An enhanced Web Application Firewall Security for real-time DDOS detection using Deep Learning and integrating LSTM models into Modsecurity Firewall

Web applications are the backbone of most digital online services, whereby clients communicate with the server, and enormous amounts of sensitive data are processed in real-time. Consequently, sensitive information may be compromised or become vulnerable to several threats, or it may disrupt information availability, which directly threatens Confidentiality, Integrity, and Availability, causing financial loss, legal consequences, erosion of user trust, or business discontinuity. Based on recent statistics, DDoS attacks represent 61% of web attacks, while traditional web application firewall capabilities haven’t met modern environment needs to effectively and successfully protect web-based applications from DDoS attacks. Therefore, an enhanced WAF is proposed to protect an organization’s web applications and their resources from DDoS attacks. A deep learning approach using an LSTM model (DDoS detection layer) positioned beside the WAF to enhance its capabilities for real-Time DDoS detection. This layer analyzes all incoming traffic to identify the abnormal requests and then feeds its output to the WAF, helping the WAF respond only to legitimate traffic. Thus, both the DDoS layer and the WAF work together to detect and block DDOS attack. The integrated system was tested using evaluation metrics such as accuracy and loss. The results show the ability of the system to process 500–800 requests per second, had a 2–5 ms average response time, and consumed a low amount of computing resources (50–80 MB memory, 10–15% CPU). The drop in the throughput around 20% (to 400–600 req/s), an increase in latency up to 20–30 ms, a rise in memory usage up to 200–300 MB, and a CPU consumption of 25–40%. The tradeoff  was very much worth it because the integration resulted in a significant improvement in detection and security overall efficiency. The experimental results provide evidence that the proposed LSTM models led to a better enhancement in the detection capabilities of the WAF systems over the traditional methods. This approach represents a highly important and practical method of relying upon deep learning for traditional WAF system