BTP (End Term PPT)

Comparision Analysis of ML algos

on Network Intrusion Dataset
Team Members:
Udit Shokeen (2019UIT3110)
Bhoovan Mansia(2019UIT3150)

Under the guidance of Dr. S.K. Dhurandher

Introduction
A network-based intrusion detection system (NIDS) is used to monitor and analyze
Introduction
network traffic to protect a system from network-based threats.

A NIDS reads all inbound packets and searches for any suspicious patterns. When
threats are discovered, based on its severity, the system can take action such as
notifying administrators, or barring the source IP address from accessing the network.
 Introduction
NIDS can be hardware or software-based systems
and, depending on the manufacturer of the
system, can attach to various network mediums
such as Ethernet, FDDI, and others.

Oftentimes, NIDS have two network interfaces.

One is used for listening to network
conversations and the other is
used for control and reporting.
Problem Statement
• One major limitation of current network intrusion detection system (NIDS)
technologies is the requirement to filter false alarms.

• The other limitation is that they do not have the ability to detect new attacks
that use new signatures because they don't have these signatures in their
knowledge base.

• The main objective is to build a Deep Learning model whose performance is

better than the available network intrusion detection models as well as model
which have been implemented using ML algorithms
Methodology
WORKFLOW OVERVIEW
Flowchart
Dataset

• The three prominent NIDS datasets are NSL-KDD, CIC-IDS-2018 and

UNSW-NB15.

• These datasets suffere from:-

1. Missing data samples within their datasets
2. Also suffers from the issue of containing inadequatly modeled tail
classes which leads to inconsistent performance.
Dataset Used

The University of Nevada - Reno Intrusion Detection Dataset (UNR-

IDD,2022), a NIDS dataset. The UNR-IDD consists primarily of network port
statistics. These refer to the observed port metrics recorded in switch/router
ports within a networking environment.

The dataset also includes delta port statistics which indicates the change in
magnitude of observed port statistics within a time interval. We also address
the limitation of the presence of tail classes.

It provides a fine-grained analysis of network flows from the port level as

decisions are made at the port level versus the flow level .This dataset also
ensures that there are enough samples for classifiers to achieve high F-
Measure scores, uniquely.
Captured Data Features:

Port Statistics( 9 )
These statistics relay the collected metrics and magnitudes from every single
port within the SDN when a flow is simulated between two hosts.

Delta Port Statistics( 9 )

These delta statistics are used to capture the change in collected metrics from
every single port within the SDN when a flow is simulated between two hosts.
The time interval for these observed metrics is configured as 5 seconds, which
can provide greater detail in detecting intrusions.

Flow Entry and Flow Table Statistics( 12 )

Additionally, we also collect some flow entry and flow table statistics to work in
conjunction with the collected port statistics. These metrics provide
information about the conditions of switches in the network and can be
collected in any network setting.
Labels:

• TCP-SYN Flood: A Distributed Denial of Service (DDoS) attack where attackers target hosts by initiating
many Transmission Control Protocol (TCP) handshake processes without waiting for the response from
the target node. By doing so, the target device's resources are consumed as it has to keep allocating some
memory space for every new TCP request.

• Port scan: An attack in which attackers scan available ports on a host device to learn information about
the services, versions, and even security mechanisms that are running on that host.

• Flow Table Overflow: An attack that targets network switches/routers where attacks compromise the
functionality of a switch/router by consuming the flow tables that forward packets with illegitimate flow
entries and rules so that legitimate flow entries and rules cannot be installed.

• Blackhole: An attack that targets network switches/routers to discard the packets that pass through,
instead of relaying them on to the next hop.

• Traffic Diversion: A attack that targets network switches/routers to reroute the direction of packets
away from their destination, intending to increase travel time and/or spying on network traffic through
a man-in-the-middle scenario.

• Normal: Normal network functionality

Result:
BASELINE MODEL
Comparison of feature selection methods
Confusion matrix after best
feature selection
 VARYING THE MLP PARAMETERS

1.Batch Size
2. Optimizer and Learning rate

3. Activation Function
4.Hidden layers and no. of neurons
Final model’s confusion matrix Accuracy table for different ML
Models
MLP:
Conclusion
● Successful implemented a model using deep learning which has
a better accuracy than many traditional ML models

Limitations of our NIDS model :

● Accuracy is still around 83% which could be further improved

 References
1. A B. Athira, V. Pathari, “Standardisation and Classification of Alerts Generated by Network Intrusion Detection
Systems”, IJCI, International Journal on Cybernetics & Informatics, Vol 5 Issue 2, 2016.

2. Johansson Daniel, Andersson Par, “Network Intrusion Detection Systems with Correlation Capabilities”

3. Yasm Curt, “Prelude as a Hybrid NIDS Framework”, March, 2009

4. Kumar Vinod, Sangwan Prakash Om, “Signature Based Intrusion Detection System Using SNORT”, IJCAIT,
International Journal of Computer Applications & Information Technology, Vol. I, Issue III, November 2012.

5. Singh Deepak Kumar, Gupta Jitendra Kumar, “An approach for Anomaly based Network Intrusion detection
System using SNORT“, IJSER, International Journal of Scientific & Engineering Research, Volume 4, Issue 9,
September 2013.

6. S, Vijayarani, and Maria Sylviaa S. “Network Intrusion Detection System – A Study”, IJSPTM, International Journal
of Security, Privacy and Trust Management ,Vol 4, Issue 1, pp. 31–44, February 2015.
Thank You