Enhance URL Defacement Attack Detection Using Particle Swarm Optimization and Machine Learning

• Published in: Journal of Computational and Cognitive Engineering
• Main Authors: Almomani, Omar, Alsaaidah, Adeeb, Abu-Shareha, Ahmad Adel, Alzaqebah, Abdullah, Amin Almaiah, Mohammed, Shambour, Qusai
• Format: Journal Article
• Language: English
• Published: 29.08.2025
• ISSN: 2810-9570; 2810-9503; 2810-9503
• DOI: 10.47852/bonviewJCCE52024668

Uniform resource locator (URL) defacement attack can be defined as any cyberattack in which the attacker replaces the appearance or content of the targeted webpage with their own that is intended to disgrace, mislead, or malign the website. Detecting URL defacement attacks is significant to avoid breaching the security of the website content or its configuration files, modifying the file locations, templates, or attacks on the website environment and applications. A machine learning (ML) technique can be used to detect the defacement attack on any website with complex content and structure, as opposed to the classical techniques for detection, such as Diff comparison, Document Object model tree analysis, and checksum, which can only be applied to static websites. This article proposes a feature selection model based on particle swarm optimization with support vector machine, decision tree, random forest, Naive Bayes, and k-nearest neighbor ML classification algorithms. The proposed model aims to improve the URL defacement attack detection by selecting the best features from the ISCX-URL-2016 dataset. Then, the reduced set of features produced by the proposed model step is used as input to evaluate and compare the results of the used ML classifiers. The results showed that the proposed model has significantly reduced the features, regarding the classification's feature reduction, the random forest classifier outperformed other classifiers in terms of true positive rates, accuracy, precision, sensitivity, and F-measure, whereas the proposed model with random forest classifier has 99.21% True positive rates, 99.29% accuracy rate, 99.38% precision rate, 99.21% sensitivity rate, and 99.29% F-measure rate. In the future directions of this article, more research should be done on a variety of things, including varying and sophisticated techniques of altering the URL defacement since it would better calibrate the model for application in real-life situations.   Received: 28 October 2024 | Revised: 16 December 2024 | Accepted: 1 January 2025   Conflicts of Interest The authors declare that they have no conflicts of interest to this work.   Data Availability Statement The data that support the findings of this study are openly available in URL dataset (ISCX-URL2016) at: https://www.unb.ca/cic/datasets/url-2016.html.   Author Contribution Statement Omar Almomani: Conceptualization, Methodology, Software, Investigation, Writing – original draft, Supervision, Project administration. Adeeb Alsaaidah: Conceptualization, Formal analysis, Writing – original draft. Ahmad Adel Abu-Shareha: Methodology, Formal analysis, Investigation, Data curation, Writing – review & editing, Visualization. Abdullah Alzaqebah: Software, Resources, Data curation, Writing–review & editing, Visualization. Mohammed Amin Almaiah: Validation, Resources, Writing – original draft. Qusai Shambour: Resources, Writing – original draft