An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble

Bayu Adhi Tama, Lewis Nkenyereye, S. M.Riazul Islam, Kyung Sup Kwak

Research output: Contribution to journalArticlepeer-review

74 Citations (Scopus)

Abstract

A Web attack protection system is extremely essential in today's information age. Classifier ensembles have been considered for anomaly-based intrusion detection in Web traffic. However, they suffer from an unsatisfactory performance due to a poor ensemble design. This paper proposes a stacked ensemble for anomaly-based intrusion detection systems in a Web application. Unlike a conventional stacking, where some single weak learners are prevalently used, the proposed stacked ensemble is an ensemble architecture, yet its base learners are other ensembles learners, i.e. random forest, gradient boosting machine, and XGBoost. To prove the generalizability of the proposed model, two datasets that are specifically used for attack detection in a Web application, i.e. CSIC-2010v2 and CICIDS-2017 are used in the experiment. Furthermore, the proposed model significantly surpasses existing Web attack detection techniques concerning the accuracy and false positive rate metrics. Validation result on the CICIDS-2017, NSL-KDD, and UNSW-NB15 dataset also ameliorate the ones obtained by some recent techniques. Finally, the performance of all classification algorithms in terms of a two-step statistical significance test is further discussed, providing a value-added contribution to the current literature.
Original languageEnglish
Article number8981962
Pages (from-to)24120-24134
Number of pages15
JournalIEEE Access
Volume8
Early online date4 Feb 2020
DOIs
Publication statusPublished - 7 Feb 2020
Externally publishedYes

Fingerprint

Dive into the research topics of 'An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble'. Together they form a unique fingerprint.

Cite this