1 research outputs found
DeepHTTP: Semantics-Structure Model with Attention for Anomalous HTTP Traffic Detection and Pattern Mining
In the Internet age, cyber-attacks occur frequently with complex types.
Traffic generated by access activities can record website status and user
request information, which brings a great opportunity for network attack
detection. Among diverse network protocols, Hypertext Transfer Protocol (HTTP)
is widely used in government, organizations and enterprises. In this work, we
propose DeepHTTP, a semantics structure integration model utilizing
Bidirectional Long Short-Term Memory (Bi-LSTM) with attention mechanism to
model HTTP traffic as a natural language sequence. In addition to extracting
traffic content information, we integrate structural information to enhance the
generalization capabilities of the model. Moreover, the application of
attention mechanism can assist in discovering critical parts of anomalous
traffic and further mining attack patterns. Additionally, we demonstrate how to
incrementally update the data set and retrain model so that it can be adapted
to new anomalous traffic. Extensive experimental evaluations over large traffic
data have illustrated that DeepHTTP has outstanding performance in traffic
detection and pattern discovery