{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T04:37:46Z","timestamp":1769661466653,"version":"3.49.0"},"reference-count":44,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T00:00:00Z","timestamp":1769472000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026,1,27]]},"abstract":"Abstract<\/jats:title>\n Websites, as essential digital assets, are highly vulnerable to cyberattacks because of their high traffic volume and the significant impact of breaches. This study aims to enhance the identification of web traffic attacks by leveraging machine learning techniques. A methodology was proposed to extract relevant features from HTTP traces using the CSIC2010 v2 dataset, which simulates e-commerce web traffic. Ensemble methods, such as Random Forest (RF) and Extreme Gradient Boosting, were employed and compared against baseline classifiers, including k-nearest Neighbor, LASSO, and Support Vector Machines. The results demonstrate that the ensemble methods outperform baseline classifiers by approximately 20% in predictive accuracy, achieving an Area Under the ROC Curve of 0.989. Feature selection methods such as Information Gain, LASSO, and RF further enhance the robustness of these models. This study highlights the efficacy of ensemble models in improving attack detection while minimizing performance variability, offering a practical framework for securing web traffic in diverse application contexts.<\/jats:p>","DOI":"10.1093\/jigpal\/jzaf021","type":"journal-article","created":{"date-parts":[[2025,4,24]],"date-time":"2025-04-24T06:36:30Z","timestamp":1745476590000},"source":"Crossref","is-referenced-by-count":0,"title":["Enhancing web traffic attacks identification through ensemble methods and feature selection"],"prefix":"10.1093","volume":"34","author":[{"given":"Daniel","family":"Urda","sequence":"first","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Branly","family":"Mart\u00ednez","sequence":"additional","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nu\u00f1o","family":"Basurto","sequence":"additional","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Meelis","family":"Kull","sequence":"additional","affiliation":[{"name":"Institute of Computer Science , University of Tartu, Estonia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"\u00c1ngel","family":"Arroyo","sequence":"additional","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"\u00c1lvaro","family":"Herrero","sequence":"additional","affiliation":[{"name":"Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalizaci\u00f3n, Escuela Polit\u00e9cnica Superior, Universidad de Burgos, Av. Cantabria s\/n, 09006, Burgos, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2026,1,28]]},"reference":[{"key":"2026012811024797500_ref1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/IJDCF.302875","article-title":"Web vulnerability detection analyzer based on python","volume":"14","author":"Xu","year":"2022","journal-title":"Int J Digit Crime Forensics"},{"key":"2026012811024797500_ref2","doi-asserted-by":"publisher","DOI":"10.3390\/app11083678","article-title":"Quantitative assessment of cybersecurity risks for mitigating data breaches in business systems","volume":"11","author":"Algarni","year":"2021","journal-title":"Appl Sci"},{"key":"2026012811024797500_ref3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ICAIC53980.2022.9896966","article-title":"Cyber security threats on digital banking","volume-title":"2022 1st International Conference on AI in Cybersecurity (ICAIC)","author":"Alzoubi","year":"2022"},{"key":"2026012811024797500_ref4","first-page":"2111","article-title":"Value creation and value capture for ai business model innovation: a three-phase process framework","volume":"16","author":"Josef","year":"2022","journal-title":"Rev Manag Sci"},{"key":"2026012811024797500_ref5","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1007\/978-3-319-19713-5_18","article-title":"Neural analysis of http traffic for web attack detection","volume-title":"International Joint Conference","author":"Atienza","year":"2015"},{"key":"2026012811024797500_ref6","first-page":"18","article-title":"Feature selection based on information gain","volume":"2","author":"Azhagusundari","year":"2013","journal-title":"Int J Innov technol Explor Eng"},{"key":"2026012811024797500_ref7","doi-asserted-by":"crossref","first-page":"432","DOI":"10.1007\/978-3-030-97124-3_32","article-title":"Research on website traffic prediction method based on deep learning","volume-title":"Simulation Tools and Techniques","author":"Bao","year":"2022"},{"key":"2026012811024797500_ref8","volume-title":"Pattern Recognition and Machine Learning","author":"Bishop","year":"2006"},{"key":"2026012811024797500_ref9","doi-asserted-by":"crossref","first-page":"785","DOI":"10.1145\/2939672.2939785","article-title":"Xgboost: A scalable tree boosting system","volume-title":"Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD \u201916","author":"Chen","year":"2016"},{"key":"2026012811024797500_ref10","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/BF00994018","article-title":"Support-vector networks","volume":"20","author":"Cortes","year":"1995","journal-title":"Machine Learning"},{"key":"2026012811024797500_ref11","first-page":"157","volume-title":"Random Forests","author":"Adele Cutler","year":"2012"},{"key":"2026012811024797500_ref12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/3-540-45014-9_1","article-title":"Ensemble methods in machine learning","volume-title":"Multiple Classifier Systems","author":"Dietterich","year":"2000"},{"key":"2026012811024797500_ref13","volume-title":"ENISA Threat Landscape Report 2020","author":"ENISA"},{"key":"2026012811024797500_ref14","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1038\/s41591-018-0316-z","article-title":"A guide to deep learning in healthcare","volume":"25","author":"Esteva","year":"2019","journal-title":"Nat Med"},{"key":"2026012811024797500_ref15","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1007\/s11235-018-0475-8","article-title":"A comprehensive survey on network anomaly detection","volume":"70","author":"Fernandes","year":"2019","journal-title":"Telecommun Syst"},{"key":"2026012811024797500_ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.accinf.2020.100468","article-title":"Public companies\u2019 cybersecurity risk disclosures","volume":"38","author":"Gao","year":"2020","journal-title":"Int J Accounting Inform Syst"},{"key":"2026012811024797500_ref17","article-title":"Http dataset CSIC 2010","author":"Gim\u00e9nez"},{"key":"2026012811024797500_ref18","article-title":"Http2vec: embedding of HTTP requests for detection of anomalous traffic","author":"Gniewkowski","year":"2021","journal-title":"CoRR"},{"key":"2026012811024797500_ref19","article-title":"Insider attack detection in database with deep metric neural network with Monte Carlo sampling","volume":"02","author":"Go","year":"2022","journal-title":"Log J IGPL"},{"key":"2026012811024797500_ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.joitmc.2023.100069","article-title":"Factors influencing small and medium size enterprises development and digital maturity in latin america","volume":"9","author":"Gonzalez-Tamayo","year":"2023","journal-title":"Journal of Open Innovation: Technology, Market, and Complexity"},{"key":"2026012811024797500_ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2020.104150","article-title":"Unsupervised concrete feature selection based on mutual information for diagnosing faults and cyber-attacks in power systems","volume":"100","author":"Hassani","year":"2021","journal-title":"Eng Appl Artif Intel"},{"key":"2026012811024797500_ref22","doi-asserted-by":"publisher","first-page":"26190","DOI":"10.1109\/ACCESS.2017.2766844","article-title":"A logitboost-based algorithm for detecting known and unknown web attacks","volume":"5","author":"Kamarudin","year":"2017","journal-title":"IEEE Access"},{"key":"2026012811024797500_ref23","first-page":"451","article-title":"A study on web application security and detecting security vulnerabilities","volume-title":"The 6th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)","author":"Kumar","year":"2017"},{"key":"2026012811024797500_ref24","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1109\/MS.2015.50","article-title":"The highways and country roads to continuous deployment","volume":"32","author":"Lepp\u00e4nen","year":"2015","journal-title":"IEEE Softw"},{"key":"2026012811024797500_ref25","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1504\/IJWGS.2020.106128","article-title":"An efficient algorithm and tool for detecting dangerous website vulnerabilities","volume":"16","author":"Long","year":"2020","journal-title":"Int J Web Grid Serv"},{"key":"2026012811024797500_ref26","doi-asserted-by":"publisher","first-page":"5810","DOI":"10.1109\/TII.2020.3038761","article-title":"A novel web attack detection system for Internet of Things via ensemble classification","volume":"17","author":"Luo","year":"2021","journal-title":"IEEE Trans Industr Inform"},{"key":"2026012811024797500_ref27","doi-asserted-by":"publisher","first-page":"e956","DOI":"10.7717\/peerj-cs.956","article-title":"Novel hybrid firefly algorithm: an application to enhance xgboost tuning for intrusion detection classification","volume":"8","author":"Zivkovic","year":"2022","journal-title":"PeerJ Comp Sci"},{"key":"2026012811024797500_ref28","doi-asserted-by":"publisher","first-page":"1717","DOI":"10.1109\/TETC.2022.3178283","article-title":"Improving the reliability of network intrusion detection systems through dataset aggregation","volume":"10","author":"Magan-Carrion","year":"2022","journal-title":"IEEE Trans Emerg Top Comput"},{"key":"2026012811024797500_ref29","doi-asserted-by":"publisher","DOI":"10.3390\/app10051775","article-title":"Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches","volume":"10","author":"Mag\u00e1n-Carri\u00f3n","year":"2020","journal-title":"Appl Sci"},{"key":"2026012811024797500_ref30","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/997150.997156","article-title":"A taxonomy of ddos attack and ddos defense mechanisms","volume":"34","author":"Mirkovic","year":"2004","journal-title":"SIGCOMM Comput Commun Rev"},{"key":"2026012811024797500_ref31","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2023.103738","article-title":"Hybrid unsupervised web-attack detection and classification: a deep learning approach","volume":"86","author":"Pillai","year":"2023","journal-title":"Computer Standards & Interfaces"},{"key":"2026012811024797500_ref32","doi-asserted-by":"crossref","first-page":"510","DOI":"10.1007\/978-3-642-13803-4_63","article-title":"Cbrid4sql: A CBR intrusion detector for SQL injection attacks","volume-title":"Hybrid Artificial Intelligence Systems","author":"Pinz\u00f3n","year":"2010"},{"key":"2026012811024797500_ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.techfore.2023.122474","article-title":"Impact of digitalization on technological innovations in small and medium-sized enterprises (SMEs)","volume":"191","author":"Radicic","year":"2023","journal-title":"Technol Forecast Social Change"},{"key":"2026012811024797500_ref34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/CIBCB.2006.330987","article-title":"Feature selection using a random forests classifier for the integrated analysis of multiple data types","volume-title":"2006 IEEE Symposium on Computational Intelligence and Bioinformatics and Computational Biology","author":"Reif","year":"2006"},{"key":"2026012811024797500_ref35","doi-asserted-by":"publisher","first-page":"8852","DOI":"10.1109\/JIOT.2020.2996425","article-title":"An ensemble of deep recurrent neural networks for detecting IoT cyber attacks using network traffic","volume":"7","author":"Saharkhizan","year":"2020","journal-title":"IEEE Internet Things J"},{"key":"2026012811024797500_ref36","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","volume":"1","author":"Sharafaldin","year":"2018","journal-title":"ICISSp"},{"key":"2026012811024797500_ref37","doi-asserted-by":"publisher","first-page":"698","DOI":"10.1016\/j.asoc.2012.08.028","article-title":"Detection of malicious and non-malicious website visitors using unsupervised neural network learning","volume":"13","author":"Stevanovic","year":"2013","journal-title":"Appl Soft Comput"},{"key":"2026012811024797500_ref38","article-title":"Data mining-driven approaches for process monitoring and diagnosis.","author":"Sukchotrat","year":"2008"},{"key":"2026012811024797500_ref39","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1186\/s12918-018-0612-8","article-title":"BLASSO: integration of biological knowledge into a regularized linear model","volume":"12","author":"Urda","year":"2018","journal-title":"BMC Syst Biol"},{"key":"2026012811024797500_ref40","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1007\/978-3-031-18409-3_20","article-title":"Evaluating classifiers\u2019 performance to detect attacks in website traffic","volume-title":"International Joint Conference 15th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2022) 13th International Conference on EUropean Transnational Education (ICEUTE 2022)","author":"Urda","year":"2023"},{"key":"2026012811024797500_ref41","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1080\/21693277.2016.1192517","article-title":"Machine learning in manufacturing: advantages, challenges, and applications","volume":"4","author":"Wuest","year":"2016","journal-title":"Prod Manuf Res"},{"key":"2026012811024797500_ref42","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1007\/s41664-018-0068-2","article-title":"On splitting training and validation set: a comparative study of cross-validation, bootstrap and systematic sampling for estimating the generalization performance of supervised learning","volume":"2","author":"Yun","year":"2018","journal-title":"J Anal Test"},{"key":"2026012811024797500_ref43","doi-asserted-by":"crossref","first-page":"768","DOI":"10.1109\/COMPSAC48688.2020.0-167","article-title":"Detecting malicious web requests using an enhanced textcnn","volume-title":"2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)","author":"Yu","year":"2020"},{"key":"2026012811024797500_ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2020.113864","article-title":"M-adaboost-a based ensemble system for network intrusion detection","volume":"162","author":"Zhou","year":"2020","journal-title":"Expert Syst Appl"}],"container-title":["Logic Journal of the IGPL"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/34\/1\/jzaf021\/66611792\/jzaf021.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/34\/1\/jzaf021\/66611792\/jzaf021.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T16:05:59Z","timestamp":1769616359000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article\/doi\/10.1093\/jigpal\/jzaf021\/8443241"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,27]]},"references-count":44,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1,27]]}},"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzaf021","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"value":"1367-0751","type":"print"},{"value":"1368-9894","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2026,2]]},"published":{"date-parts":[[2026,1,27]]},"article-number":"jzaf021"}}