Volume 1 - Issue 4, November - December 2025

Web Application Firewalls (WAFs) are essential defensive controls, but evolving evasion techniques reduce their effectiveness. This analytical research compares results derived from publicly available bypass datasets with a curated project dataset collected in a controlled environment. We evaluate detection performance across signature, normalization, and machine-learning based detectors, quantify differences in attack distributions, and analyze causes for detection gaps. Our findings show that the project dataset contains a higher proportion of obfuscated encodings and protocol level evasions, leading to lower baseline detection by signature-based systems (drop of 28% relative). Incorporating normalization and behavioral models improves detection parity (ensemble F1 = 0.95) while maintaining acceptable overhead. This paper is analytical and comparative in nature; implementation details are reserved for the final paper.