Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks

Muhusina Ismail, Saed Alrabaee, Saad Harous, Kim Kwang Raymond Choo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Web applications remain a significant attack vector for cybercriminals seeking to exploit application vulnerabilities and gain unauthorized access to privileged data. In this research, we evaluate the efficacy of eight supervised machine learning algorithms - Naive Bayes, Decision Tree, AdaBoost, Random Forest, Logistic Regression, K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Artificial Neural Network (ANN) - in detecting and countering web application attacks. Our results indicate that KNN and Random Forest classifiers achieve an accuracy rate of 89% and an area under the curve of 94% on the CSIC HTTP dataset, a commonly used benchmark in the field. Meanwhile, the Naive Bayes classifier proves the most efficient, taking the least computational time when differentiating between malicious and benign HTTP requests. These findings may help direct future efforts towards more efficient, machine learning-driven defenses against web application attacks.

Original languageEnglish
Title of host publicationFuture Access Enablers for Ubiquitous and Intelligent Infrastructures - 7th EAI International Conference, FABULOUS 2023, Proceedings
EditorsDragan Perakovic, Lucia Knapcikova
PublisherSpringer Science and Business Media Deutschland GmbH
Pages99-116
Number of pages18
ISBN (Print)9783031500503
DOIs
Publication statusPublished - 2024
Event7th EAI International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, EAI FABULOUS 2023 - Bratislava, Slovakia
Duration: Oct 24 2023Oct 26 2023

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume542 LNICST
ISSN (Print)1867-8211
ISSN (Electronic)1867-822X

Conference

Conference7th EAI International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, EAI FABULOUS 2023
Country/TerritorySlovakia
CityBratislava
Period10/24/2310/26/23

Keywords

  • Machine Learning
  • Web Attacks
  • Web Vulnerabilities

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks'. Together they form a unique fingerprint.

Cite this