leon-adsk/http-anomaly-detection
1
1
Fork 0
Code Issues 3 Pull requests Projects 1 Releases Packages 1 Wiki Activity Actions
No description
40 commits 1 branch 0 tags 12 MiB
  • Go 55.3%
  • Python 23.9%
  • HTML 12.5%
  • Dockerfile 4.9%
  • Shell 3.4%
Find a file
Exact
Zitronekoma30 a69a767d89 add test client #14
2026-04-05 17:20:52 +02:00
model implement further threshold algorithms #12 2026-03-28 18:07:57 +01:00
server add test client #14 2026-04-05 17:20:52 +02:00
.gitignore implement further threshold algorithms #12 2026-03-28 18:07:57 +01:00
README.md Update README.md 2026-03-13 16:51:47 +00:00

README.md

HTTP Anomaly Detection

This project is a lightweight reverse proxy written in Go. The magic is that malicious requests are simply not accepted!

How does it work?

The idea is simple: we train an autoencoder on benign HTTP payloads, teaching it to compress the features of such a packet into a compact, reduced representation and then decode it to reproduce the original features. Decoding is not perfect, however; the more a payload differs from those found in the training data (benign packets) the worse the model will be at recomputing the original input.

This, by design, leads to a situation where regular, benign packets are reconstructed with very low error while malicious packets produce reconstructions that differ significantly from the input (high error). We can then use various methods for selecting an error threshold, where any packets that fall above this threshold (cannot be sufficiently decoded by the model) are rejected on suspicion of being malicious.

Threshold Selection

Bring Your Own Model