A Comprehensive Evaluation of Machine Learning Algorithms for Web Application Attack Detection with Knowledge Graph Integration

The capability to accurately detect web application attacks, especially in a timely fashion, is crucial but remains an ongoing challenge. This study provides an in-depth evaluation of 19 traditional machine learning techniques for detecting web application attacks. The evaluation was conducted across three distinct experiments on refined datasets derived from the HTTPCSIC 2010 dataset. The experiments investigated the performance of these algorithms in different scenarios (e.g., without Knowledge Graph integration, and with KG integration with node2vec feature enhancement). The experimental results revealed that neural network classifiers, notably the Multilayer Perceptron, consistently outperformed other models, achieving accuracy of above 0.90 and maintaining a balanced performance across various metrics. Furthermore, the findings demonstrated that certain algorithms, such as tree-based ensemble methods showed an increase of over 10% in accuracy and Gaussian Process models which exhibited a remarkable improvement in accuracy, rising from 0.84 to 0.99, and in AUC from 0.91 to 1.00, when integrated with the Knowledge Graph, effectively utilizing the additional contextual information. We also found that the KNN classifier demonstrated more than a 16% increase in accuracy. All classifiers showed significant improvements in AUC and other metrics mentioned in our study, indicating that KG integration not only enhances the detection capabilities but also enriches the overall analytical performance of the models. We also observed that linear classifiers and Naive Bayes models generally experienced a decline in performance, highlighting the importance of carefully evaluating the inherent characteristics and capabilities of each algorithm for the web attack detection task.