Building IDS using artificial neural network on CICS-2017 Intrusion detection is the process of identifying malicious activity targeted at computing and networking resources [1]. An Intrusion detection system monitors network traffic and raises an alert when suspicious activities are discovered. Intrusion detection systems are classified into two types- Network Intrusion Detection system and Host-based Intrusion detection system. Network intrusion detection systems are set up at points within the network to examine all the data going through the network itself. Host-based intrusion detection system run on hosts or devices present on the network. It detects incoming and outgoing packets from the device only and will give an alert if malicious activity is discovered. An anomaly-based intrusion detection system is used to detect whether an activity is suspicious or not by comparing it with a statistical model of the past activity of the user. These have a better- generalized property as these models can be trained according to the applications and hardware configurations. Anomaly-based IDS is rendered the most effective among intrusion detection systems as they have no need to search for any specific pattern of the anomaly, but they rather just treat anything that does not match the profile as “Anomalous” [2]. Deep learning is a subfield of machine learning concerned with algorithms inspired by the structure and function of the brain called artificial neural networks [3]. It works by creating a statistical model based on the input and applies a non-linear transformation to its input until the output has reached an acceptable level of accuracy. “Deep” is inspired by the different number of processing layers the data has to go through. Artificial neural networks are computing systems derived from the brain’s neural networks. These systems learn to do tasks by considering examples. It is based on a group of connected unitscalled artificial neurons. Neurons having a connection can pass information from one to another. Each neuron has a weight associated with it that varies as learning proceeds. The neurons are organized in layers. Signals travel from the input layer to the output layer with the layers between them applying different kinds of transformation to them. Dataset used in the model is CICIDS2017 [4]. It contains benign and most up to date common attacks. It also includes the results of the network traffic analysis with labeled flows based on timestamp, source, protocols, attacks, and other information in a CSV format. In this project, we have trained a deep learning model to identify anomaly from the given data set. The model was trained on user data such as network packet information, software running information, system long events, operating system information, kernel information, etc.
adityatulsyan/Intrusion-Detection-System
Building IDS using artificial neural network on CICS-2017
Python