Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/thirt33n/grindwall

ML Based Firewall System
https://github.com/thirt33n/grindwall

ada-boost-classifier firewall machine-learning ml ml-based-firewall monitoring network network-security random-forest waf web web-app-firewall web-security

Last synced: 4 months ago
JSON representation

ML Based Firewall System

Awesome Lists containing this project

README 

          
# GRINDWALL 



## ML based Firewall System



## Description:






Grindwall is an ML based Firewall System that uses a machine learning model to filter out bad or malicious requests to the server.






  • Each model uses a specefic classification algorithm to determine the nature of incoming packets and classifies them on the basis of the vulnerability that the request tries to exploit.

    • 

  • Bad Packets are dropped by the server and the client is displayed with a message.

    • 


    ## Contents:
    


      

        
      Datasets
      

    1. full_xss_sqli_dataset.csv =  Dataset for training the model - Version 1

      2. 

    2. version_4_full.csv - Full dataset for Version 4(includes cmdi)

      3. 

    3. new_specs_dataset.csv - Dataset for classifying according to vulnerability.
      


        
      Scripts
      


      

      

      4. 

    4. network_sec.ipynb = Notebook file used for creating the model and other operations related to ML

      5. 

    5. grindwall.py = Main Script used to setup the firewall

      6. 

    6. requirements.txt = Python Requirements for running the script

      7. 

    7. test.csv = Dataset used for testing the model

      8. 

    8. gring_gui.py = Scipt to run Grindwall as GUI

        

        
      Models
      

        

      9. 

    9. model1_grindwall.pkl  = The saved model checkpoint which is loaded into the script for use in the firewall, only filters sqli - Uses Random Forest Classifier

      10. 

    10. model2_grindwall = The saved model Checkpoint, which filters sql injections and XSS payloads - Uses Ada Boost Classifier

      11. 

    11. model3_grindwall = Saved Model checkpoint that filters on the basis of the vulnerability that the packet tries to exploit; "sqli","xss" or "good"- Uses Random Forest Classifier 
      12. 

    12. model4_grindwall = Saved Model checkpoint that filters on the basis of the vulnerability that the packet tries to exploit; "sqli","xss","cmdi" or "good" - Uses Light Gradient Boosting Machine  Classification
      13. 

        
      Wordlists
      

    13. sqlInjection.txt = Wordlist containing payloads for SQL injection attacks used for dataset preparation

      14. 

    14. xss_payloads.txt = Wordlist containing XSS payloads

      15. 

    15. cmdi_payloads.txt = Wordlist containing cmdi payloads
      


      16. 

    


    ## Installation And Working
    


    * Clone this Repo

    Install the requirements using the command 

     ```python

     pip install -r requirements.txt  

     ```

    * Once dependencies are installed run 
    


    ```python 

    python cli.py

    ```

    ![Grindwall CLI](images/image.png)
    


  • Alternatively you can also run the GUI version of Grindwall using :
    


    ```python

    python gring_gui.py

    ```
    


    grindwall GUI



    

  •  Once the firewall is up and running configure your browser or computer to utilize proxy server running on port 1234 ( You can change this setting in grindwall.py file). 
    

    You can  use windows proxy settings by accessing 
    

    Settings > Network And Internet > Proxy > Enable proxy with 



    

    Address - 127.0.0.1


    Port - 1234



    

    Or you can use extensions like Foxy Proxy to use a proxy server for just your browser.
    


  • Once your browser is configured to listen using the proxy server, all your requests pass through the ML model, which determines if your request is malicious or not and alerts you by dropping the packet.
    


  •  You can view all the outgoing requests in the terminal and log file.



    

    Good Requests


    

  • Any malicious requests will be returned with the 'bad' classification and the following message will be displayed.


    

    Block message


    

  • The terminal log displays the prediction label according to the vulnerability


    

    Terminal Information
    


    ## Video Demo:
    


    https://github.com/thirt33n/Grindwall/assets/55974622/d291bbde-9870-42e9-905c-1259271b47fd
    


    ## Future Implementations:
    


    ### Support for other Web Vulnerabilities Including 
    


  •  Cross Site Scripting = Completed

  •  Command Injections = Completed

  •  Support For HTTPS connections

  •  Comprehensive GUI

  • Analytics
    


    •