{"info":{"_postman_id":"3ee6f13e-e6cd-406c-9615-0fe68cd98751","name":"Spherical Defence AI WAF","description":"<html><head></head><body><p>Spherical Defence is WAF powered by Deep Learning and Linguistics. The system learns normal in a completely unsupervised manner, and detects anomalies by detecting deviations from the baseline. Spherical Defence can learn and evaluate on complex tree-based JSON Objects.</p>\n<p>In this demo, we have trained our deep learning models on normal CSIC web application traffic. We don't train our models on any attacks. </p>\n<p>The system creates embeddings of requests in a 150 dimension space, and creates clusters of normal requests. We can detect anomalies by measuring distance from normal clusters. </p>\n<p>We've provided examples of normal and anomalous request to trial the system. Users can evaluate the efficacy of the system by sending normal and anomalous requests to the server. </p>\n<h1 id=\"trained-model\">Trained Model</h1>\n<p>We have trained on a web application that contains the following parameters in the request body:</p>\n<ul>\n<li>method: \"PUT\" or \"GET\" or \"DELETE\" or \"POST\" </li>\n<li>url: \"/api/Order\"</li>\n<li>id: Of form \"14jcA2ZW-IQFz-fpss-W0NQ-7gAwlJHk\" with random chars</li>\n<li>first: A lot of different names</li>\n<li>last: A lot of different names </li>\n<li>age: random int between 0-85 </li>\n<li>address: Random street name</li>\n<li>state: \"CA\"</li>\n<li>city: \"San Francisco\"</li>\n<li>origin: Random IP of form \"48.36.0.198\"</li>\n<li>status: \"200\"</li>\n<li>Content-Length: random int between 200-400</li>\n<li>Accept-Language: \"en-US,en;q=0.8\"</li>\n<li>Content-Type: \"aplication/json,<em>/</em>;q=0.1\"</li>\n<li>Accept\": \"application/json\"</li>\n<li>Accept-Encoding: \"deflate\"</li>\n<li>X-Forwarded-Port: Random port num of form \"5263\"</li>\n<li>Host: \"wwi.microsoft.org\"</li>\n<li>Cookies: Randomised Tokens</li>\n</ul>\n</body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[{"content":"Trained Model","slug":"trained-model"}],"owner":"8436769","collectionId":"3ee6f13e-e6cd-406c-9615-0fe68cd98751","publishedId":"SVYxovhq","public":true,"customColor":{"right-sidebar":"303030","highlight":"EF5B25","top-bar":"FFFFFF"},"publishDate":"2019-08-16T10:33:31.000Z"},"item":[{"name":"Normal Request - 1","id":"8c0ba9c5-a302-4e49-bbc7-4d066b56be55","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n    \"method\": \"PUT\",\n    \"url\": \"/api/Order\",\n    \"id\": \"HVRwQMpb-QBWl-fRj7-aC0u-9wP4qS4H\",\n    \"body\": {\n        \"names\": {\n            \"first\": \"felipa\",\n            \"second\": \"wiggins\"\n        },\n        \"age\": \"67\",\n        \"address\": \"venusst\",\n        \"state\": \"CA\",\n        \"city\": \"San Francisco\"\n    },\n    \"origin\": \"108.119.5.22\",\n    \"status\": \"200\",\n    \"headers\": {\n        \"Content-Length\": \"283\",\n        \"Accept-Language\": \"en-US,en;q=0.8\",\n        \"Content-Type\": \"aplication/json,*/*;q=0.1\",\n        \"Accept\": \"application/json\",\n        \"Accept-Encoding\": \"deflate\",\n        \"X-Forwarded-Port\": \"9697\",\n        \"Host\": \"wwi.microsoft.org\",\n        \"Cookies\": [\n            {\n                \"ASP.NET_SessionID\": \"HVRwQMpb-QBWl-fRj7-aC0u-9wP4qS4H\"\n            },\n            {\n                \"vk\": \"HVRwQMpb-QBWl-fRj7-aC0u-9wP4qS4H\"\n            }\n        ]\n    }\n}"},"url":"medium.sphericaldefence.com/evaluate","description":"<p>This is a normal web request which is packaged into JSON to be analysed by Spherical Defence. The request contains normal data for the URL, id, name, age, origin and headers.</p>\n","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"8c0ba9c5-a302-4e49-bbc7-4d066b56be55"},{"name":"Normal Request - 2","id":"e8c91d45-4250-4152-9d65-05be8a616287","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n    \"method\": \"PUT\",\n    \"url\": \"/api/Order\",\n    \"id\": \"J9LL4RaW-vJbM-6APn-ypxK-9tdsPEKw\",\n    \"body\": {\n        \"names\": {\n            \"first\": \"netty\",\n            \"second\": \"petersen\"\n        },\n        \"age\": \"21\",\n        \"address\": \"blackstonect\",\n        \"state\": \"CA\",\n        \"city\": \"San Francisco\"\n    },\n    \"origin\": \"214.59.185.216\",\n    \"status\": \"200\",\n    \"headers\": {\n        \"Content-Length\": \"279\",\n        \"Accept-Language\": \"en-US,en;q=0.8\",\n        \"Content-Type\": \"aplication/json,*/*;q=0.1\",\n        \"Accept\": \"application/json\",\n        \"Accept-Encoding\": \"deflate\",\n        \"X-Forwarded-Port\": \"8651\",\n        \"Host\": \"wwi.microsoft.org\",\n        \"Cookies\": [\n            {\n                \"ASP.NET_SessionID\": \"J9LL4RaW-vJbM-6APn-ypxK-9tdsPEKw\"\n            },\n            {\n                \"vk\": \"J9LL4RaW-vJbM-6APn-ypxK-9tdsPEKw\"\n            }\n        ]\n    }\n}"},"url":"medium.sphericaldefence.com/evaluate","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"e8c91d45-4250-4152-9d65-05be8a616287"},{"name":"Normal Request - 3","id":"a948ef46-c563-40f3-a200-4cf6e780ef3b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\"method\": \"PUT\", \"url\": \"/api/Order\", \"id\": \"QQbtPUxF-ZWD4-JRID-jVBZ-vQLR5QvL\", \"body\": {\"names\": {\"first\": \"elena\", \"second\": \"berger\"}, \"age\": \"43\", \"address\": \"meachampl\", \"state\": \"CA\", \"city\": \"San Francisco\"}, \"origin\": \"223.155.149.168\", \"status\": \"200\", \"headers\": {\"Content-Length\": \"239\", \"Accept-Language\": \"en-US,en;q=0.8\", \"Content-Type\": \"aplication/json,*/*;q=0.1\", \"Accept\": \"application/json\", \"Accept-Encoding\": \"deflate\", \"X-Forwarded-Port\": \"8532\", \"Host\": \"wwi.microsoft.org\", \"Cookies\": [{\"ASP.NET_SessionID\": \"QQbtPUxF-ZWD4-JRID-jVBZ-vQLR5QvL\"}, {\"vk\": \"QQbtPUxF-ZWD4-JRID-jVBZ-vQLR5QvL\"}]}}\n"},"url":"medium.sphericaldefence.com/evaluate","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"a948ef46-c563-40f3-a200-4cf6e780ef3b"},{"name":"Normal Request - 4","id":"f470305c-6d57-4050-aec0-def60e18758b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n    \"method\": \"PUT\",\n    \"url\": \"/api/Order\",\n    \"id\": \"yeHsbxPb-9MVx-x9R5-JCrC-juFoAdbk\",\n    \"body\": {\n        \"names\": {\n            \"first\": \"fidelia\",\n            \"second\": \"glover\"\n        },\n        \"age\": \"42\",\n        \"address\": \"oloranave\",\n        \"state\": \"CA\",\n        \"city\": \"San Francisco\"\n    },\n    \"origin\": \"160.214.206.137\",\n    \"status\": \"200\",\n    \"headers\": {\n        \"Content-Length\": \"301\",\n        \"Accept-Language\": \"en-US,en;q=0.8\",\n        \"Content-Type\": \"aplication/json,*/*;q=0.1\",\n        \"Accept\": \"application/json\",\n        \"Accept-Encoding\": \"deflate\",\n        \"X-Forwarded-Port\": \"9610\",\n        \"Host\": \"wwi.microsoft.org\",\n        \"Cookies\": [\n            {\n                \"ASP.NET_SessionID\": \"yeHsbxPb-9MVx-x9R5-JCrC-juFoAdbk\"\n            },\n            {\n                \"vk\": \"yeHsbxPb-9MVx-x9R5-JCrC-juFoAdbk\"\n            }\n        ]\n    }\n}"},"url":"medium.sphericaldefence.com/evaluate","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"f470305c-6d57-4050-aec0-def60e18758b"},{"name":"Normal Request - 5","id":"92ff6c38-6d9d-4933-b07d-8c74ad1b3e0a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n    \"method\": \"POST\",\n    \"url\": \"/api/Order\",\n    \"id\": \"Y8tL1zsZ-idtW-AhDF-FPtq-EYsVwEhk\",\n    \"body\": {\n        \"names\": {\n            \"first\": \"adriaens\",\n            \"second\": \"king\"\n        },\n        \"age\": \"64\",\n        \"address\": \"candlestickpointsra\",\n        \"state\": \"CA\",\n        \"city\": \"San Francisco\"\n    },\n    \"origin\": \"129.31.240.200\",\n    \"status\": \"200\",\n    \"headers\": {\n        \"Content-Length\": \"238\",\n        \"Accept-Language\": \"en-US,en;q=0.8\",\n        \"Content-Type\": \"aplication/json,*/*;q=0.1\",\n        \"Accept\": \"application/json\",\n        \"Accept-Encoding\": \"deflate\",\n        \"X-Forwarded-Port\": \"9898\",\n        \"Host\": \"wwi.microsoft.org\",\n        \"Cookies\": [\n            {\n                \"ASP.NET_SessionID\": \"Y8tL1zsZ-idtW-AhDF-FPtq-EYsVwEhk\"\n            },\n            {\n                \"vk\": \"Y8tL1zsZ-idtW-AhDF-FPtq-EYsVwEhk\"\n            }\n        ]\n    }\n}"},"url":"medium.sphericaldefence.com/evaluate","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"92ff6c38-6d9d-4933-b07d-8c74ad1b3e0a"},{"name":"Anomalous Request - SQL Injection","id":"6f45bcbb-cf7f-4613-b5cc-1a199a21447b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n    \"method\": \"PUT\",\n    \"url\": \"/api/Order\",\n    \"id\": \"HVRwQMpb-QBWl-fRj7-aC0u-9wP4qS4H\",\n    \"body\": {\n        \"names\": {\n            \"first\": \"Felipa)%20or%20('x'='x\\\",\",\n            \"second\": \"Wiggins\"\n        },\n        \"age\": \"67\",\n        \"address\": \"venusst\",\n        \"state\": \"CA\",\n        \"city\": \"San Francisco\"\n    },\n    \"origin\": \"108.119.5.22\",\n    \"status\": \"200\",\n    \"headers\": {\n        \"Content-Length\": \"283\",\n        \"Accept-Language\": \"en-US,en;q=0.8\",\n        \"Content-Type\": \"aplication/json,*/*;q=0.1\",\n        \"Accept\": \"application/json\",\n        \"Accept-Encoding\": \"deflate\",\n        \"X-Forwarded-Port\": \"9697\",\n        \"Host\": \"wwi.microsoft.org\",\n        \"Cookies\": [\n            {\n                \"ASP.NET_SessionID\": \"HVRwQMpb-QBWl-fRj7-aC0u-9wP4qS4H\"\n            },\n            {\n                \"vk\": \"HVRwQMpb-QBWl-fRj7-aC0u-9wP4qS4H\"\n            }\n        ]\n    }\n}"},"url":"medium.sphericaldefence.com/evaluate","description":"<p>This request contains a SQL Injection in the name.first as %20or%20('x'='x  </p>\n<p>A normal first name would be Andrew</p>\n","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"6f45bcbb-cf7f-4613-b5cc-1a199a21447b"},{"name":"Anomalous Request - SQL Injection - HTTP Parameter Pollution","id":"db9ae2f2-80f8-4048-8eb9-21fc141fea93","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n    \"method\": \"PUT\",\n    \"url\": \"/api/Order\",\n    \"id\": \"J9LL4RaW-vJbM-6APn-ypxK-9tdsPEKw\",\n    \"body\": {\n        \"names\": {\n            \"first\": \"netty%27%20drop%20\",\n            \"second\": \"*/table%20dbo.users\"\n        },\n        \"age\": \"21\",\n        \"address\": \"blackstonect\",\n        \"state\": \"CA\",\n        \"city\": \"San Francisco\"\n    },\n    \"origin\": \"214.59.185.216\",\n    \"status\": \"200\",\n    \"headers\": {\n        \"Content-Length\": \"279\",\n        \"Accept-Language\": \"en-US,en;q=0.8\",\n        \"Content-Type\": \"aplication/json,*/*;q=0.1\",\n        \"Accept\": \"application/json\",\n        \"Accept-Encoding\": \"deflate\",\n        \"X-Forwarded-Port\": \"8651\",\n        \"Host\": \"wwi.microsoft.org\",\n        \"Cookies\": [\n            {\n                \"ASP.NET_SessionID\": \"J9LL4RaW-vJbM-6APn-ypxK-9tdsPEKw\"\n            },\n            {\n                \"vk\": \"J9LL4RaW-vJbM-6APn-ypxK-9tdsPEKw\"\n            }\n        ]\n    }\n}"},"url":"medium.sphericaldefence.com/evaluate","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"db9ae2f2-80f8-4048-8eb9-21fc141fea93"},{"name":"Anomalous Request - Cross Site Scripting","id":"4ea82d59-a0ae-4b51-8473-79e3ae144656","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n    \"method\": \"PUT\",\n    \"url\": \"/api/Order\",\n    \"id\": \"QQbtPUxF-ZWD4-JRID-jVBZ-vQLR5QvL\",\n    \"body\": {\n        \"names\": {\n            \"first\": \"elena\",\n            \"second\": \"berger%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E\"\n       \n        },\n        \"age\": \"43\",\n        \"address\": \"meachampl\",\n        \"state\": \"CA\",\n        \"city\": \"San Francisco\"\n    },\n    \"origin\": \"223.155.149.168\",\n    \"status\": \"200\",\n    \"headers\": {\n        \"Content-Length\": \"239\",\n        \"Accept-Language\": \"en-US,en;q=0.8\",\n        \"Content-Type\": \"aplication/json,*/*;q=0.1\",\n        \"Accept\": \"application/json\",\n        \"Accept-Encoding\": \"deflate\",\n        \"X-Forwarded-Port\": \"8532\",\n        \"Host\": \"wwi.microsoft.org\",\n        \"Cookies\": [\n            {\n                \"ASP.NET_SessionID\": \"QQbtPUxF-ZWD4-JRID-jVBZ-vQLR5QvL\"\n            },\n            {\n                \"vk\": \"QQbtPUxF-ZWD4-JRID-jVBZ-vQLR5QvL\"\n            }\n        ]\n    }\n}"},"url":"medium.sphericaldefence.com/evaluate","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"4ea82d59-a0ae-4b51-8473-79e3ae144656"},{"name":"Anomalous Request - Remote File Inclusion","id":"e4f3cfbf-b61a-4685-bc5f-602849ef1749","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n    \"method\": \"PUT\",\n    \"url\": \"/api/Order || ping -c 10 127.0.0.1 ; x || ping -n 10 127.0.0.1 &\",\n    \"id\": \"yeHsbxPb-9MVx-x9R5-JCrC-juFoAdbk\",\n    \"body\": {\n        \"names\": {\n            \"first\": \"fidelia\",\n            \"second\": \"glover\"\n        },\n        \"age\": \"42\",\n        \"address\": \"oloranave\",\n        \"state\": \"CA\",\n        \"city\": \"San Francisco\"\n    },\n    \"origin\": \"160.214.206.137\",\n    \"status\": \"200\",\n    \"headers\": {\n        \"Content-Length\": \"301\",\n        \"Accept-Language\": \"en-US,en;q=0.8\",\n        \"Content-Type\": \"aplication/json,*/*;q=0.1\",\n        \"Accept\": \"application/json\",\n        \"Accept-Encoding\": \"deflate\",\n        \"X-Forwarded-Port\": \"9610\",\n        \"Host\": \"wwi.microsoft.org\",\n        \"Cookies\": [\n            {\n                \"ASP.NET_SessionID\": \"yeHsbxPb-9MVx-x9R5-JCrC-juFoAdbk\"\n            },\n            {\n                \"vk\": \"yeHsbxPb-9MVx-x9R5-JCrC-juFoAdbk\"\n            }\n        ]\n    }\n}"},"url":"medium.sphericaldefence.com/evaluate","urlObject":{"path":["evaluate"],"host":["medium","sphericaldefence","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"e4f3cfbf-b61a-4685-bc5f-602849ef1749"},{"name":"try","id":"a5b08a8a-cdb0-41b4-bc38-47005799f72f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://34.225.79.207:8080/collections/:collection/progress","urlObject":{"protocol":"http","port":"8080","path":["collections",":collection","progress"],"host":["34","225","79","207"],"query":[],"variable":[{"type":"string","value":"continuous","key":"collection"}]}},"response":[],"_postman_id":"a5b08a8a-cdb0-41b4-bc38-47005799f72f"},{"name":"Direct request to NGINX Mirror ","id":"39d9a33a-0219-41c8-8b24-7c1d833741e4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n   \"name\": \"Celia Rice\",\n   \"favourite\": {\n   \t\"buzzword\":\"optimize\",\n    \"product\": \"Intelligent Concrete Shirt\"\n   }"},"url":"http://54.213.208.142","urlObject":{"protocol":"http","host":["54","213","208","142"],"query":[],"variable":[]}},"response":[],"_postman_id":"39d9a33a-0219-41c8-8b24-7c1d833741e4"}],"event":[{"listen":"prerequest","script":{"id":"115b736e-839a-43aa-8630-ce195d9af5b4","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"f2504549-d192-407a-86f3-722b39542ebc","type":"text/javascript","exec":[""]}}]}