Abstarct: With the development of web networks, various types of attacks have been created for the purpose of exploitation. Some types of these attacks are known, but many of them are new and unknown. It is difficult to identify this type of attacks. WAFs are tools for detecting known attacks. WAFs are very effective against known attacks, while their performance degrades when it comes to detecting unknown ones. One way to detect unknown attacks is to use deep neural networks. Systems baxsed on anomaly detection and deep learning have also been designed to identify such attacks. These approaches are classified into two categories: supervised learning and unsupervised learning. Supervised approaches detect attacks by training on labeled attack samples. Hence, these approaches perform poorly against unobserved attacks. On the other hand, there are unsupervised approaches. These approaches perform better than supervised learning approaches against unseen ones. One problems of these approaches are the dependence of the model on the dictionary. The availability of these dictionaries is a challenge. In this thesis, an unsupervised learning approach is presented that solves the challenge of dictionary dependence. In this thesis, a system baxsed on the SVDD is presented and an approach for request decomposition by derivation tree is proposed, which eliminates the need for the network dependency on the dictionary. The solution proposed in this thesis was able to reach f1_score = 0.76. The FPR rate of this approach is less than 0.03, which has improved by 0.09 units compared to the previous methods..