Zero Trust: Deep Learning and NLP for HTTP Anomaly Detection in IDS

Web applications have become integral to daily life due to the migration of applications and data to cloud-based platforms, increasing their vulnerability to attacks. This paper addresses the need for robust intrusion detection systems by proposing a system grounded in Zero Trust architecture, which mandates continuous monitoring and multi-layered defenses. The Zero Trust principles ensure ongoing threat assessment and comprehensive protection against various attack vectors. Building on these foundational Zero Trust principles, our study introduces a system designed to not only distinguish normal HTTP requests from well-known attack patterns but also detect emerging types of anomalous attacks. Our system consists of two models that integrate Natural Language Processing approaches, Deep Learning techniques, and Transfer Learning strategies. The first model is employed to detect new anomalous HTTP requests that differ from normal requests. HTTP requests identified as anomalous are transmitted to the second model in charge of classifying specific categories of both well-known and novel attacks. Experiments show that our end-to-end system achieves the average F1-score of 89% on the combination of the CAPEC dataset and the zero-shot CSIC dataset. The proposed system proves also to be able to identify anomalous requests with a minimal latency of 4.8 milliseconds in production settings.