Network Packet Scrutinize (NPS)

Abstract

The purpose of study is to understand the concept of an Intrusion Detection System (IDS) and to develop an anomaly based intrusion detection system, intended to detect the malicious traffic over a small home or office network. As ID S s may be purely software based or purely hardware based and some are often a blend of both, although for our requirement we aim to design a purely software based IDS which comprises of only open source libraries and tools for its design and deployment. The technique we are using to detect malicious activity in this anomaly detection model is of machine learning. Using Waikiki Environment for Knowledge Analysis (WE K A), an open source library for machine learning algorithms we have trained and tested different linear classification algorithms. The training is done using the data set “UN SW-N B 15”, created in 2015 by Australian Center for Cyber Security (AC CS).The feature set of six frequently occurring attributes in 8 different attack types are identified. The attacks are namely Buzzers, Analysis, Backdoor, Do S, Exploits, Generic, Reconnaissance (information gathering for later analysis or attack), Shell code and Worms. The training and testing of the model has been done on the sample size of 0.25 million samples, of which approximately 70% is used for training and the remaining 30% is used for validating the models. The anomaly detection program is implemented using an open source network monitoring framework, BRO. Since not much of the research work has been done on the tool, therefore yielding a great challenge to implement and integrate our machine learning model with the tools and libraries. After having put all pieces in the right order and right place our model proves to be yielding precise results with relatively lesser number of false positive than the statistical anomaly detection approach and is inexpensive to implement to existing traditional networks