USING MACHINE LEARNING TO DETECT ANOMALIES IN WEB SERVER TRAFFIC

Authors

  • Kubatbek Abdumitalip uulu Osh State University
  • Gulbaira Omaralieva Osh State University
  • Akmaral Isakova Osh State University
  • Ykybal Zamirbek kyzy Osh State University

DOI:

https://doi.org/10.52754/16948610_2026_2_24

Keywords:

anomaly detection, HTTP, web logs, ELK, Isolation Forest

Abstract

Relevance. We present a reproducible methodology for detecting anomalies in web‑server traffic based on machine learning over application‑layer logs. The pipeline covers elastic log collection (Nginx/Filebeat), feature engineering (structural, content‑based, entropy, behavioral), unsupervised models (Isolation Forest, One‑Class SVM) and deep autoencoders (including LSTM variants), plus post‑hoc explainability. Demonstration results are reported on public datasets (CSIC‑2010 HTTP requests, CIC‑IDS2017 and CSE‑CIC‑IDS2018 network flows) and synthetic logs emulating a university web perimeter; we provide standard metrics (AUROC/AUPRC, F1 at fixed FPR), runtime profiling, and integration guidance for Osh State University’s data‑center.

References

Зуев, В.Н. (2021). Обнаружение аномалий сетевого трафика методом глубокого обучения. Программные продукты и системы, 34(1), 91–97. https://doi.org/10.15827/0236-235X.133.091-097 DOI: https://doi.org/10.15827/0236-235X.133.091-097

Омаралиев, А.Ч., Карабаев, С.Э., Омаралиева, Г.А., Данг, В. (2025). Методология тестирования безопасности веб-приложений на Django с акцентом на выявление уязвимостей бизнес-логики. Вестник Ошского государственного университета, (4), 199–211. https://doi.org/10.52754/16948610_2025_4_14 DOI: https://doi.org/10.52754/16948610_2025_4_14

Омаралиев, А. Ч., Омаралиева, Г. А., Абдималик уулу, К. (2025). Кыргызстандын жогорку окуу жайларынын өзүндөй информациалык системаларын интеграциялоо мүмкүнчүлүктөрү билим берүү процессиңде. Жамын жарчысы, 2025(4).

Benova, L., & Hudec, L. (2024). Comprehensive analysis and evaluation of anomalous user activity in web server logs. Sensors, 24(3), Article 746. https://doi.org/10.3390/s24030746 DOI: https://doi.org/10.3390/s24030746

Boukhamla, A., & Coronel Gaviro, J. (2021). CICIDS2017 dataset: Performance improvements and validation as a robust intrusion detection system testbed. International Journal of Information and Computer Security, 16(1/2), 20–32. https://doi.org/10.1504/IJICS.2021.117392 DOI: https://doi.org/10.1504/IJICS.2021.117392

Canadian Institute for Cybersecurity. (2017). Intrusion detection evaluation dataset (CIC-IDS2017) [Data set]. University of New Brunswick. https://www.unb.ca/cic/datasets/ids-2017.html

Chua, W., Pajas, A. L. D., Castro, C. S., Panganiban, S. P., Pasuquin, A. J., Purganan, M. J., Malupeng, R., Pingad, D. J., Orolfo, J. P., & Lua, H. H. (2024). Web traffic anomaly detection using isolation forest. Informatics, 11(4), Article 83. https://doi.org/10.3390/informatics11040083 DOI: https://doi.org/10.3390/informatics11040083

IMPACT Cyber Trust. (2010). HTTP dataset CSIC 2010 [Data set]. https://www.impactcybertrust.org/dataset_view?idDataset=940

Liu, F. T., Ting, K. M., & Zhou, Z.-H. (2008). Isolation forest. In Proceedings of the 8th IEEE International Conference on Data Mining (ICDM) (pp. 413–422). IEEE. https://doi.org/10.1109/ICDM.2008.17 DOI: https://doi.org/10.1109/ICDM.2008.17

Moradi Vartouni, A., Teshnehlab, M., & Sedighian Kashi, S. (2019). Leveraging deep neural networks for anomaly-based web application firewall. IET Information Security, 13(4), 352–361. https://doi.org/10.1049/iet-ifs.2018.5404 DOI: https://doi.org/10.1049/iet-ifs.2018.5404

Schölkopf, B., Platt, J. C., Shawe-Taylor, J., Smola, A. J., & Williamson, R. C. (2000). Support vector method for novelty detection. In Advances in neural information processing systems (Vol. 12, pp. 582–588). https://alex.smola.org/papers.html

Smolen, T., & Benova, L. (2023). Comparing autoencoder and isolation forest in network anomaly detection. In Proceedings of the 33rd Conference of Open Innovations Association (FRUCT). IEEE. https://doi.org/10.23919/FRUCT58615.2023.10143005 DOI: https://doi.org/10.23919/FRUCT58615.2023.10143005

Torrano-Gimenez, C., Perez-Villegas, A., & Alvarez, G. (2010). An anomaly-based approach for intrusion detection in web traffic. Journal of Information Assurance and Security, 5(4), 446–454.

Xu, H., Pang, G., Wang, Y., & Wang, Y. (2022). Deep isolation forest for anomaly detection (arXiv preprint arXiv:2206.06602). arXiv. https://arxiv.org/abs/2206.06602

Published

2026-06-30

How to Cite

Abdumitalip uulu , K., Omaralieva , G., Isakova , A., & Zamirbek kyzy , Y. (2026). USING MACHINE LEARNING TO DETECT ANOMALIES IN WEB SERVER TRAFFIC. Bulletin of Osh State University, (2), 327–340. https://doi.org/10.52754/16948610_2026_2_24