GRINDWALL

ML based Firewall System

Description:

Grindwall is an ML based Firewall System that uses a machine learning model to filter out bad or malicious requests to the server.

Each model uses a specefic classification algorithm to determine the nature of incoming packets and classifies them on the basis of the vulnerability that the request tries to exploit.

Bad Packets are dropped by the server and the client is displayed with a message.

Contents:

Datasets

1. full_xss_sqli_dataset.csv = Dataset for training the model - Version 1
2. version_4_full.csv - Full dataset for Version 4(includes cmdi)
3. new_specs_dataset.csv - Dataset for classifying according to vulnerability.

   Scripts

   network_sec.ipynb = Notebook file used for creating the model and other operations related to ML

   grindwall.py = Main Script used to setup the firewall

   requirements.txt = Python Requirements for running the script

   test.csv = Dataset used for testing the model

   gring_gui.py = Scipt to run Grindwall as GUI

   Models

   model1_grindwall.pkl = The saved model checkpoint which is loaded into the script for use in the firewall, only filters sqli - Uses Random Forest Classifier

   model2_grindwall = The saved model Checkpoint, which filters sql injections and XSS payloads - Uses Ada Boost Classifier

   model3_grindwall = Saved Model checkpoint that filters on the basis of the vulnerability that the packet tries to exploit; "sqli","xss" or "good"- Uses Random Forest Classifier

   model4_grindwall = Saved Model checkpoint that filters on the basis of the vulnerability that the packet tries to exploit; "sqli","xss","cmdi" or "good" - Uses Light Gradient Boosting Machine Classification

   Wordlists

4. sqlInjection.txt = Wordlist containing payloads for SQL injection attacks used for dataset preparation
5. xss_payloads.txt = Wordlist containing XSS payloads
6. cmdi_payloads.txt = Wordlist containing cmdi payloads

Installation And Working

• Clone this Repo Install the requirements using the command

pip install -r requirements.txt  

• Once dependencies are installed run

python cli.py

Alternatively you can also run the GUI version of Grindwall using :

python gring_gui.py

Once the firewall is up and running configure your browser or computer to utilize proxy server running on port 1234 ( You can change this setting in grindwall.py file).
You can use windows proxy settings by accessing
Settings > Network And Internet > Proxy > Enable proxy with

Address - 127.0.0.1
Port - 1234

Or you can use extensions like Foxy Proxy to use a proxy server for just your browser.

Once your browser is configured to listen using the proxy server, all your requests pass through the ML model, which determines if your request is malicious or not and alerts you by dropping the packet.

You can view all the outgoing requests in the terminal and log file.

Any malicious requests will be returned with the 'bad' classification and the following message will be displayed.

The terminal log displays the prediction label according to the vulnerability

Video Demo:

grindwall_demo.mp4

Future Implementations:

Support for other Web Vulnerabilities Including

Cross Site Scripting = Completed

Command Injections = Completed

Support For HTTPS connections

Comprehensive GUI

Analytics