c1821dcbc4
Replace TrafficAutoEncoder (MSE reconstruction scoring) with TrafficNormalizingFlow (RealNVP via FrEIA, 4 affine coupling blocks, anomaly score = -log p(x)) for mathematically rigorous density estimation. Add SessionTransformer module producing 32-dimensional sequence embeddings from raw HTTP request sequences (path, method, timing) via a lightweight TransformerEncoder, replacing path_transition_entropy and cadence_cv features. Update thesis documentation sections 2.4.2b and 3.8 accordingly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Détection et Classification du Trafic HTTP Malveillant
Document technique — Avril 2026 — Version 4.0
Ce document est divisé en 9 parties :
| Fichier | Contenu | Lignes |
|---|---|---|
| 00_resume.md | Titre, résumé, table des matières | 75 |
| 01_introduction.md | Section 1 — Introduction, contexte, générations de défenses | 50 |
| 02_etat_de_lart.md | Section 2 — État de l'art (règles statiques, fingerprinting, ML) | 208 |
| 03_architecture.md | Section 3.1–3.8 — Architecture multi-couches, pipeline ML | 767 |
| 04_browser_matcher.md | Section 3.9 — Browser Signature Detection (browser_matcher) | 481 |
| 05_features.md | Section 4 — Taxonomie des 96 features (8 familles) | 682 |
| 06_techniques_avancees.md | Section 5 — Techniques comportementales avancées (§5.1–5.8) | 669 |
| 07_discussion_limites.md | Section 6 — Discussion, limites, scalabilité, RGPD | 207 |
| 08_conclusion_references.md | Sections 7–8 — Conclusion et références | 277 |