Detection and Classification of Web Application Attacks.

Web applications have become ubiquitous and offer a wide range of services, from content management and e-commerce to social networking. However, these applications are also prime targets for cyberattacks that exploit a variety of vulnerabilities. With the rise in use of Ubiquitous Web Applications (UWA) which can be accessed globally from various devices, it is imperative to automate the detection and classification of these attacks. In this study, we detect and classify web attacks using several classification machine learning models. We conduct a comparative analysis of the web attack classification results from Decision Trees, Random Forest, Support Vector Classifier (SVC) and K-Nearest Neighbor (KNN) machine learning models, using multiple text feature vectorization techniques such as the context-insensitive TF-IDF vectorizer, the bi-directional context-aware BERT transformer, and a combination of both techniques on the Webserver logs. We find that the Random Forest classifier performs best using BERT transformer for text features captured by the Webserver logs with 99% accuracy and $$F_{1}$$ score for classifying web attacks. We also find that there is no significant gain in the accuracy of transformers over TF-IDF vectorizer for these text features presumably because of the preprocessing techniques we use on the command like syntax. Also, with TF-IDF text vectorization, both SVC and KNN classification models performed better than Random Forest classification model against Webserver logs to detect and classify Web application attacks.