Return to search

Methods for network intrusion detection : Evaluating rule-based methods and machine learning models on the CIC-IDS2017 dataset

Network intrusion detection is a task aimed to identify malicious network traffic. Malicious networktraffic is generated when a perpetrator attacks a network or internet-connected device with the intent todisrupt, steal or destroy a service or information. Two approaches for this particular task is the rule-basedmethod and the use of machine learning. The purpose of this paper was to contribute with knowledgeon how to evaluate and build better network intrusion detection systems (NIDS). That was fulfilled bycomparing the detection ability of two machine learning models, a neural network and a random forestmodel, with a rule-based NIDS called Snort. The paper describes how the two models and Snort wereconstructed and how performance metrics were generated on a dataset called CIC-IDS2017. It also describes how we capture our own malicious network traffic and the models ability to classify that data. Thecomparisons shows that the neural network outperforms Snort and the Random forest. We also presentfour factors that may influence which method that should be used for intrusion detection. In addition weconclude that we see potential in using CIC-IDS2017 to build NIDS based on machine learning.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:uu-479347
Date January 2022
CreatorsLindstedt, Henrik
PublisherUppsala universitet, Institutionen för informatik och media
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0017 seconds