The rapid growth in the volume and importance of web communication throughout the Internet has heightened the need for better security protection. Security experts, when protecting systems, maintain a database featuring signatures of a large number of attacks to assist with attack detection. However, used in isolation, this can limit the capability of the system as it is only able to recognise known attacks. To overcome the problem, we propose an anomaly based intrusion detection system using an ensemble classification approach to detect unknown attacks on web servers. The process involves removing irrelevant and redundant features utilising a filter and wrapper selection procedure. Logitboost (LB) is then employed together with Random Forests (RF) as a weak classifier. The proposed ensemble technique was evaluated with some artificial datasets namely NSL-KDD, an improved version of the old KDD Cup from 1999, and the recently published UNSW-NB15 dataset. The experimental results show that our approach demonstrates superiority, in terms of accuracy and detection rate over the traditional approaches, whilst preserving low false rejection rates.
Kamarudin, M. H., Maple, C., Watson, T., & Sohrabi Safa, N. (2017). A LogitBoost-based Algorithm for Detecting Known and Unknown Web Attacks. IEEE Access, 5, 26190 - 26200. https://doi.org/10.1109/ACCESS.2017.2766844