Abstract

We propose an intrusion detection system (NLPIDS) that utilizes natural language processing and ensemble-based machine learning. The proposed NLPIDS converts natural language HTTP requests into vectors which are then used to train several supervised and ensemble-based machine learning models. The trained models are then used to detect anomalous traffic. We validated our method using HTTP DATASET CSIC 2010. The results show the efficacy of the NLPIDS by producing better F1-score (0.999) and negligible false alarms (0.007) compared to existing methods. The NLPIDS does not depend on attack methods and feature vectors.