The most critical challenge of web attack forensic investigations is the sheer amount of data and level of complexity. Machine learning technology might be an efficient solution for web attack analysis and investigation. Consequently, machine learning applications have been applied in various areas of information security and digital forensics, and have improved over time. Moreover, feature selection is a crucial step in machine learning; in fact, selecting an optimal feature subset could enhance the accuracy and performance of the predictive model. To date, there has not been an adequate approach to select optimal features for the evidence of web attack. In this study, a hybrid approach that selects the relevant web attack features by combining the filter and wrapper methods is proposed. This approach has been validated by experimental measurements on 3 web attack datasets. The results show that our proposed approach can find the evidence with high recall, high accuracy, and low error rates. We believe that the results presented herein may help us to improve accuracy and recall of machine learning techniques; particularly, in the field of web attack investigation. The tools that use this approach may help digital forensic professionals and law enforcement in finding the evidence much more efficiently and faster.
Web application attacks, machine learning, feature selection, digital evidence
BABIKER, MOHAMMED; KARAARSLAN, ENİS; and HOŞCAN, YAŞAR
"A hybrid feature-selection approach for finding the digital evidence of web application attacks,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 27:
6, Article 6.
Available at: https://journals.tubitak.gov.tr/elektrik/vol27/iss6/6