Anomaly Based IDS using ML
Research done on probing attacks in an industrial setting.
Different types of Intrusion Detection Systems
Machine learning methods for Anomaly Detection
Data capture and processing
Data labelling
Snort
and Suricata
tools were used for data labelling
Feature selection
Training methods
Two ML models were used for training. Ensemble method (Bagging) with base classifier as naive Bayes, KNN, Logistic Regression and SVM. The flow features were converted to a 32X32 matrix and a CNN model was developed.
Results
CNN model was performing better than ensemble method.
Tradeoff
The tradeoff between them is the complexity and the training time involved. CNN requires more computation resources and is an offline model.