Network intrusion detection is a task aimed to identify malicious network traffic. Malicious networktraffic is generated when a perpetrator attacks a network or internet-connected device with the intent todisrupt, steal or destroy a service or information. Two approaches for this particular task is the rule-basedmethod and the use of machine learning. The purpose of this paper was to contribute with knowledgeon how to evaluate and build better network intrusion detection systems (NIDS). That was fulfilled bycomparing the detection ability of two machine learning models, a neural network and a random forestmodel, with a rule-based NIDS called Snort. The paper describes how the two models and Snort wereconstructed and how performance metrics were generated on a dataset called CIC-IDS2017. It also describes how we capture our own malicious network traffic and the models ability to classify that data. Thecomparisons shows that the neural network outperforms Snort and the Random forest. We also presentfour factors that may influence which method that should be used for intrusion detection. In addition weconclude that we see potential in using CIC-IDS2017 to build NIDS based on machine learning.
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:uu-479347 |
| Date | January 2022 |
| Creators | Lindstedt, Henrik |
| Publisher | Uppsala universitet, Institutionen för informatik och media |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.6644 seconds