Web Attack Intrusion Detection System Using Machine Learning Techniques

Abstract

Web attacks often target web applications because they can be accessed over a network and often have vulnerabilities. The success of an intrusion detection system (IDS) in detecting web attacks depends on an effective traffic classification system. Several previous studies have utilized machine learning classification methods to create an efficient IDS with various datasets for different types of attacks. This paper utilizes the Canadian Institute for Cyber Security's (CIC-IDS2017) IDS dataset to assess web attacks. Importantly, the dataset contains 80 attributes of recent assaults, as reported in the 2016 McAfee report. Three machine learning algorithms have been evaluated in this research, namely random forests (RF), k-nearest neighbor (KNN), and naive bayes (NB). The primary goal of this research is to propose an effective machine learning algorithm for the IDS web attacks model. The evaluation compares the performance of three algorithms (RF, KNN, and NB) based on their accuracy and precision in detecting anomalous traffic. The results indicate that the RF outperformed the NB and KNN in terms of average accuracy achieved during the training phase. During the testing phase, the KNN algorithm outperformed others, achieving an average accuracy of 99.4916%. However, RF and KNN achieved 100% average precision and recall rates compared to other algorithms. Finally, the RF and KNN algorithms have been identified as the most effective for detecting IDS web attacks.