-
Do Higher WAF Paranoia Levels Actually Improve Detection?
My MSc dissertation tested ModSecurity CRS 3.3.8 at Paranoia Level 1 and PL2 against 200 structured SQLi and XSS payloads. TPR was identical at 97.0%. The central finding: no PL2-specific rules fired at all. Every difference between configurations was threshold arithmetic.
-
SVM vs LightGBM vs a Neural Net for Static Malware Detection
I compared a linear SVM, LightGBM, and a 3-layer PyTorch MLP on the EMBER 2018 malware dataset under one locked pipeline. LightGBM won outright (F1 0.9474). The surprise was cost: the deep learning model trained in under 10 seconds, while the "simple" SVM took 43 minutes.