• Stars
    star
    151
  • Rank 246,057 (Top 5 %)
  • Language
    Jupyter Notebook
  • License
    MIT License
  • Created about 6 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The implementation of the Seq2Seq model for web attack detection. The Seq2Seq model is usually used in Neural Machine Translation. The main goal of this project is to demonstrate the relevance of the NLP approach for web security.

Seq2Seq for Web Attack Detection

This is the implementation of the Seq2Seq model for web attack detection. The Seq2Seq model is usually used in Neural Machine Translation. The main goal of this project is to demonstrate the relevance of the NLP approach for web security.

The problem of web attack detection is considered in terms of anomaly detection. On the training step the model is given only benign HTTP requests. On the testing step the model determines whether a received request is anomalous or not.

Check out our slides and a post at AI Village (DEFCON 26).

Model

The step-by-step solution is presented in seq2seq.ipynb that contains the main stages such as a model initialization, training, validation, prediction and results.

Unfortunately, github ui doesn't correctly visualize cell output with colored malicious parts of requests. So, we suggest to download the notebook or use this link for correctly displaying cells outputs.

Dataset

The dataset contains data with 21991 benign and 1097 anomalous HTTP requests from a banking application.

Running

Please make sure that you have the same requirements and python 2.7.*

This repository contains environment.yml so it can be dockerized using jupyter/repo2docker. We have already dockerized it for you and you can run this playbook by

docker run -it  -p 8888:8888 montekki/seq2seq-web-attack-detection:latest  jupyter notebook --ip=0.0.0.0

Authors

More Repositories

1

ghidra_nodejs

GHIDRA plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries
Java
294
star
2

flower

Flower is a Clojure (and Emacs) library for integration with Github, Gitlab, Atlassian Jira, Microsoft TFS, Microsoft Exchange and Slack. It also may be used from Java. More integrations with task trackers, repositories and messaging systems coming soon!
Clojure
130
star
3

PT.PM

▪️ An engine for searching patterns in the source code, based on Unified AST or UST. At present time C#, Java, PHP, PL/SQL, T-SQL, MySql, and JavaScript are supported. Patterns can be described within the code or using a DSL.
C#
59
star
4

PT.Doc

📖 Positive Technologies public docs (English & Russian)
TeX
49
star
5

libfpta

Ultra fast, compact, Embedded Database for tabular and semistructured data.
C++
35
star
6

t1ha

Fast Positive Hash - just the fastest portable hash function.
C
34
star
7

libfptu

One of the fastest binary format for JSON-like data.
C++
13
star
8

AspxParser

Aspx files (aspx, ascx, etc.) parser.
C#
9
star
9

shockfish

Python
8
star
10

PT.Config

Utility for checking security of web applications and web servers configuration.
Python
8
star
11

SocksFusion

PTBBS forwarding agent
Haskell
8
star
12

FP-community-rules

7
star
13

PT.SourceStats

Utility for statistics collection for different projects. C#, Java and PHP supported for now.
C#
7
star
14

DOMSanitizer

JavaScript
6
star
15

DebugExamples

A bunch of C# projects to illustrate debugging with SOS and SosEx
C#
6
star
16

DOMParanoid

JavaScript
5
star
17

ptaiPlugins

Java
4
star
18

mantaray

A training asbtract interpretation engine for a subset of the C programming language
Python
3
star
19

shockfish.js

JavaScript
2
star
20

angine

Python
1
star
21

ptaf-scripts

Some scripts that may be used in PT AF usage or integration process.
1
star
22

keyutil

C
1
star