TY - JOUR
T1 - A Comprehensive Evaluation of Machine Learning Algorithms for Web Application Attack Detection with Knowledge Graph Integration
AU - Ismail, Muhusina
AU - Alrabaee, Saed
AU - Choo, Kim Kwang Raymond
AU - Ali, Luqman
AU - Harous, Saad
N1 - Publisher Copyright:
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2024.
PY - 2024
Y1 - 2024
N2 - The capability to accurately detect web application attacks, especially in a timely fashion, is crucial but remains an ongoing challenge. This study provides an in-depth evaluation of 19 traditional machine learning techniques for detecting web application attacks. The evaluation was conducted across three distinct experiments on refined datasets derived from the HTTPCSIC 2010 dataset. The experiments investigated the performance of these algorithms in different scenarios (e.g., without Knowledge Graph integration, and with KG integration with node2vec feature enhancement). The experimental results revealed that neural network classifiers, notably the Multilayer Perceptron, consistently outperformed other models, achieving accuracy of above 0.90 and maintaining a balanced performance across various metrics. Furthermore, the findings demonstrated that certain algorithms, such as tree-based ensemble methods showed an increase of over 10% in accuracy and Gaussian Process models which exhibited a remarkable improvement in accuracy, rising from 0.84 to 0.99, and in AUC from 0.91 to 1.00, when integrated with the Knowledge Graph, effectively utilizing the additional contextual information. We also found that the KNN classifier demonstrated more than a 16% increase in accuracy. All classifiers showed significant improvements in AUC and other metrics mentioned in our study, indicating that KG integration not only enhances the detection capabilities but also enriches the overall analytical performance of the models. We also observed that linear classifiers and Naive Bayes models generally experienced a decline in performance, highlighting the importance of carefully evaluating the inherent characteristics and capabilities of each algorithm for the web attack detection task.
AB - The capability to accurately detect web application attacks, especially in a timely fashion, is crucial but remains an ongoing challenge. This study provides an in-depth evaluation of 19 traditional machine learning techniques for detecting web application attacks. The evaluation was conducted across three distinct experiments on refined datasets derived from the HTTPCSIC 2010 dataset. The experiments investigated the performance of these algorithms in different scenarios (e.g., without Knowledge Graph integration, and with KG integration with node2vec feature enhancement). The experimental results revealed that neural network classifiers, notably the Multilayer Perceptron, consistently outperformed other models, achieving accuracy of above 0.90 and maintaining a balanced performance across various metrics. Furthermore, the findings demonstrated that certain algorithms, such as tree-based ensemble methods showed an increase of over 10% in accuracy and Gaussian Process models which exhibited a remarkable improvement in accuracy, rising from 0.84 to 0.99, and in AUC from 0.91 to 1.00, when integrated with the Knowledge Graph, effectively utilizing the additional contextual information. We also found that the KNN classifier demonstrated more than a 16% increase in accuracy. All classifiers showed significant improvements in AUC and other metrics mentioned in our study, indicating that KG integration not only enhances the detection capabilities but also enriches the overall analytical performance of the models. We also observed that linear classifiers and Naive Bayes models generally experienced a decline in performance, highlighting the importance of carefully evaluating the inherent characteristics and capabilities of each algorithm for the web attack detection task.
KW - Knowledge graph
KW - Machine learning
KW - Node2vec feature algorithm
KW - Web application attack detection
UR - http://www.scopus.com/inward/record.url?scp=85198928760&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85198928760&partnerID=8YFLogxK
U2 - 10.1007/s11036-024-02367-z
DO - 10.1007/s11036-024-02367-z
M3 - Article
AN - SCOPUS:85198928760
SN - 1383-469X
JO - Mobile Networks and Applications
JF - Mobile Networks and Applications
ER -