A tool used to generate the CIC-IDS2017 dataset. Takes an input pcap or network interface and outputs csv containing 80 features related to network flow statistics.
Depends on a depricated jnetpcap java app, need to build in an environment with correct dependencies.
PCAPs as well as CSVs containing labeled data (CICFlowMeter output)
5 seperate days of network traffic, contains a mix of known exploits and benign. Orginal dataset is about ~10GB of pcap per day, use a reduced sample for training
Label | |
---|---|
BENIGN | 22731 |
DoS | 19035 |
PortScan | 7946 |
BruteForce | 2767 |
WebAttack | 2180 |
Bot | 1966 |
Infiltration | 36 |
Forked from Western-OC2-Lab/Intrusion-Detection-System-Using-Machine-Learning
Accuracy of XGBoost | 0.9955555555555555 |
Precision of XGBoost | 0.9957643745143745 |
Recall of XGBoost | 0.9955555555555555 |
F1-score of XGBoost | 0.9954610536001841 |
precision | recall | f1-score | support | |
---|---|---|---|---|
0 | 0.95 | 0.88 | 0.91 | 24 |
1 | 1.00 | 1.00 | 1.00 | 394 |
2 | 1.00 | 0.75 | 0.86 | 4 |
3 | 0.92 | 1.00 | 0.96 | 24 |
4 | 0.88 | 1.00 | 0.93 | 7 |
5 | 1.00 | 1.00 | 1.00 | 11 |
6 | 1.00 | 1.00 | 1.00 | 436 |
accuracy | 1.00 | 900 | ||
macro avg | 0.96 | 0.95 | 0.95 | 900 |
weighted avg | 1.00 | 1.00 | 1.00 | 900 |
precision | recall | f1-score | support | |
---|---|---|---|---|
0 | 0.00 | 0.00 | 0.00 | 8 |
1 | 0.88 | 1.00 | 0.93 | 56 |
accuracy | 0.88 | 64 | ||
macro avg | 0.44 | 0.50 | 0.47 | 64 |
weighted avg | 0.77 | 0.88 | 0.82 | 64 |
0.875
[0, 8]
[0, 56]
Snort defines a plugins API https://www.snort.org/downloads/snortplus/snort_devel.html