The implementation of the Seq2Seq model for web attack detection. The Seq2Seq model is usually used in Neural Machine Translation. The main goal of this project is to demonstrate the relevance of the NLP approach for web security.
Clone or download
Latest commit 6f18988 Sep 4, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
checkpoints initial commit Aug 16, 2018
datasets initial commit Aug 16, 2018
slides add slides Aug 11, 2018
utils initial commit Aug 16, 2018
.gitignore initial commit Aug 16, 2018
LICENSE initial commit Aug 16, 2018
README.md Update README.md Sep 4, 2018
environment.yml Adds dockerization (#2) Aug 15, 2018
requirements.txt initial commit Aug 16, 2018
seq2seq.ipynb initial commit Aug 16, 2018

README.md

Seq2Seq for Web Attack Detection

This is the implementation of the Seq2Seq model for web attack detection. The Seq2Seq model is usually used in Neural Machine Translation. The main goal of this project is to demonstrate the relevance of the NLP approach for web security.

The problem of web attack detection is considered in terms of anomaly detection. On the training step the model is given only benign HTTP requests. On the testing step the model determines whether a received request is anomalous or not.

Check out our slides and a post at AI Village (DEFCON 26).

Model

The step-by-step solution is presented in seq2seq.ipynb that contains the main stages such as a model initialization, training, validation, prediction and results.

Unfortunately, github ui doesn't correctly visualize cell output with colored malicious parts of requests. So, we suggest to download the notebook or use this link for correctly displaying cells outputs.

Dataset

The dataset contains data with 21991 benign and 1097 anomalous HTTP requests from a banking application.

Running

Please make sure that you have the same requirements and python 2.7.*

This repository contains environment.yml so it can be dockerized using jupyter/repo2docker. We have already dockerized it for you and you can run this playbook by

docker run -it  -p 8888:8888 montekki/seq2seq-web-attack-detection:latest  jupyter notebook --ip=0.0.0.0

Authors