TY - JOUR
T1 - An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble
AU - Tama, Bayu Adhi
AU - Nkenyereye, Lewis
AU - Islam, S. M.Riazul
AU - Kwak, Kyung Sup
N1 - Funding Information:
This work was supported in part by the National Research Foundation of Korea-Grant funded by the Korean Government (Ministry of Science and ICT)-NRF-2017R1A2B2012337.
Publisher Copyright:
© 2013 IEEE.
PY - 2020/2/7
Y1 - 2020/2/7
N2 - A Web attack protection system is extremely essential in today's information age. Classifier ensembles have been considered for anomaly-based intrusion detection in Web traffic. However, they suffer from an unsatisfactory performance due to a poor ensemble design. This paper proposes a stacked ensemble for anomaly-based intrusion detection systems in a Web application. Unlike a conventional stacking, where some single weak learners are prevalently used, the proposed stacked ensemble is an ensemble architecture, yet its base learners are other ensembles learners, i.e. random forest, gradient boosting machine, and XGBoost. To prove the generalizability of the proposed model, two datasets that are specifically used for attack detection in a Web application, i.e. CSIC-2010v2 and CICIDS-2017 are used in the experiment. Furthermore, the proposed model significantly surpasses existing Web attack detection techniques concerning the accuracy and false positive rate metrics. Validation result on the CICIDS-2017, NSL-KDD, and UNSW-NB15 dataset also ameliorate the ones obtained by some recent techniques. Finally, the performance of all classification algorithms in terms of a two-step statistical significance test is further discussed, providing a value-added contribution to the current literature.
AB - A Web attack protection system is extremely essential in today's information age. Classifier ensembles have been considered for anomaly-based intrusion detection in Web traffic. However, they suffer from an unsatisfactory performance due to a poor ensemble design. This paper proposes a stacked ensemble for anomaly-based intrusion detection systems in a Web application. Unlike a conventional stacking, where some single weak learners are prevalently used, the proposed stacked ensemble is an ensemble architecture, yet its base learners are other ensembles learners, i.e. random forest, gradient boosting machine, and XGBoost. To prove the generalizability of the proposed model, two datasets that are specifically used for attack detection in a Web application, i.e. CSIC-2010v2 and CICIDS-2017 are used in the experiment. Furthermore, the proposed model significantly surpasses existing Web attack detection techniques concerning the accuracy and false positive rate metrics. Validation result on the CICIDS-2017, NSL-KDD, and UNSW-NB15 dataset also ameliorate the ones obtained by some recent techniques. Finally, the performance of all classification algorithms in terms of a two-step statistical significance test is further discussed, providing a value-added contribution to the current literature.
KW - anomaly-based IDSs
KW - gradient boosting machine
KW - performance benchmark
KW - Random forest
KW - significance tests
KW - Web attack
UR - http://www.scopus.com/inward/record.url?scp=85081080122&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2020.2969428
DO - 10.1109/ACCESS.2020.2969428
M3 - Article
AN - SCOPUS:85081080122
VL - 8
SP - 24120
EP - 24134
JO - IEEE Access
JF - IEEE Access
SN - 2169-3536
M1 - 8981962
ER -