Abstract

Recently, cyber-attacks with complex types have occurred more frequently than before, while communication traffic provides a clue to probe anomalous network behaviors. Therefore, how to detect malicious network attacks from large scale communication traffic in a timely manner and grasp their attack characteristics is a major challenge for website security. Since the content of the network traffic complies with strict writing specifications and structural standards, it is usually modeled and analyzed as natural language. In this paper, we propose a deep neural network model utilizing Bidirectional Long Short-Term Memory (Bi-LSTM) with attention mechanism to model HTTP traffic as a natural language sequence. The application of attention mechanism can assist in detecting anomalous traffic and discovering critical parts of anomalous traffic. Extensive experiments over large traffic data have illustrated that the proposed model has outstanding performance in malicious HTTP traffic detection.