Classification Of Cyber Attack And Anomaly In Web Server Using Transformer and Transfer Learning
Downloads
Cybersecurity is a crucial aspect in maintaining the integrity and availability of information systems, especially on web servers which are vulnerable to various types of attacks and anomalies. This research aims to investigate the application of transfer learning in the classification of cyber attacks and anomalies on web servers. Transfer learning, a powerful deep learning approach, enables pre-trained models to adapt to new tasks with limited data, offering an efficient solution for detecting malicious activities and unusual patterns in web server logs. The goal is to improve detection accuracy while reducing the time and resources required to train models from scratch. This study uses a bi-layer classification approach with pre-trained Transformer models, RoBERTa and BERT, through transfer learning to detect cyber attacks and anomalies in web server log data. The process includes preprocessing the log data, extracting relevant features, and fine-tuning BERT to classify known attacks in the first layer, followed by RoBERTa in the second layer to detect unusual or unknown behaviors. Model performance is evaluated using accuracy, precision, recall, and F1-score, and results are compared with traditional deep learning methods like RoBERTa and BERT to highlight the advantages of this bi-layer transfer learning approach. The result of this proposed bi-layer classification method is improved performance in detecting cyber attacks and anomalies compared to using RoBERTa and BERT individually. By combining both models, the system is anticipated to achieve higher accuracy, better precision in identifying true threats, improved recall for detecting a wider range of attacks, and a more balanced F1-score. This layered approach leverages the strengths of both RoBERTa and BERT, enabling more robust and reliable threat detection, with reduced false positives and false negatives compared to single-model implementations.
[1] A. Djenna, A. Bouridane, S. Rubab, and I. M. Marou, “Artificial Intelligence-Based Malware Detection, Analysis, and Mitigation,” Symmetry (Basel), vol. 15, no. 3, Mar. 2023, doi: 10.3390/sym15030677.
[2] Bishowjit Paul, Auvizit Sarker, Sarafat Hussain Abhi, Sajal Kumar Das, Md. Firoj Ali, Md Manirul Islam, Md. Robiul Islam, Sumaya Ishrat Moyeen, Md. Faisal Rahman Badal, Md. Hafiz Ahamed, Subrata Kumar Sarker, Prangon Das, Md. Mehedi Hasan, Nazmus Saqib, Potential smart grid vulnerabilities to cyber attacks: Current threats and existing mitigation strategies, Heliyon,vol.10, Issue 19,2024,e37980,ISSN 2405-8440,https://doi.org/10.1016/j.heliyon.2024.e37980.
[3] Petru-Cristian, Negrea. (2023). A Comprehensive Analysis of High-Impact Cybersecurity Incidents: Case Studies and Implications. 10.13140/RG.2.2.17461.65763.
[4] Mohd Javaid, Abid Haleem, Ravi Pratap Singh, Rajiv Suman, Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends, Cyber Security and Applications, Volume 1, 2023, 100016, ISSN 2772-9184, https://doi.org/10.1016/j.csa.2023.100016.
[5] M. Sepczuk, “Dynamic Web Application Firewall detection supported by Cyber Mimic Defense approach,” Journal of Network and Computer Applications, vol. 213, Apr. 2023, doi: 10.1016/j.jnca.2023.103596.
[6] P. Verma, T. Newe, G. D. O'Mahony, D. Brennan and D. O'Shea, "Toward a Unified Understanding of Cyber Resilience: Concepts, Strategies, and Future Directions," in IEEE Access, vol. 13, pp. 49945-49965, 2025, doi: 10.1109/ACCESS.2025.3551887.
[7] S. Zeadally, E. Adi, Z. Baig and I. A. Khan, "Harnessing Artificial Intelligence Capabilities to Improve Cybersecurity," in IEEE Access, vol. 8, pp. 23817-23837, 2020, doi: 10.1109/ACCESS.2020.2968045.
[8] F. Abdullayeva, “Cyber resilience and cyber security issues of intelligent cloud computing systems,” Results in Control and Optimization, vol. 12, Sep. 2023, doi: 10.1016/j.rico.2023.100268.
[9] Zafer, Nadia & Ali, Nadir. (2024). Cybersecurity Best Practices: Leveraging Machine Learning and Transfer Learning for Cyber Attack Detection. 10.13140/RG.2.2.22764.99205.
[10] M. Y. Shakor and M. Ibrahim Khaleel, "Modern Deep Learning Techniques for Big Medical Data Processing in Cloud," in IEEE Access, vol. 13, pp. 62005-62028, 2025, doi: 10.1109/ACCESS.2025.3556327.
[11] Zhu, Zhuangdi & Lin, Kaixiang & Jain, Anil & Zhou, Jiayu. (2023). Transfer Learning in Deep Reinforcement Learning: A Survey. IEEE transactions on pattern analysis and machine intelligence. PP. 10.1109/TPAMI.2023.3292075.
[12] A. A. Alhabshy, B. I. Hameed, and K. A. Eldahshan, “An Ameliorated Multiattack Network Anomaly Detection in Distributed Big Data System-Based Enhanced Stacking Multiple Binary Classifiers,” IEEE Access, vol. 10, pp. 52724–52743, 2022, doi: 10.1109/ACCESS.2022.3174482.
[13] Semary, Noura & Ahmed, Wesam & Amin, Khalid & Pławiak, Paweł & Hammad, Mohamed. (2023). Improving sentiment classification using a RoBERTa-based hybrid model. Frontiers in Human Neuroscience. 17. 10.3389/fnhum.2023.1292010.
[14] Devlin, Jacob & Chang, Ming-Wei & Lee, Kenton & Toutanova, Kristina. (2018). BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. 10.48550/arXiv.1810.04805.
[15] S. Challa, A. K. Das, P. Gope, N. Kumar, F. Wu, and A. V. Vasilakos, “Design and analysis of authenticated key agreement scheme in cloud-assisted cyber–physical systems,” Future Generation Computer Systems, vol. 108, pp. 1267–1286, Jul. 2020, doi: 10.1016/j.future.2018.04.019.
[16] Adebowale, Moruf & Lwin, Khin. (2019). Deep Learning with Convolutional Neural Network and Long Short-Term Memory for Phishing Detection. 10.1109/SKIMA47702.2019.8982427.
[17] Y. Xin et al., "Machine Learning and Deep Learning Methods for Cybersecurity," in IEEE Access, vol. 6, pp. 35365-35381, 2018, doi: 10.1109/ACCESS.2018.2836950.
[18] Dhanalakshmi, R., et al. (2020). Cybersecurity Challenges in Web Applications and Recent Developments. Journal of Ambient Intelligence and Humanized Computing.
[19] Almseidin, M., et al. (2017). Evaluation of Machine Learning Algorithms for Intrusion Detection System. Procedia Computer Science.
[20] Zhang, Y., et al. (2021). Deep Learning-Based Intrusion Detection with Semantic Feature Encoding for Cybersecurity. IEEE Access.
[21] Raff, E., et al. (2020). A Survey of Transformer-Based Models in Cybersecurity Applications. ACM Computing Surveys.
[22] Kumar, R., & Somani, G. (2021). Transfer Learning in Cybersecurity: A Survey. Computer Science Review.
[23] Li, Y., et al. (2022). An Intelligent Intrusion Detection Approach using Transfer Learning with Pretrained NLP Models. Computers & Security.
[24] Z. Azam, M. M. Islam and M. N. Huda, "Comparative Analysis of Intrusion Detection Systems and Machine Learning-Based Model Analysis Through Decision Tree," in IEEE Access, vol. 11, pp. 80348-80391, 2023, doi: 10.1109/ACCESS.2023.3296444.
[25] M. Khayat, E. Barka, M. Adel Serhani, F. Sallabi, K. Shuaib and H. M. Khater, "Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review," in IEEE Access, vol. 13, pp. 19162-19197, 2025, doi: 10.1109/ACCESS.2025.3532951.
[26] Siraj Uddin Qureshi, Jingsha He, Saima Tunio, Nafei Zhu, Ahsan Nazir, Ahsan Wajahat, Faheem Ullah, Abdul Wadud, Systematic review of deep learning solutions for malware detection and forensic analysis in IoT, Journal of King Saud University - Computer and Information Sciences, Vol 36, Issue 8, 2024, 102164, ISSN 1319-1578, https://doi.org/10.1016/j.jksuci.2024.102164.
[27] Mohamed, N. Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms. Knowl Inf Syst (2025). https://doi.org/10.1007/s10115-025-02429-y
[28] I. Ullah and Q. H. Mahmoud, "Design and Development of a Deep Learning-Based Model for Anomaly Detection in IoT Networks," in IEEE Access, vol. 9, pp. 103906-103926, 2021, doi: 10.1109/ACCESS.2021.3094024.
[29] Jamin Rahman Jim, Md Apon Riaz Talukder, Partha Malakar, Md Mohsin Kabir, Kamruddin Nur, M.F. Mridha, Recent advancements and challenges of NLP-based sentiment analysis: A state-of-the-art review, Natural Language Processing Journal, Vol 6, 2024, 100059, ISSN 2949-7191, https://doi.org/10.1016/j.nlp.2024.100059.
[30] Amjad Hussain, Ayesha Saadia, Faeiz M. Alserhani, Ransomware detection and family classification using fine-tuned BERT and RoBERTa models, Egyptian Informatics Journal, Volume 30, 2025, 100645, ISSN 1110-8665, https://doi.org/10.1016/j.eij.2025.100645.
[31] S. Rizvi, M. Scanlon, J. Mcgibney and J. Sheppard, "Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions," in IEEE Access, vol. 10, pp. 110362-110384, 2022, doi: 10.1109/ACCESS.2022.3214506.
[32] Ndatinya, Vivens & Xiao, Zhifeng & Manepalli, Vasudeva & Meng, Ke & Xiao, Yang. (2015). Network forensics analysis using Wireshark. International Journal of Security and Networks. 10. 91. 10.1504/IJSN.2015.070421.
[33] Alshamrani, A., Aledhari, M., Alabdulatif, A., & Alzahrani, B. (2021). A Deep Learning Approach for Anomaly Detection in System Logs Using CNN-LSTM. IEEE Access, 9, 48968–48983. https://doi.org/10.1109/ACCESS.2021.3068517.
[34] Kiran, R., Reddy, P. R., & Devi, K. S. (2022). An Ensemble Model for Intrusion Detection Using SVM and Random Forest. Procedia Computer Science, 199, 206–213. https://doi.org/10.1016/j.procs.2022.01.025.
[35] Li, Y., Wang, X., & Liu, Y. (2020). BERT-Based Log Analysis for Detection of Web Attacks. IEEE Transactions on Information Forensics and Security, 15, 4321–4330. https://doi.org/10.1109/TIFS.2020.2990310.
[36] Hindy, H., Brosset, D., Bayne, E., et al. (2022). A Machine Learning-Based Framework for IoT Intrusion Detection Using GRU and Attention Mechanisms. Computers & Security, 114, 102590. https://doi.org/10.1016/j.cose.2021.102590.
[37] Alharbi, A., Meziane, F., & Belkhouche, B. (2023). Log-Based Cyberattack Detection Using Fine-Tuned RoBERTa on RESTful APIs. Journal of Network and Computer Applications, 216, 103622. https://doi.org/10.1016/j.jnca.2023.103622.
Copyright (c) 2025 Edi Dwi Prasetyo,S.Kom (Author)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlikel 4.0 International (CC BY-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
