ANOMALY DETECTION IN WEB APPLICATION NETWORK TRAFFIC USING THE RANDOM FOREST ALGORITHM
DOI:
https://doi.org/10.35546/kntu2078-4481.2025.4.3.31Keywords:
cybersecurity, web applications, Random Forest, anomaly detection, CICIDS2017, machine learning, traffic classificationAbstract
Ensuring high accuracy and efficiency of intrusion detection systems is critical for avoiding false positives and missed web attacks. Network traffic is the primary communication channel of the client-server model in web applications; therefore, its analysis is critically important for detecting malicious activity. It is through this channel that user request data, server responses, API calls, and interactions with external services are transmitted. The use of machine learning to predict attacks on web applications based on network traffic analysis can improve these characteristics. The paper performs a selection of machine learning techniques that can help consider not only the structure but also the semantics of traffic. It also examines the current problem of protecting web applications from modern cyber threats, particularly SQL Injection, XSS, and Brute Force attacks. The shortcomings of traditional signature-based protection methods (WAF, IDS), which demonstrate low effectiveness against zero-day attacks and modified malicious requests, are analyzed. The feasibility of using Machine Learning methods to build adaptive intrusion detection systems is substantiated. The Random Forest algorithm was chosen as the research tool due to its resistance to overfitting and ability to work effectively with high-dimensional data. The experimental part was performed based on the CICIDS2017 dataset, which contains current profiles of normal and anomalous traffic. Data preprocessing stages are described in detail: noise cleaning, encoding categorical features, and class balancing using the Imbalanced-learn library. As a result of the experiment, the developed model showed an overall classification Accuracy of 98%. The confusion matrix was analyzed, confirming the model's high ability to distinguish legitimate traffic and scanning attacks, while identifying certain limitations in classifying complex web attacks with similar signatures. The research results can be used to improve existing security monitoring systems and for integration into SIEM systems.
References
Adefemi, K. O., Mutanga, M. B., & Alimi, O. A. (2025). A Hybrid CNN–GRU Deep Learning Model for IoT Network Intrusion Detection. Journal of Sensor and Actuator Networks, 14(5), 96. https://doi.org/10.3390/jsan14050096.
Alahmadi, A. A., Aljabri, M., Alhaidari, F., Alharthi, D. J., Rayani, G. E., Marghalani, L. A., Alotaibi, O. B., & Bajandouh, S. A. (2023). DDoS Attack Detection in IoT-Based Networks Using Machine Learning Models: A Survey and Research Directions. Electronics, 12(14), 3103. https://doi.org/10.3390/ electronics 12143103.
Long, Z., Yan, H., Shen, G. et al. A Transformer-based network intrusion detection approach for cloud security. J Cloud Comp 13, 5 (2024). https://doi.org/10.1186/s13677-023-00574-9.
Wu, Zihan & Zhang, Hong & Wang, Penghai & Sun, Zhibo. (2022). RTIDS: A Robust Transformer-Based Approach for Intrusion Detection System. IEEE Access. 10. 1-1. 10.1109/ACCESS.2022.3182333.
Bilot, T., Madhoun, N.E., Agha, K.A., & Zouaoui, A. (2023). Graph Neural Networks for Intrusion Detection: A Survey. IEEE Access, 11, 49114-49139.
Sun, Z., Teixeira, A. M. H., & Toor, S. (2024). GNN-IDS: Graph neural network based intrusion detection system. In Proceedings of the 19th International Conference on Availability, Reliability and Security (ARES 2024) (Article 14, 12 pages). https://doi.org/10.1145/3664476.3664515.
Kartiwi, M. CNN-LSTM: Hybrid Deep Neural Network for Network Intrusion Detection System. IEEE Access. https://doi.org/10.1109/ACCESS.2022.3206425.
Psychogyios K, Papadakis A, Bourou S, Nikolaou N, Maniatis A, Zahariadis T. (2024). Deep Learning for Intrusion Detection Systems (IDSs) in Time Series Data. Future Internet. 16(3):73. https://doi.org/10.3390/fi16030073.
Ahmad, Waqas & Amjad, Muhammad. (2024). Anomaly Detection in HTTP Logs: Leveraging Machine Learning for Uncovering Anomalous Traffic Patterns with SIEM Integration. 622-629. 10.1109/IBCAST61650.2024.10877256.
Rahman, M. M., Al Shakil, S. & Mustakim, M. R. (2025) A survey on intrusion detection system in iot networks. Cyber Secur. Appl. 3, 100082. https://doi.org/10.1016/j.csa.2024.100082.
Pradhan, Reshamlal. (2022). Decision Tree Based Classifications on CICIDS 2017 Dataset for the Identification of DDoS, Botnet, and Web Attack. NeuroQuantology. 20. 4468-4475. 10.48047/NQ.2022.20.12.NQ77771.
