Toward trustworthy web attack detection: An uncertainty-aware ensemble deep kernel learning model

Web attacks are one of the major and most persistent forms of cyber threats, which bring huge costs and losses to web application-based businesses. Various detection methods, such as signature-based, machine learning–based, and deep learning–based, have been proposed to identify web attacks. However, these methods either (1) heavily rely on accurate and complete rule design and feature engineering, which may not adapt to fast-evolving attacks, or (2) fail to estimate model uncertainty, which is essential to the trustworthiness of the prediction made by the model. In this study, we adopt the computational design science paradigm to develop an Uncertainty-aware Ensemble Deep Kernel Learning (UEDKL) model to detect web attacks from HTTP request payload data. Our design is guided by two principles: (1) combining model uncertainty from both data distribution and model parameter perspectives to provide a more comprehensive measure of model reliability, and (2) employing an ensemble approach with an attention mechanism to dynamically integrate base learners’ predictions and uncertainty estimates. Furthermore, we proposed a new metric named High Uncertainty Ratio-F Score Curve to evaluate model uncertainty estimation. Experiments on BDCI and SRBH datasets demonstrated that the proposed UEDKL framework yields significant improvement in both web attack detection performance and uncertainty estimation quality compared to benchmark models. © 2026 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.