Anomaly Based IDS using ML

Research done on probing attacks in an industrial setting.

Different types of Intrusion Detection Systems

Machine learning methods for Anomaly Detection

Data capture and processing

Data labelling

Snort and Suricata tools were used for data labelling

Feature selection

Training methods

Two ML models were used for training. Ensemble method (Bagging) with base classifier as naive Bayes, KNN, Logistic Regression and SVM. The flow features were converted to a 32X32 matrix and a CNN model was developed. Image created from the flow features CNN architecture model

Results

CNN model was performing better than ensemble method.

Tradeoff

The tradeoff between them is the complexity and the training time involved. CNN requires more computation resources and is an offline model.

Reference

Anomaly Based Intrusion Detection by Machine Learning: A case study on probing attacks to an institutional network