Cyber Attack Classification Using Random Forests in Online Learning System Network Infrastructure

Abstract

Eldiru Unsoed and various other academic information systems are important digital assets that are susceptible to cyberattacks, and traditional rule-based Web application firewalls have detection flaws. It has been demonstrated that the typical ModSecurity system with Core Rule Set (CRS) only has a recall of 5.34%, meaning it misses most real assaults and leaves security holes. To address this issue, this paper creates a detecting system based on the Random Forest algorithm. The Eldiru Unsoed system's Nginx server logs from December 2024 to January 2025 provided the majority of the training data, which was then verified using the publicly available CSIC 2010 dataset. The model was created by developing hybrid features that incorporated lexical analysis, CRS rule context, and N-grams to categorize online traffic based on the log analysis. According to the assessment findings, the suggested Machine Learning-Random Forest (ML-RF) model increases F1-Score from 10.10% to 80.00% and recall from 5.34% to 72.00%. While keeping precision at 91.00%, this improvement in metrics shows that machine learning integration results in a more balanced and dependable cyber defense system to handle the difficulties of contemporary threat detection in safeguarding digital assets.