Detecting Zero-Day Web Attacks Using One-Class Ensemble Classifiers

The increase of internet on websites has intensified the risks to user information security, with web attacks becoming more sophisticated and widespread. Except for known attacks, unknown (zero-day) attacks have become critical. Since traditional security methods often fail to mitigate new attack patterns, jeopardizing user data. Also, reducing human intervention in web security can minimize errors and enhance reliability. This paper presents an intelligent solution for detecting unknown web attacks using a one-class ensemble algorithm including LSTM autoencoder, GRU autoencoder, and stacked autoencoder. Our approach tokenizes normal web requests to create unique patterns, maps tokenized elements to numerical sequences, and use the ensemble model to identify anomalous behavior. This methodology enables efficient detection of zero-day attacks while addressing common challenges such as high memory usage, extensive time consumption, and high false positive rates. The proposed model was evaluated on key metrics, showing superior performance: 97.58% accuracy, 97.52% recall, 99.76% specificity, and 99.99% precision, with an exceptionally low false positive rate of 0.2%. The training phase took only 20 seconds, and the testing phase completed in 5 seconds, showcasing the model’s efficiency. These results highlight the potential of our approach to enhance web security by providing a fast, accurate, and reliable method for detecting web attacks.