Research Article
Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks
@INPROCEEDINGS{10.1007/978-3-031-50051-0_8, author={Muhusina Ismail and Saed Alrabaee and Saad Harous and Kim-Kwang Raymond Choo}, title={Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks}, proceedings={Future Access Enablers for Ubiquitous and Intelligent Infrastructures. 7th EAI International Conference, FABULOUS 2023, Bratislava, Slovakia, October 24--26, 2023, Proceedings}, proceedings_a={FABULOUS}, year={2023}, month={12}, keywords={Web Vulnerabilities Web Attacks Machine Learning}, doi={10.1007/978-3-031-50051-0_8} }- Muhusina Ismail
Saed Alrabaee
Saad Harous
Kim-Kwang Raymond Choo
Year: 2023
Empirical Evaluations of Machine Learning Effectiveness in Detecting Web Application Attacks
FABULOUS
Springer
DOI: 10.1007/978-3-031-50051-0_8
Abstract
Web applications remain a significant attack vector for cybercriminals seeking to exploit application vulnerabilities and gain unauthorized access to privileged data. In this research, we evaluate the efficacy of eight supervised machine learning algorithms - Naive Bayes, Decision Tree, AdaBoost, Random Forest, Logistic Regression, K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Artificial Neural Network (ANN) - in detecting and countering web application attacks. Our results indicate that KNN and Random Forest classifiers achieve an accuracy rate of 89% and an area under the curve of 94% on the CSIC HTTP dataset, a commonly used benchmark in the field. Meanwhile, the Naive Bayes classifier proves the most efficient, taking the least computational time when differentiating between malicious and benign HTTP requests. These findings may help direct future efforts towards more efficient, machine learning-driven defenses against web application attacks.
