公开(公告)号：US11792162B1

公开(公告)日：2023-10-17

申请号：US18161719

申请日：2023-01-30

Applicant: CLOUDFLARE, INC.

Inventor： Vikram Grover ,  Petre Gabriel Gabor ,  Nicholas Mikhail Robert

IPC: H04L9/40 ,  G06F30/27 ,  H04L41/16

CPC classification number: H04L63/0263 ,  G06F30/27 ,  H04L41/16 ,  H04L63/1416

Abstract: A machine learning (ML) based web application firewall (WAF) is described. Transformation(s) are applied to raw data including normalizing and generating a signature over the normalized data. The signature and the normalized data are vectorized to create a first and second vector of integers that are input into an ML model that includes a first stage that operates on the first vector of integers to identify candidate signature tokens that are commonly associated with different classes of attack, and a second stage that operates on the candidate signature tokens and the second vector of integers and conditions attention on the second vector of integers on the candidate signature tokens. The ML model outputs a score that indicates a probability of the raw data being of a type that is malicious. A traffic processing rule is enforced that instructs a WAF to block traffic when the score is above a threshold.

公开(公告)号：US12224987B2

公开(公告)日：2025-02-11

申请号：US18478191

申请日：2023-09-29

Applicant: CLOUDFLARE, INC.

Inventor： Vikram Grover ,  Petre Gabriel Gabor ,  Nicholas Mikhail Robert

IPC: H04L9/40 ,  G06F30/27 ,  H04L41/16

Abstract: A machine learning (ML) based web application firewall (WAF) is described. Transformation(s) are applied to raw data including normalizing and generating a signature over the normalized data. The signature and the normalized data are vectorized to create a first and second vector of integers respectively. The first and second vector of integers are input into an ML model, which outputs a score that indicates a probability of the raw data being of a type that is malicious. A traffic processing rule is enforced that instructs a WAF to block traffic when the score is above a threshold that indicates the raw data is of the type that is malicious.

公开(公告)号：US20240259347A1

公开(公告)日：2024-08-01

申请号：US18478191

申请日：2023-09-29

Applicant: CLOUDFLARE, INC.

Inventor： Vikram Grover ,  Petre Gabriel Gabor ,  Nicholas Mikhail Robert

IPC: H04L9/40 ,  G06F30/27 ,  H04L41/16

CPC classification number: H04L63/0263 ,  G06F30/27 ,  H04L41/16 ,  H04L63/1416

Abstract: A machine learning (ML) based web application firewall (WAF) is described. Transformation(s) are applied to raw data including normalizing and generating a signature over the normalized data. The signature and the normalized data are vectorized to create a first and second vector of integers respectively. The first and second vector of integers are input into an ML model that uses a multiple stage process including a first stage that operates on the first vector of integers to identify candidate signature tokens that are commonly associated with different classes of attack, and a second stage that operates on the candidate signature tokens and the second vector of integers and conditions attention on the second vector of integers on the candidate signature tokens. The ML model outputs a score that indicates a probability of the raw data being of a type that is malicious. A traffic processing rule is enforced that instructs a WAF to block traffic when the score is above a threshold that indicates the raw data is of the type that is malicious.