Abstract:With the wide deployment of edge devices, a variety of emerging applications have been deployed at the edge of network. To guarantee the safe and efficient operations of the edge applications, especially the extensive web applications, it is important and challenging to detect packet payload anomalies, which can be expressed as a number of specific strings that may cause attacks. Although some approaches have achieved remarkable progress, they are with limited applications since these approaches are dependent on in-depth expert knowledge, e.g., signatures describing anomalies or communication protocol at the application level. Moreover, they might fail to detect the payload anomalies that may have long-term dependency relationships at the edge of network. To overcome these limitations and adaptively detect anomalies from packet payloads, we propose a deep learning based framework which does not rely on any in-depth expert knowledge and is capable of detecting anomalies that have long-term dependency relationships. The proposed framework consists of two parts. First, a novel block sequence construction method is proposed to obtain a valid expression of a payload. The block sequence could encapsulate both the high-dimension information and the underlying sequential information which facilitate the anomaly detection. Secondly, we design a detection model to learn two different dependency relationships within the block sequence, which is based on Long Short-Term Memory (LSTM), Convolutional Neural Networks (CNN) and Multi-head Self Attention Mechanism. Furthermore, we cast the anomaly detection as a classification problem and employ a classifier with attention mechanism to integrate information and detect anomalies. Extensive experimental results on three public datasets indicate that our model could achieve a higher detection rate, while keeping a lower false positive rate compared with two traditional machine learning methods and three state-of-the-art methods.

Deep anomaly detection in packet payload

Packet Payload Based Anomalous Network Intrusion Detection

Detecting Anomalies In Encrypted Traffic Via Deep Dictionary Learning

Attentional Payload Anomaly Detector For Web Applications

ADSAD: An unsupervised attention-based discrete sequence anomaly detection framework for network security analysis

Anomaly-Based Web Attack Detection: A Deep Learning Approach

An Improved Payload-Based Anomaly Detector for Web Applications.

Anomalous Payload Detection System Using Analysis of Frequent Sequential Pattern

Research of Anomaly detection based on Dynamic Anomaly Detection Enhancement Framework

Attention-based Encoder-Decoder Recurrent Neural Networks for HTTP Payload Anomaly Detection

DeepWindow: an Efficient Method for Online Network Traffic Anomaly Detection

Anomaly Residual Prediction with Spatial-Temporal and Perceptual Constraints

Word Embedding-based Context-sensitive Network Flow Payload Anomaly Detection

Anomaly detection in ad-hoc networks based on deep learning model: A plug and play device

A traffic anomaly detection approach based on unsupervised learning for industrial cyber-physical system

A Hybrid Deep Learning Anomaly Detection Framework for Intrusion Detection

Deep Video Anomaly Detection: Opportunities and Challenges

Deep Anomaly Detection for Time-Series Data in Industrial IoT: A Communication-Efficient On-Device Federated Learning Approach

Anomaly-Based Web Attack Detection

Detection Network Anomalies Based on Packet and Flow Analysis

Anomaly Detection of Streaming Data Based on Deep Learning