Traditional Web Application Firewalls (WAFs) rely on manually configured OWASP Core Rule Set (CRS) rules, leading to suboptimal trade-offs between SQL injection (SQLi) detection rate and false positive rate, and vulnerability to adversarial SQLi attacks. Method: This paper proposes the first automated framework integrating machine learning–driven CRS dynamic configuration with adversarial training. Specifically: (1) a supervised learning model selects optimal rule subsets and learns adaptive weights; (2) robustness is enhanced via gradient-based and query-based adversarial example generation; and (3) the framework is fully integrated into ModSecurity for end-to-end deployment. Results: Experiments demonstrate a 30% improvement in SQLi detection rate, near-zero false positives, and a 50% reduction in CRS rule count. The framework achieves an 85% defense success rate against diverse adversarial SQLi attacks, significantly enhancing WAF adaptability and resilience to evasion.

Many Web Application Firewalls (WAFs) leverage the OWASP CRS to block incoming malicious requests. The CRS consists of different sets of rules designed by domain experts to detect well-known web attack patterns. Both the set of rules and the weights used to combine them are manually defined, yielding four different default configurations of the CRS. In this work, we focus on the detection of SQLi attacks, and show that the manual configurations of the CRS typically yield a suboptimal trade-off between detection and false alarm rates. Furthermore, we show that these configurations are not robust to adversarial SQLi attacks, i.e., carefully-crafted attacks that iteratively refine the malicious SQLi payload by querying the target WAF to bypass detection. To overcome these limitations, we propose (i) using machine learning to automate the selection of the set of rules to be combined along with their weights, i.e., customizing the CRS configuration based on the monitored web services; and (ii) leveraging adversarial training to significantly improve its robustness to adversarial SQLi manipulations. Our experiments, conducted using the well-known open-source ModSecurity WAF equipped with the CRS rules, show that our approach, named ModSec-AdvLearn, can (i) increase the detection rate up to 30%, while retaining negligible false alarm rates and discarding up to 50% of the CRS rules; and (ii) improve robustness against adversarial SQLi attacks up to 85%, marking a significant stride toward designing more effective and robust WAFs. We release our open-source code at https://github.com/pralab/modsec-advlearn.