Neural Analysis of HTTP Traffic for Web Attack Detection

  • David AtienzaEmail author
  • Álvaro Herrero
  • Emilio Corchado
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 369)


Hypertext Transfer Protocol (HTTP) is the cornerstone for information exchanging over the World Wide Web by a huge variety of devices. It means that a massive amount of information travels over such protocol on a daily basis. Thus, it is an appealing target for attackers and the number of web attacks has increased over recent years. To deal with this matter, neural projection architectures are proposed in present work to analyze HTTP traffic and detect attacks over such protocol. By the advanced and intuitive visualization facilities obtained by neural models, the proposed solution allows providing an overview of HTTP traffic as well as identifying anomalous situations, responding to the challenges presented by volume, dynamics and diversity of that traffic. The applied dimensionality reduction based on Neural Networks, enables the most interesting projections of an HTTP traffic dataset to be extracted.


Intrusion detection HTTP Artificial neural networks Exploratory projection pursuit 


  1. 1.
    Myerson, J.M.: Identifying enterprise network vulnerabilities. Int. J. Network Manage 12(3), 135–144 (2002)CrossRefGoogle Scholar
  2. 2.
    Fielding, R., Reschke, J.: Hypertext transfer protocol (HTTP/1.1): message syntax and routing. IETF RFC 7230 (2014)Google Scholar
  3. 3.
    Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Berners-Lee, T.: Hypertext transfer protocol – HTTP/1.1. IETF RFC 2068 (1997)Google Scholar
  4. 4.
    Crist, J.: Web based attacks. SANS institute - infosec reading room (2007)Google Scholar
  5. 5.
    Ponemon Institute - Cost of Cyber Crime Study (2014)Google Scholar
  6. 6.
    Kaspersky Security Bulletin 2014 (2014)Google Scholar
  7. 7.
    Pastrana, S., Torrano-Gimenez, C., Nguyen, H., Orfila, A.: Anomalous web payload detection: evaluating the resilience of 1-grams based classifiers. In: Camacho, D., Braubach, L., Venticinque, S., Badica, C. (eds.) Intelligent Distributed Computing VIII, vol. 570, pp. 195–200. Springer International Publishing (2015)Google Scholar
  8. 8.
    Choraś, M., Kozik, R.: Machine learning techniques applied to detect cyber attacks on web applications. Logic J. IGPL 23(1), 45–56 (2014)CrossRefGoogle Scholar
  9. 9.
    Corchado, E., Herrero, Á.: Neural visualization of network traffic data for intrusion detection. Appl. Soft. Comput. 11(2), 2042–2056 (2011)CrossRefGoogle Scholar
  10. 10.
    Pinzón, C.I., De Paz, J.F., Herrero, Á., Corchado, E., Bajo, J., Corchado, J.M.: idMAS-SQL: intrusion detection based on MAS to detect and block SQL injection through data mining. Inf. Sci. 231, 15–31 (2013)CrossRefGoogle Scholar
  11. 11.
    Herrero, Á., Zurutuza, U., Corchado, E.: A neural-visualization IDS for honeynet data. Int. J. Neural Syst. 22(2), 1–18 (2012)CrossRefGoogle Scholar
  12. 12.
    D’Amico, A.D., Goodall, J.R., Tesone, D.R., Kopylec, J.K.: Visual discovery in computer network defense. IEEE Comput. Graphics Appl. 27(5), 20–27 (2007)CrossRefGoogle Scholar
  13. 13.
    The MathWorks, Inc., Natick, Massachusetts, United States.: MATLAB (2014)Google Scholar
  14. 14.
    Demartines, P., Herault, J.: Curvilinear component analysis: a self-organizing neural network for nonlinear mapping of data sets. IEEE Trans. Neural Networks 8(1), 148–154 (1997)CrossRefGoogle Scholar
  15. 15.
    Pearson, K.: On lines and planes of closest fit to systems of points in space. Phil. Mag. 2(6), 559–572 (1901)CrossRefGoogle Scholar
  16. 16.
    Hotelling, H.: Analysis of a complex of statistical variables into principal components. J. Educ. Psychol. 24, 417–444 (1933)CrossRefGoogle Scholar
  17. 17.
    Oja, E.: Principal components, minor components, and linear neural networks. Neural Networks 5(6), 927–935 (1992)CrossRefGoogle Scholar
  18. 18.
    Fyfe, C.: A neural network for PCA and beyond. Neural Process. Lett. 6(1–2), 33–41 (1997)CrossRefMathSciNetGoogle Scholar
  19. 19.
    Corchado, E., Fyfe, C.: Connectionist techniques for the identification and suppression of interfering underlying factors. Int. J. Pattern Recognit Artif Intell. 17(8), 1447–1466 (2003)CrossRefGoogle Scholar
  20. 20.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and minimum likelihood hebbian learning for exploratory projection pursuit. Data Min. Knowl. Disc. 8(3), 203–225 (2004)CrossRefMathSciNetGoogle Scholar
  21. 21.
    Fyfe, C., Corchado, E.: Maximum likelihood hebbian rules. In: 10th European Symposium on Artificial Neural Networks (ESANN 2002), pp. 143–148 (2002)Google Scholar
  22. 22.
    Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990)CrossRefGoogle Scholar
  23. 23.
    Ritter, H., Martinetz, T., Schulten, K.: Neural Computation and Self-Organizing Maps; An Introduction. Addison-Wesley Longman Publishing Co., Inc., Chicago (1992)Google Scholar
  24. 24.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • David Atienza
    • 1
    Email author
  • Álvaro Herrero
    • 1
  • Emilio Corchado
    • 2
  1. 1.Department of Civil EngineeringUniversity of Burgos Spain C/Francisco de Vitoria s/nBurgosSpain
  2. 2.Departamento de Informática y AutomáticaUniversidad de SalamancaSalamancaSpain

Personalised recommendations