Two Stage Deep Learning Based Stacked Ensemble Model for Web Application Security

Creative Commons License


KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, vol.16, no.2, pp.632-657, 2022 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 16 Issue: 2
  • Publication Date: 2022
  • Doi Number: 10.3837/tiis.2022.02.014
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Applied Science & Technology Source, Compendex, Computer & Applied Sciences
  • Page Numbers: pp.632-657
  • Keywords: Anomaly detection, deep learning, ensemble learning, web application firewall, web security, SYSTEM
  • Recep Tayyip Erdoğan University Affiliated: No


Detecting web attacks is a major challenge, and it is observed that the use of simple models leads to low sensitivity or high false positive problems. In this study, we aim to develop a robust two-stage deep learning based stacked ensemble web application firewall. Normal and abnormal classification is carried out in the first stage of the proposed WAF model. The classification process of the types of abnormal traffics is postponed to the second stage and carried out using an integrated stacked ensemble model. By this way, clients' requests can be served without time delay, and attack types can be detected with high sensitivity. In addition to the high accuracy of the proposed model, by using the statistical similarity and diversity analyses in the study, high generalization for the ensemble model is achieved. Within the study, a comprehensive, up-to-date, and robust multi-class web anomaly dataset named GAZIHTTP is created in accordance with the real-world situations. The performance of the proposed WAF model is compared to state-of-the-art deep learning models and previous studies using the benchmark dataset. The proposed two-stage model achieved multi-class detection rates of 97.43% and 94.77% for GAZI-HTTP and ECML-PKDD, respectively.