DeepHTTP: Semantics-Structure Model with Attention for Anomalous HTTP Traffic Detection and Pattern Mining

10/30/2018
by   Yuqi Yu, et al.
0

In the Internet age, cyber-attacks occur frequently with complex types. Traffic generated by access activities can record website status and user request information, which brings a great opportunity for network attack detection. Among diverse network protocols, Hypertext Transfer Protocol (HTTP) is widely used in government, organizations and enterprises. In this work, we propose DeepHTTP, a semantics structure integration model utilizing Bidirectional Long Short-Term Memory (Bi-LSTM) with attention mechanism to model HTTP traffic as a natural language sequence. In addition to extracting traffic content information, we integrate structural information to enhance the generalization capabilities of the model. Moreover, the application of attention mechanism can assist in discovering critical parts of anomalous traffic and further mining attack patterns. Additionally, we demonstrate how to incrementally update the data set and retrain model so that it can be adapted to new anomalous traffic. Extensive experimental evaluations over large traffic data have illustrated that DeepHTTP has outstanding performance in traffic detection and pattern discovery.

READ FULL TEXT
research
08/03/2021

HTTP2vec: Embedding of HTTP Requests for Detection of Anomalous Traffic

Hypertext transfer protocol (HTTP) is one of the most widely used protoc...
research
05/03/2022

Deep Sequence Modeling for Anomalous ISP Traffic Prediction

Internet traffic in the real world is susceptible to various external an...
research
05/09/2018

Sequence Aggregation Rules for Anomaly Detection in Computer Network Traffic

We evaluate methods for applying unsupervised anomaly detection to cyber...
research
01/28/2021

Website Fingerprinting on Early QUIC Traffic

Cryptographic protocols have been widely used to protect the user's priv...
research
11/11/2021

Catching Unusual Traffic Behavior using TF-IDF-based Port Access Statistics Analysis

Detecting the anomalous behavior of traffic is one of the important acti...
research
05/29/2018

Limitless HTTP in an HTTPS World: Inferring the Semantics of the HTTPS Protocol without Decryption

We present new analytic techniques for inferring HTTP semantics from pas...
research
11/17/2017

Discovery of Complex Anomalous Patterns of Sexual Violence in El Salvador

When sexual violence is a product of organized crime or social imaginary...

Please sign up or login with your details

Forgot password? Click here to reset