{"id":"https://openalex.org/W3121486149","doi":"https://doi.org/10.1007/978-981-33-4922-3_11","title":"DeepHTTP: Anomalous HTTP Traffic Detection and Malicious Pattern Mining Based on Deep Learning","display_name":"DeepHTTP: Anomalous HTTP Traffic Detection and Malicious Pattern Mining Based on Deep Learning","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3121486149","doi":"https://doi.org/10.1007/978-981-33-4922-3_11","mag":"3121486149"},"language":"en","primary_location":{"id":"doi:10.1007/978-981-33-4922-3_11","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-981-33-4922-3_11","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-981-33-4922-3_11.pdf","source":{"id":"https://openalex.org/S2764900261","display_name":"Communications in computer and information science","issn_l":"1865-0929","issn":["1865-0929","1865-0937"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Communications in Computer and Information Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007%2F978-981-33-4922-3_11.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054847505","display_name":"Yuqi Yu","orcid":"https://orcid.org/0000-0001-6226-1554"},"institutions":[{"id":"https://openalex.org/I4210087772","display_name":"National Computer Network Emergency Response Technical Team/Coordination Center of Chinar","ror":"https://ror.org/00247dh76","country_code":"CN","type":"nonprofit","lineage":["https://openalex.org/I4210087772"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yuqi Yu","raw_affiliation_strings":["National Computer Network Emergency Response Technical Team/Coordination Center of China, Chaoyang District, Beijing, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Emergency Response Technical Team/Coordination Center of China, Chaoyang District, Beijing, China","institution_ids":["https://openalex.org/I4210087772"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103818589","display_name":"Hanbing Yan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210087772","display_name":"National Computer Network Emergency Response Technical Team/Coordination Center of Chinar","ror":"https://ror.org/00247dh76","country_code":"CN","type":"nonprofit","lineage":["https://openalex.org/I4210087772"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hanbing Yan","raw_affiliation_strings":["CNCERT/CC, Beijing, China","National Computer Network Emergency Response Technical Team/Coordination Center of China, Chaoyang District, Beijing, China"],"affiliations":[{"raw_affiliation_string":"CNCERT/CC, Beijing, China","institution_ids":["https://openalex.org/I4210087772"]},{"raw_affiliation_string":"National Computer Network Emergency Response Technical Team/Coordination Center of China, Chaoyang District, Beijing, China","institution_ids":["https://openalex.org/I4210087772"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089761627","display_name":"Yuan Ma","orcid":"https://orcid.org/0000-0002-4794-5496"},"institutions":[{"id":"https://openalex.org/I4210157972","display_name":"Chongqing Municipal Government","ror":"https://ror.org/05ct91r78","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210157972"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuan Ma","raw_affiliation_strings":["Chongqing Municipal Public Security Bureau, Yuzhong District Branch, Chongqing, China"],"affiliations":[{"raw_affiliation_string":"Chongqing Municipal Public Security Bureau, Yuzhong District Branch, Chongqing, China","institution_ids":["https://openalex.org/I4210157972"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100397092","display_name":"Hao Zhou","orcid":"https://orcid.org/0009-0009-3536-7623"},"institutions":[{"id":"https://openalex.org/I4210087772","display_name":"National Computer Network Emergency Response Technical Team/Coordination Center of Chinar","ror":"https://ror.org/00247dh76","country_code":"CN","type":"nonprofit","lineage":["https://openalex.org/I4210087772"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hao Zhou","raw_affiliation_strings":["National Computer Network Emergency Response Technical Team/Coordination Center of China, Chaoyang District, Beijing, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Emergency Response Technical Team/Coordination Center of China, Chaoyang District, Beijing, China","institution_ids":["https://openalex.org/I4210087772"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047258302","display_name":"Hongchao Guan","orcid":null},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongchao Guan","raw_affiliation_strings":["Beijing University of Posts and Telecommunications, Haidian District, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing University of Posts and Telecommunications, Haidian District, Beijing, China","institution_ids":["https://openalex.org/I139759216"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5054847505"],"corresponding_institution_ids":["https://openalex.org/I4210087772"],"apc_list":null,"apc_paid":null,"fwci":1.0784,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.79861924,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"141","last_page":"161"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hypertext-transfer-protocol","display_name":"Hypertext Transfer Protocol","score":0.8227903246879578},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8008096218109131},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.7693387269973755},{"id":"https://openalex.org/keywords/discriminative-model","display_name":"Discriminative model","score":0.6007946729660034},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.48878738284111023},{"id":"https://openalex.org/keywords/generalization","display_name":"Generalization","score":0.46849140524864197},{"id":"https://openalex.org/keywords/traffic-classification","display_name":"Traffic classification","score":0.44958096742630005},{"id":"https://openalex.org/keywords/airfield-traffic-pattern","display_name":"Airfield traffic pattern","score":0.44511353969573975},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.43988552689552307},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4310632646083832},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4238804578781128},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4173871874809265},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3577868640422821},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.3448643684387207},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3381456732749939},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2505449652671814}],"concepts":[{"id":"https://openalex.org/C149672775","wikidata":"https://www.wikidata.org/wiki/Q8777","display_name":"Hypertext Transfer Protocol","level":3,"score":0.8227903246879578},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8008096218109131},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.7693387269973755},{"id":"https://openalex.org/C97931131","wikidata":"https://www.wikidata.org/wiki/Q5282087","display_name":"Discriminative model","level":2,"score":0.6007946729660034},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.48878738284111023},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.46849140524864197},{"id":"https://openalex.org/C169988225","wikidata":"https://www.wikidata.org/wiki/Q7832484","display_name":"Traffic classification","level":3,"score":0.44958096742630005},{"id":"https://openalex.org/C204673680","wikidata":"https://www.wikidata.org/wiki/Q1628107","display_name":"Airfield traffic pattern","level":2,"score":0.44511353969573975},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.43988552689552307},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4310632646083832},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4238804578781128},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4173871874809265},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3577868640422821},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3448643684387207},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3381456732749939},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2505449652671814},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/978-981-33-4922-3_11","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-981-33-4922-3_11","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-981-33-4922-3_11.pdf","source":{"id":"https://openalex.org/S2764900261","display_name":"Communications in computer and information science","issn_l":"1865-0929","issn":["1865-0929","1865-0937"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Communications in Computer and Information Science","raw_type":"book-chapter"}],"best_oa_location":{"id":"doi:10.1007/978-981-33-4922-3_11","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-981-33-4922-3_11","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-981-33-4922-3_11.pdf","source":{"id":"https://openalex.org/S2764900261","display_name":"Communications in computer and information science","issn_l":"1865-0929","issn":["1865-0929","1865-0937"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Communications in Computer and Information Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"score":0.6700000166893005,"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3121486149.pdf","grobid_xml":"https://content.openalex.org/works/W3121486149.grobid-xml"},"referenced_works_count":56,"referenced_works":["https://openalex.org/W70584117","https://openalex.org/W605583246","https://openalex.org/W1498436455","https://openalex.org/W1507388815","https://openalex.org/W1510820885","https://openalex.org/W1514535095","https://openalex.org/W1594536929","https://openalex.org/W1655425503","https://openalex.org/W1673310716","https://openalex.org/W1682762363","https://openalex.org/W1902237438","https://openalex.org/W1930624869","https://openalex.org/W1966489463","https://openalex.org/W1977519794","https://openalex.org/W2038571043","https://openalex.org/W2054543351","https://openalex.org/W2064675550","https://openalex.org/W2076758681","https://openalex.org/W2078396547","https://openalex.org/W2083612784","https://openalex.org/W2096152098","https://openalex.org/W2100594342","https://openalex.org/W2116065364","https://openalex.org/W2118931532","https://openalex.org/W2119821739","https://openalex.org/W2121990650","https://openalex.org/W2131744502","https://openalex.org/W2131774270","https://openalex.org/W2133564696","https://openalex.org/W2144354855","https://openalex.org/W2144936818","https://openalex.org/W2146729596","https://openalex.org/W2147191819","https://openalex.org/W2152800262","https://openalex.org/W2164210932","https://openalex.org/W2166870846","https://openalex.org/W2295598076","https://openalex.org/W2295822884","https://openalex.org/W2340896621","https://openalex.org/W2402268235","https://openalex.org/W2501244995","https://openalex.org/W2517194566","https://openalex.org/W2690721124","https://openalex.org/W2735674392","https://openalex.org/W2767094836","https://openalex.org/W2772124517","https://openalex.org/W2787538540","https://openalex.org/W2795175906","https://openalex.org/W2901745180","https://openalex.org/W2950178297","https://openalex.org/W2953022181","https://openalex.org/W3009746682","https://openalex.org/W3099136959","https://openalex.org/W3102476541","https://openalex.org/W3138598418","https://openalex.org/W6623517193"],"related_works":["https://openalex.org/W4388427931","https://openalex.org/W2141958076","https://openalex.org/W4233316175","https://openalex.org/W3121486149","https://openalex.org/W2621166905","https://openalex.org/W4320481191","https://openalex.org/W4293235286","https://openalex.org/W1640553200","https://openalex.org/W2765498144","https://openalex.org/W2904675738"],"abstract_inverted_index":{"Abstract":[0],"Hypertext":[1],"Transfer":[2],"Protocol":[3],"(HTTP)":[4],"accounts":[5],"for":[6,34],"a":[7,122],"large":[8],"portion":[9],"of":[10,17,76,116],"Internet":[11],"application-layer":[12],"traffic.":[13],"Since":[14],"the":[15,68,77,103,108,113,117],"payload":[16],"HTTP":[18,31,46],"traffic":[19,33,47,63,78,137],"can":[20,101],"record":[21],"website":[22],"status":[23],"and":[24,106,139],"user":[25],"request":[26],"information,":[27],"many":[28],"studies":[29],"use":[30],"protocol":[32],"web":[35],"application":[36],"attack":[37],"detection.":[38],"In":[39],"this":[40,57,119],"work,":[41],"we":[42],"propose":[43],"DeepHTTP,":[44],"an":[45,132],"detection":[48,64,81],"framework":[49,58],"based":[50,88],"on":[51,89],"deep":[52,69],"learning.":[53],"Unlike":[54],"previous":[55],"studies,":[56],"not":[59],"only":[60],"performs":[61],"malicious":[62,74,136],"but":[65],"also":[66],"uses":[67],"learning":[70],"model":[71,82],"to":[72],"mine":[73],"fields":[75],"payload.":[79],"The":[80,98],"is":[83,87],"called":[84],"AT-Bi-LSTM,":[85],"which":[86],"Bidirectional":[90],"Long":[91],"Short-Term":[92],"Memory":[93],"(Bi-LSTM)":[94],"with":[95],"attention":[96,99],"mechanism.":[97],"mechanism":[100],"improve":[102],"discriminative":[104],"ability":[105,115],"make":[107],"result":[109],"interpretable.":[110],"To":[111],"enhance":[112],"generalization":[114],"model,":[118],"paper":[120],"proposes":[121],"novel":[123],"feature":[124],"extraction":[125],"method.":[126],"Experiments":[127],"show":[128],"that":[129],"DeepHTTP":[130],"has":[131],"excellent":[133],"performance":[134],"in":[135],"discrimination":[138],"pattern":[140],"mining.":[141]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}