Web Application Anomaly Detection
The HTTP Anomaly Detection is an extension of Network Traffic Analysis (NTA) and Network Behavior Analysis (NBA) to Web Application Firewall Technology (WAF). Based on HTTP requests, it learns a tree model of the application URLs, including their parameters, even those which are not visible in the address bar (POST) or embedded in the path itself (parameter rewrites).
A total of 15 statistical models and artificial intelligence methods are used for the web application model, including, for example; Markov's Hidden Models (HMMs) to calculate how likely each request is. Based on the weight of each of these methods, the module can determine the resulting hazard score for each individual user of the web application.