After you add a website to Web Application Firewall (WAF), you can enable the deep learning engine feature for your website. The deep learning engine is developed based on the deep neural network system of Alibaba Cloud. The feature performs classification training on all web attack data and normal business data in the cloud. This way, potential attacks can be blocked in real time.
Prerequisites
- A WAF instance is purchased. The instance must reside in the Chinese mainland and run the Business edition or higher.
For more information, see Purchase a WAF instance.
- Your website is added to WAF.
For more information, see Tutorial.
Background information
Web attack methods keep evolving as the Internet develops. Traditional single-method protection no longer meets the security requirements of complex Internet services. Collaborative protection that uses multiple detection engines is more effective.
Based on massive operations data of Alibaba Cloud, the deep learning engine trains models for normal web applications and identifies abnormalities in these models. The engine also refines attack models from various web application attacks. The deep learning engine uses these models to detect zero-day vulnerabilities. When WAF is used to prevent web attacks, protected traffic is forwarded to the protection rules engine. Then, the traffic is forwarded to the deep learning engine. The two engines complement each other.
Scenarios
The deep learning engine scans for web requests that have weak attack characteristics rather than HTTP flood attacks. If you have more precise requirements on web attack protection, we recommend that you enable the deep learning engine.
The protection rules engine uses strong regular expression rules. The engine provides optimal protection against requests that have strong attack characteristics. The protection rules engine may fail to detect risks from requests that have weak attack characteristics, such as cross-site scripting (XSS) attacks. The engine may also fail to detect these attacks even in strict mode. In this case, you can enable the deep learning engine to identify and block requests that have weak attack characteristics and cannot be detected based on strict rules of the protection rules engine.