Analysis of Attack Detection on Log Access Servers Using Machine Learning Classification: Integrating Expert Labeling and Optimal Model Selection

Abstract

Purpose: As the complexity and diversity of cyberattacks continue to grow, traditional security measures fall short in effectively countering these threats within web-based environments. Therefore, there is an urgent need to develop and implement innovative, advanced techniques tailored specifically to detect and address these evolving security risks within web applications.Methods: This research focuses on analyzing attack detection in log access servers using machine learning classification with two primary approaches: expert labeling integration and best model selection. Expert labeling determines whether log entries are safe or indicate an attack.Result: Validation in labeling was applied using different datasets to minimize errors and increase confidence in the resulting dataset. Experimental results show that the Decision Tree and Random Forest models have nearly identical accuracy rates, around 89.3%-89.4%, while the ANN model has an accuracy of 81%.Novelty: This study proposes a fusion of expert knowledge in labeling log entries with a rigorous process of selecting the best classification model. This integration has not been extensively explored in previous research, offering a novel approach to enhancing attack detection within web applications. The research contribution lies in the integration of expert security assessment and the selection of the best model for detecting attacks on server access logs, along with validating labels using various datasets from different log devices to enhance confidence in the analysis results.