Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks

Muhusina Ismail; Saed Alrabaee; Saad Harous; Kim Kwang Raymond Choo

doi:10.1007/978-3-031-50051-0_8

Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks

Muhusina Ismail, Saed Alrabaee, Saad Harous, Kim Kwang Raymond Choo

Department of Information System and Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Web applications remain a significant attack vector for cybercriminals seeking to exploit application vulnerabilities and gain unauthorized access to privileged data. In this research, we evaluate the efficacy of eight supervised machine learning algorithms - Naive Bayes, Decision Tree, AdaBoost, Random Forest, Logistic Regression, K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Artificial Neural Network (ANN) - in detecting and countering web application attacks. Our results indicate that KNN and Random Forest classifiers achieve an accuracy rate of 89% and an area under the curve of 94% on the CSIC HTTP dataset, a commonly used benchmark in the field. Meanwhile, the Naive Bayes classifier proves the most efficient, taking the least computational time when differentiating between malicious and benign HTTP requests. These findings may help direct future efforts towards more efficient, machine learning-driven defenses against web application attacks.

Original language	English
Title of host publication	Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings
Editors	Dragan Perakovic, Lucia Knapcikova
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	99-116
Number of pages	18
ISBN (Print)	9783031500503
DOIs	https://doi.org/10.1007/978-3-031-50051-0_8
Publication status	Published - 2024
Event	7th EAI International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, EAI FABULOUS 2023 - Bratislava, Slovakia Duration: Oct 24 2023 → Oct 26 2023

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	542 LNICST
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	7th EAI International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, EAI FABULOUS 2023
Country/Territory	Slovakia
City	Bratislava
Period	10/24/23 → 10/26/23

Keywords

Machine Learning
Web Attacks
Web Vulnerabilities

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-031-50051-0_8

Cite this

Ismail, M., Alrabaee, S., Harous, S., & Choo, K. K. R. (2024). Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks. In D. Perakovic, & L. Knapcikova (Eds.), Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings (pp. 99-116). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 542 LNICST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-50051-0_8

Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks. / Ismail, Muhusina; Alrabaee, Saed ; Harous, Saad et al.
Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings. ed. / Dragan Perakovic; Lucia Knapcikova. Springer Science and Business Media Deutschland GmbH, 2024. p. 99-116 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 542 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ismail, M, Alrabaee, S , Harous, S & Choo, KKR 2024, Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks. in D Perakovic & L Knapcikova (eds), Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 542 LNICST, Springer Science and Business Media Deutschland GmbH, pp. 99-116, 7th EAI International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, EAI FABULOUS 2023, Bratislava, Slovakia, 10/24/23. https://doi.org/10.1007/978-3-031-50051-0_8

Ismail M, Alrabaee S , Harous S, Choo KKR. Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks. In Perakovic D, Knapcikova L, editors, Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 99-116. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-031-50051-0_8

Ismail, Muhusina ; Alrabaee, Saed ; Harous, Saad et al. / Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks. Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings. editor / Dragan Perakovic ; Lucia Knapcikova. Springer Science and Business Media Deutschland GmbH, 2024. pp. 99-116 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{92da682154c64654b1676b653c760fc9,

title = "Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks",

abstract = "Web applications remain a significant attack vector for cybercriminals seeking to exploit application vulnerabilities and gain unauthorized access to privileged data. In this research, we evaluate the efficacy of eight supervised machine learning algorithms - Naive Bayes, Decision Tree, AdaBoost, Random Forest, Logistic Regression, K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Artificial Neural Network (ANN) - in detecting and countering web application attacks. Our results indicate that KNN and Random Forest classifiers achieve an accuracy rate of 89% and an area under the curve of 94% on the CSIC HTTP dataset, a commonly used benchmark in the field. Meanwhile, the Naive Bayes classifier proves the most efficient, taking the least computational time when differentiating between malicious and benign HTTP requests. These findings may help direct future efforts towards more efficient, machine learning-driven defenses against web application attacks.",

keywords = "Machine Learning, Web Attacks, Web Vulnerabilities",

author = "Muhusina Ismail and Saed Alrabaee and Saad Harous and Choo, {Kim Kwang Raymond}",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2024.; 7th EAI International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, EAI FABULOUS 2023 ; Conference date: 24-10-2023 Through 26-10-2023",

year = "2024",

doi = "10.1007/978-3-031-50051-0_8",

language = "English",

isbn = "9783031500503",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "99--116",

editor = "Dragan Perakovic and Lucia Knapcikova",

booktitle = "Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings",

}

TY - GEN

T1 - Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks

AU - Ismail, Muhusina

AU - Alrabaee, Saed

AU - Harous, Saad

AU - Choo, Kim Kwang Raymond

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2024.

PY - 2024

Y1 - 2024

N2 - Web applications remain a significant attack vector for cybercriminals seeking to exploit application vulnerabilities and gain unauthorized access to privileged data. In this research, we evaluate the efficacy of eight supervised machine learning algorithms - Naive Bayes, Decision Tree, AdaBoost, Random Forest, Logistic Regression, K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Artificial Neural Network (ANN) - in detecting and countering web application attacks. Our results indicate that KNN and Random Forest classifiers achieve an accuracy rate of 89% and an area under the curve of 94% on the CSIC HTTP dataset, a commonly used benchmark in the field. Meanwhile, the Naive Bayes classifier proves the most efficient, taking the least computational time when differentiating between malicious and benign HTTP requests. These findings may help direct future efforts towards more efficient, machine learning-driven defenses against web application attacks.

AB - Web applications remain a significant attack vector for cybercriminals seeking to exploit application vulnerabilities and gain unauthorized access to privileged data. In this research, we evaluate the efficacy of eight supervised machine learning algorithms - Naive Bayes, Decision Tree, AdaBoost, Random Forest, Logistic Regression, K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Artificial Neural Network (ANN) - in detecting and countering web application attacks. Our results indicate that KNN and Random Forest classifiers achieve an accuracy rate of 89% and an area under the curve of 94% on the CSIC HTTP dataset, a commonly used benchmark in the field. Meanwhile, the Naive Bayes classifier proves the most efficient, taking the least computational time when differentiating between malicious and benign HTTP requests. These findings may help direct future efforts towards more efficient, machine learning-driven defenses against web application attacks.

KW - Machine Learning

KW - Web Attacks

KW - Web Vulnerabilities

UR - http://www.scopus.com/inward/record.url?scp=85180625821&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85180625821&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-50051-0_8

DO - 10.1007/978-3-031-50051-0_8

M3 - Conference contribution

AN - SCOPUS:85180625821

SN - 9783031500503

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 99

EP - 116

BT - Future Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings

A2 - Perakovic, Dragan

A2 - Knapcikova, Lucia

PB - Springer Science and Business Media Deutschland GmbH

T2 - 7th EAI International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, EAI FABULOUS 2023

Y2 - 24 October 2023 through 26 October 2023

ER -