Network Anomaly Detection and Classification: Understanding them from a System's Perspective
Idea:
The motivation of this dissertation is to discuss and prove which Anomaly detection (AD) technique and Classification technique (CL) is best suitable for detecting and filtering process with respect to chosen metrics and benchmarking tool. Our goal is to enable network operators, and or those who design and build intrusion detection system, etc., to make decisions about which AD or CL techniques are suitable for their context.
This dissertation makes the following key contributions: is a benchmarking tool for various anomaly detection and classification systems. This tool will have four components as follows, i) Datasets (data captured from live network), ii) Benchmarking metrics such as CPU times and Heap sites, iii) Anomaly Detection and Classification techniques applied and iv) Measuring and Processing scripts.
Prerequisites:
For Unix System:
Please find the Report, for complete understanding the system's working in order to test it.
After installating all the prerequisites, please save these source files 1, 2and 3 in the directory named "ad_cl" inside Download directory. We have used this Input file for testing our system.
All the graphs shown in the report are based on the CPU time and Heap sites (benchmarking tool), these files are generated once the program is executed. Due to web space limitation (50MB) we have uploaded only one set of files rather all the files.
| Figure Number | Figure 5.3(b) |
|---|
| Figure 5.8(b) |
These files in the table below are the result of each anomaly detection and classification techniques applied in this system,
| Results | Decision Table |
|---|
| Bayes Network |
| DBSCAN |
| K-means |
| Density |
| Gaussian Process |