‑learning models can close gaps left by static rule sets, delivering real‑time, resilient protection suitable for deployment in production WAFs.

Future Directions

The authors note that further research will explore broader technology stacks and continuous learning mechanisms to maintain detection efficacy as attack techniques evolve.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.