Abstract
Web-based attacks have been more sophisticated and hard to detect in recent years, relying on just using traditional intrusion detection systems may not be enough. In this respect, intrusion detection and prevention systems using Machine learning methods have been important in recent literature. In this paper, we present an experimental study on the effectiveness of Machine learning methods in web intrusion detection. In which, We have investigated and compared four types of ML classifiers often used in the cybersecurity domain: KNN, Decision Tree, Multinomial, and Bernoulli Naive Bayes, SVM Linear, Sigmoid, and RBF. The experimental results based on ECML/PKDD 2007 and CSIC HTTP 2010 dataset showed that SVM RBF and Decision Tree classifiers achieved better performance in terms of Accuracy, Recall, Precision, F-value, FPR, and FNR than others.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aburomman, A.A., Reaz, M.B.I.: A survey of intrusion detection systems based on ensemble and hybrid classifiers (2016). https://doi.org/10.1016/j.cose.2016.11.004
Valentini, G., Masulli, F.: Ensembles of Learning Machines. Springer, Heidelberg (2002). https://doi.org/10.1007/978-1-4419-9326-7
Zhang, M., Xu, B., Bai, S., Lu, S., Lin, Z.: A deep learning method to detect web attacks using a specially designed CNN. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 828–836. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70139-4_84
Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey (2017). https://doi.org/10.1145/3092566
Vartouni, A.M., Teshnehlab, M., Kashi, S.S.: Leveraging deep neural networks for anomaly-based web application firewall. IET Inf. Secur. 13, 352–361 (2019). https://doi.org/10.1049/iet-ifs.2018.5404
Tekerek, A., Gemci, C., Bay, O.F.: Design and implementation of a web-based intrusion prevention system: a new hybrid model. J. Faculty Eng. Arhitect. Gazi Univ. (2016). https://doi.org/10.17341/gummfd.63355
Torrano-Gimenez, C., Nguyen, H.T., Alvarez, G., Franke, K.: Combining expert knowledge with automatic feature extraction for reliable web attack detection (2015). https://doi.org/10.1002/sec.603
Tekerek, A.: A novel architecture for web-based attack detection using convolutional neural network. Comput. Secur. 100, 102096 (2021). https://doi.org/10.1016/j.cose.2020.102096
Choraś, M., Kozik, R.: Machine learning techniques applied to detect cyber attacks on web applications. Logic J. IGPL (2015). https://doi.org/10.1093/jigpal/jzu038
Tian, Z., Luo, C., Qiu, J., Du, X., Guizani, M.: A distributed deep learning system for web attack detection on edge devices (2019). https://doi.org/10.1109/TII.2019.2938778
Kozik, R., Choraś, M., Renk, R., Hołubowicz, W.: A proposal of algorithm for web applications cyber attack detection. Comput. Inf. Syst. Ind. Manag. (2014). https://doi.org/10.1007/978-3-662-45237-0_61
Smitha, R., Hareesha, K.S., Kundapur, P.P.: A machine learning approach for web intrusion detection: MAMLS perspective. In: Wang, J., Reddy, G.R.M., Prasad, V.K., Reddy, V.S. (eds.) Soft Computing and Signal Processing. AISC, vol. 900, pp. 119–133. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-3600-3_12
Khan, N., Abdullah, J., Khan, A.S.: Defending malicious script attacks using machine learning classifiers. Wirel. Commun. Mob. Comput. (2017). https://doi.org/10.1155/2017/5360472
Mereani, F.A., Howe, J.M.: Detecting cross-site scripting attacks using machine learning. In: Hassanien, A.E., Tolba, M.F., Elhoseny, M., Mostafa, M. (eds.) AMLTA 2018. AISC, vol. 723, pp. 200–210. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74690-6_20
Kar, D., Panigrahi, S., Sundararajan, S.: SQLiGoT: detecting SQL injection attacks using graph of tokens and SVM. Comput. Secur. 60, 206–225 (2016). https://doi.org/10.1016/j.cose.2016.04.005
GitLab. https://gitlab.fing.edu.uy/gsi/web-application-attacks-datasets. Accessed 27 June 2021
Betarte, G., Rodrigo, M., Pardo, A.: Web application attacks detection using machine learning techniques. IEEE (2018)
Scikit-learn/CountVectorizer. https://scikitlearn.org/stable/modules/generated/sklearn.feature_extraction.text.CountVectorizer.html. Accessed 27 June 2021
Pietraszek, T.: Using adaptive alert classification to reduce false positives in intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 102–124. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30143-1_6
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Oumaima, C., Abdeslam, R., Yassine, S., Abderrazek, F. (2022). Experimental Study on the Effectiveness of Machine Learning Methods in Web Intrusion Detection. In: Maleh, Y., Alazab, M., Gherabi, N., Tawalbeh, L., Abd El-Latif, A.A. (eds) Advances in Information, Communication and Cybersecurity. ICI2C 2021. Lecture Notes in Networks and Systems, vol 357. Springer, Cham. https://doi.org/10.1007/978-3-030-91738-8_44
Download citation
DOI: https://doi.org/10.1007/978-3-030-91738-8_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91737-1
Online ISBN: 978-3-030-91738-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)