<![CDATA[The research presents a stacking-based hybrid intrusion detection framework for web application attacks, addressing the persistent limitation that minority classes, including Brute Force, Cross-Site Scripting (XSS), and Structured Query Language (SQL) Injection, are frequently underdetected in conventional Intrusion Detection Systems (IDS) due to severe class imbalance. The proposed architecture combines LightGBM and Random Forest as base learners, while a Multi-Layer Perceptron (MLP) functions as the meta-learner. The framework is supported by rigorous preprocessing, ANOVA F-testbased feature selection, and domain-informed augmentation of critical traffic features, such as Flow Inter-Arrival Time (IAT) Min, Init Win bytes forward, and Backward (Bwd) Packets/s, through optimized weighting strategies. Evaluation on the CICIDS-2017 web attack subset using 10-fold stratified cross-validation shows that the proposed model improves the macro F1-Score from 0.62 ± 0.004 to 0.76 ± 0.003 and achieves a binary accuracy of 99.67% with a macro F1 of 0.94. The observed performance gains are statistically significant (p < 0.001), confirming the robustness of the framework. These findings indicate that targeted feature engineering and heterogeneous stacking substantially improve minority-attack detection while preserving majority-class performance. In addition, the framework demonstrates sub-millisecond inference time, highlighting its practical suitability for real-time IDS deployment in resource-constrained and high-throughput operational cybersecurity environments. The proposed design also offers methodological generalizability for broader anomaly detection tasks in dynamic network environments, where reliable recognition of low-frequency but high-impact attack patterns remains increasingly critically important.]]>
