Deep anomaly detection in packet payload

With the wide deployment of edge devices, a variety emerging applications have been deployed at network. To guarantee safe and efficient operations applications, especially extensive web it is important challenging to detect packet payload anomalies, which can be expressed as number specific strings that may cause attacks. Although some approaches achieved remarkable progress, they are with limited since these dependent on in-depth expert knowledge, e.g., signatures describing anomalies or communication protocol application level. Moreover, might fail long-term dependency relationships overcome limitations adaptively from payloads, we propose deep learning based framework does not rely any knowledge capable detecting relationships. The proposed consists two parts. First, novel block sequence construction method obtain valid expression payload. could encapsulate both high-dimension information underlying sequential facilitate anomaly detection. Secondly, design detection model learn different within sequence, Long Short-Term Memory (LSTM), Convolutional Neural Networks (CNN) Multi-head Self Attention Mechanism. Furthermore, cast classification problem employ classifier attention mechanism integrate anomalies. Extensive experimental results three public datasets indicate our achieve higher rate, while keeping lower false positive rate compared traditional machine methods state-of-the-art methods.