DeepHTTP: Semantics-Structure Model with Attention for Anomalous HTTP Traffic Detection and Pattern Mining

by   Yuqi Yu, et al.

In the Internet age, cyber-attacks occur frequently with complex types. Traffic generated by access activities can record website status and user request information, which brings a great opportunity for network attack detection. Among diverse network protocols, Hypertext Transfer Protocol (HTTP) is widely used in government, organizations and enterprises. In this work, we propose DeepHTTP, a semantics structure integration model utilizing Bidirectional Long Short-Term Memory (Bi-LSTM) with attention mechanism to model HTTP traffic as a natural language sequence. In addition to extracting traffic content information, we integrate structural information to enhance the generalization capabilities of the model. Moreover, the application of attention mechanism can assist in discovering critical parts of anomalous traffic and further mining attack patterns. Additionally, we demonstrate how to incrementally update the data set and retrain model so that it can be adapted to new anomalous traffic. Extensive experimental evaluations over large traffic data have illustrated that DeepHTTP has outstanding performance in traffic detection and pattern discovery.



There are no comments yet.


page 9


HTTP2vec: Embedding of HTTP Requests for Detection of Anomalous Traffic

Hypertext transfer protocol (HTTP) is one of the most widely used protoc...

Deep Sequence Modeling for Anomalous ISP Traffic Prediction

Internet traffic in the real world is susceptible to various external an...

Sequence Aggregation Rules for Anomaly Detection in Computer Network Traffic

We evaluate methods for applying unsupervised anomaly detection to cyber...

Limitless HTTP in an HTTPS World: Inferring the Semantics of the HTTPS Protocol without Decryption

We present new analytic techniques for inferring HTTP semantics from pas...

Catching Unusual Traffic Behavior using TF-IDF-based Port Access Statistics Analysis

Detecting the anomalous behavior of traffic is one of the important acti...

Website Fingerprinting on Early QUIC Traffic

Cryptographic protocols have been widely used to protect the user's priv...

Discovery of Complex Anomalous Patterns of Sexual Violence in El Salvador

When sexual violence is a product of organized crime or social imaginary...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.