Research Trends in Intrusion Detection System for Web Detection: Datasets, Methods and Challenges

Studies on IDS are focused on detecting attacks that can threaten aspects of confidentiality, integrity, and availability. Research in this field includes both network-based and host-based IDS. Many techniques, datasets, and methods have been investigated in the field of IDS. However, there are still several methods, models, and techniques that are not yet fully comprehensive. This study aims to analyze and identify research trends in IDS for web-based detection methods from the perspective of datasets, methods, and challenges from 2020 to 2024. Based on the acceptance and rejection criteria from the 37 literature reviewed in this study, the techniques gathered from the literature are classified into three categories: classification (84), clustering (11), and analysis (5). Additionally, the datasets used are divided into two: 92 public datasets and 8 private datasets. The top 5 most widely used models (algorithms) from the collected literature are CNN in 9 papers, RF and SVM in 8 papers each, LSTM in 7 papers, DT and KNN in 5 papers each, and FNN in 4 papers. Regarding the detection methods used: 47 hybrid, 42 signature-based, 8 anomaly-based, and minor for web attack detection (3). Furthermore, challenges in IDS research include addressing web-specific attacks and prioritizing the creation of diverse private datasets. Current models need improved scalability for real-time detection and a better balance between known and novel threats, highlighting the need for advanced machine learning techniques and interpretable models. © 2024 IEEE.