Web Application Firewall (Intrusion Detection System) built for a live open source vulnerability website (demo.testfire.net). The data is collected from Acunetix scans (web crawling and high SQL injection vulnerability scans) of the target website. BurpSuite is used as a proxy for these scans. The logs from BurpSuite are cleaned and used as the custom training dataset for the ML model.
Machine Learning (K means clustering) is used to classify whether a live HTTP request made to the website is legitimate or a malicious SQL Injection.
When the query “hello” is typed, a legitimate request is detected
When the query “1234” is typed, a legitimate request is detected
When the query “' UNION SELECT sum(columnname ) from tablename –" is typed, SQL injection attack is detected


