A Closer Look at SWAP’s Logic-Based Detection Engine

Home / Announcements / Feature Updates / A Closer Look at SWAP’s Logic-Based Detection Engine

Background: How did SWAP come to be?

As many are aware, Cloudbric entered the web application security field with the support of Penta Security Systems, Asia’s top cybersecurity vendor. Cloudbric spun off as its own independent cloud security company bringing over 20 years of IT experience. Now, we offer SWAP (Smart Web Application Security), DDoS protection, and SSL-as-a-service together as a cloud-based solution for complete web protection.  

swap waf ddos sslSWAP provides industry-leading detection precision thanks to our proprietary logic analysis engine.  This logic-based detection engine relies on the patented technology known as COCEP (COntents Classification and Evaluation Processing), developed by in-house security developers.

How does the logic-based detection engine work?

COCEP is simply a means to perform a web application layer interpretation and verification based on heuristic analysis, semantic analysis, and pattern matching mechanisms using 27 detections “rules,” or policies. 

waf engine detectionPattern Matching, Semantic, and Heuristic Analysis

Pattern matching analysis focuses on detecting and blocking known web attack patterns. It detects attacks by comparing known attack lists to the web application’s incoming traffic. This process is executed using pre-existing white and blacklists of user IP addresses, size of requests, regex, and malicious code.

Meanwhile, semantic analysis focuses on analyzing the context of traffic using a special processing method. This process thereby allows for counteracting against modified web attacks.

And finally, heuristic analysis focuses on the predictive detection and elimination of attacks by using multi-criteria analysis, testing, and verification processes. It also focuses on defining what could most likely be attack patterns by analyzing hacker behavior patterns over a long observation period.

Together, they create the 27 rule sets for SWAP’s logic-based detection engine to precisely detect and block both known and unknown web attacks and modified attacks. These detection rules can be classified as follows:

Heuristic Analysis Semantic Analysis Pattern Matching
Cookie poisoning Cross-site scripting Buffer overflow
IP block Include injection Directory listing
Parameter tampering Invalid HTTP Error handling
Suspicious access Invalid URI Extension filtering
URI access control Parameter tampering File upload
Privacy file filtering Input content filtering
Privacy input filtering IP filtering
Privacy output filtering Request method filtering
Request header filtering Response header filtering
SQL injection User defined pattern
Stealth commanding Web site defacement
Unicode directory traversal

How does the logic-based detection engine differ from other WAF detection engines?

Many WAF (Web Application Firewall) vendors traditionally rely on signature-based pattern-matching techniques, which is not often effective because hackers constantly change their attack methods. 

Meanwhile, the logic-based detection engine works by recognizing the characteristics of hackers and applies that learning to recognize the characteristics of hacking attempts from both incoming and outgoing traffic. 

This is extremely useful because it takes into account the variations in attacks. By using the 27 unique security rulesets to conduct a detailed analysis of web traffic and automatically filters out malicious traffic. 

Low False Positives

swap cloudbric highly rated

Compared to other detection engines that use the pattern-matching techniques, this is considerably faster and churns out lower false positives. Instead of manually matching all the signatures, it recognizes the logic behind attacks and utilizes its logic-based engine to detect and proactively block these attacks.

SWAP also eliminates the need to fine-tune any WAF policy because it uses a proprietary 27-rule set that requires zero constant updates of known signatures of attacks. 

By using signature-less technology, SWAP offers an innovative way to eliminate operational burdens and maintain false positives rates at a minimum low. This logic-based detection engine is one component of SWAP, which also uses AI technology. 

To learn more visit: cloudbric.com/website-security.

Related Posts