Full Text PDF
Impact Factor (2025): 6.9
DOI Prefix: 10.47001/IRJIET
Impact Factor (2025): 6.9
DOI Prefix: 10.47001/IRJIET
Vol 10 No 5 (2026): Volume 10, Issue 5, May 2026 | Pages: 456-466
International Research Journal of Innovations in Engineering and Technology
OPEN ACCESS | Research Article | Published Date: 25-05-2026
Web applications are continuously exposed to cyber threats such as SQL Injection (SQLi), Cross-Site Scripting (XSS), Command Injection, and Distributed Denial of Service (DDoS) attacks. Traditional Web Application Firewalls (WAFs) mainly rely on rule-based and signature-based detection methods, which are often ineffective against modern obfuscated and zero-day attacks. This project presents a Transformer-Based End-to-End Web Application Firewall Pipeline that uses Deep Learning and Natural Language Processing (NLP) techniques for intelligent attack detection and prevention. The proposed system utilizes DistilBERT, a lightweight Transformer model, to analyze HTTP request payloads and classify them as benign or malicious using contextual understanding. The framework automates request interception, preprocessing, tokenization, attack classification, logging, monitoring, and response handling. Unlike traditional WAF systems, the proposed model performs semantic and contextual analysis of HTTP requests, enabling accurate detection of sophisticated attacks such as SQL Injection and Cross-Site Scripting. The proposed system improves attack detection accuracy, reduces false positives, and supports scalable real-time deployment using Spring Boot and Flask frameworks. Experimental results demonstrate that the Transformer- based approach outperforms traditional machine learning techniques due to its superior contextual learning capability, highlighting the importance of Deep Learning and NLP techniques in modern cybersecurity applications.
Transformer-based WAF, Web Security, Deep Learning, NLP, DistilBERT, Cybersecurity, Attack Detection, HTTP Request Analysis.
G.S.S. Likhita Annamraju, G. Sreekar, & R. Mohan Krishna Ayyappa. (2026). Transformer-Based End-to-End Web Application Firewall Pipeline. International Research Journal of Innovations in Engineering and Technology - IRJIET, 10(5), 456-466. Article DOI https://doi.org/10.47001/IRJIET/2026.105063
This work is licensed under Creative common Attribution Non Commercial 4.0 Internation Licence
Kim S. and Lee J., “SVM-Based SQL Injection Detection Using Query Structure Analysis,” Journal of Information Security, 2019.
Min Du et al., “DeepLog: Anomaly Detection and Diagnosis from System Logs Using Deep Learning,” ACM CCS, 2017.
Fabrice Valeur, Darren Mutz, and Giovanni Vigna, “A Learning-Based Approach to the Detection of SQL Attacks,” DIMVA, 2005.
Robin Sommer and Vern Paxson, “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection,” IEEE Symposium on Security and Privacy, 2010.
Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova, “BERT: Pretraining of Deep Bidirectional Transformers for Language Understanding,” NAACL, 2019.
Victor Sanh et al., “DistilBERT: A Distilled Version of BERT,” arXiv, 2019.
Bhavya Nagpal, Neha Sharma, Nitin Chauhan, and Ajay Panesar, “A Survey on Web Application Security,” International Journal of Computer Applications, 2017.
Yong Cui et al., “Deep Learning-Based Web Attack Detection System,” IEEE Access, 2021.
OWASP Foundation, “OWASP Top 10 Web Application Security Risks,” 2021.
Uwagbole Sunday et al., “A Machine Learning Approach for SQL Injection Detection,” International Conference on Computational Science and Engineering, 2017.
Wenke Lee and Salvatore Stolfo, “Data Mining Approaches for Intrusion Detection,” USENIX Security Symposium, 1998.
Christian Bockermann et al., “Adaptive Intrusion Detection Using Machine Learning,” International Workshop on Security and Artificial Intelligence, 2009.
Tasevski V. and Jakimoski K., “SQL Injection Prevention Using Web Application Security Techniques,” International Journal of Computer Science and Information Security, 2014.
Rupali Wagh and Pratik Chavhan, “Machine Learning Techniques for Web Application Attack Detection,” International Journal of Advanced Research in Computer Science, 2020.