search

PositiveTechnologies / seq2seq-web-attack-detection

The implementation of the Seq2Seq model for web attack detection. The Seq2Seq model is usually used in Neural Machine Translation. The main goal of this project is to demonstrate the relevance of the NLP approach for web security.
MIT License
154 stars 60 forks source link

How can I deploy the model to my Java web project? #7

Open DuckDuckBug opened 5 years ago

DuckDuckBug commented 5 years ago

I want to deploy this model to my Java web project to detect web attack. I don't not the method Java can load the model. If I done, can this model detect the web attack of my website, shold I retrain the model using my websit's web log?

amurzina commented 5 years ago

Hi Actually, this is just proof of concept and not production ready version. So theoretically, you need just to load the trained model (see https://github.com/loretoparisi/tensorflow-java). Of course, you need to train on your typical requests.

But again, this solution is not production ready and need more complex applying to real web-service for protection.

But it will be awesome if you share with us results when you implement and get some performance.

DuckDuckBug commented 5 years ago

How amazing your experiment result is. I am trying to use a one class classifier to detect web attack and apply it to WAF. I find your training time is too long but the dataset is not that big. CSIC HTTP 2010 dataset is a public dataset, I attended to use it but gave up because of training time.I eager to find a practical method to web attack, if you have some idea about it, please tell me. Thank You!

------------------ 原始邮件 ------------------ 发件人: "sasha"notifications@github.com; 发送时间: 2018年11月24日(星期六) 下午3:28 收件人: "PositiveTechnologies/seq2seq-web-attack-detection"seq2seq-web-attack-detection@noreply.github.com; 抄送: "Wallfacer"2540979467@qq.com; "Author"author@noreply.github.com; 主题: Re: [PositiveTechnologies/seq2seq-web-attack-detection] How can Ideploy the model to my Java web project? (#7)

Hi Actually, this is just proof of concept and not production ready solution. So theoretically, you need just to load the trained model (see https://github.com/loretoparisi/tensorflow-java). Of course, you need to train on your typical requests.

But again, this is solution is not production ready and need more complex applying to real web-service for protection.

But it will be awesome if you share with us results when you implement and get some performance.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

amurzina commented 5 years ago

Which architecture have you used for one-class classifier? In the article (link in README.md) we describe our experiments and describe why we refused using classifiers at all. Which WAF do you develop?