PATTERN Cited by 1 source
ML anomaly scoring over signature matching¶
Intent¶
Detect novel attack variants — including those generated by frontier AI models — without requiring a signature for each specific exploit.
Problem¶
Signature-based WAF rules work when novel exploits are scarce and variations take weeks. Frontier models can produce thousands of adapted variants that probe around known signatures. Traditional SLAs (12 hours from PoC to rule) are too slow when discovery is automated.
Solution¶
Train an ML model on historical attack traffic to recognise the structural shape of attacks rather than specific payloads. Score every request on a continuous scale (e.g., 1–99) by similarity to known attack shapes. Novel SQLi, RCE, or XSS chains are rearrangements of shapes the model has already seen — caught before a CVE or signature exists.
Trade-offs¶
- Pro: catches zero-day variants and AI-generated mutations
- Pro: runs continuously on all traffic (not reactive to disclosures)
- Con: false-positive risk on edge cases (tunable via score threshold)
- Con: model must be retrained as attack shapes evolve
- Con: still layers with signatures (not a replacement) — belt-and-braces
Production example¶
Cloudflare WAF Attack Score: model assigns 1–99, lower = more suspicious. Runs on every request. Same methodology extended to AI prompts ("AI Security for Apps") — scoring structural similarity to known attack prompts.
(Source: sources/2026-06-09-cloudflare-defend-against-frontier-cyber-models)