Python代写 | Using Machine Learning to detect network traffic intrusions
Aims This project explores how to effectively detect intrusions using Machine Learning. There are several challenges in this particular domain (read also “Outside the closed world” from the references): explainability, fast concept drift, detection performance, computational efficiency, semantics gap, high cost of false positives and false negatives. Each of these projects will try to tackle an open problem in the ML-based network security domain as a first attempt to address some of this concerns.
[CyBOK Knowledge Areas: 5 (Malware and Attack Technologies) and 16 (Network Security)] The five sub-projects will be about*:
1. Explainability: use traditional explainability methods such as LIME, SHAP, and LEMNA to explain decisions of ML-based network intrusion detections approaches.
2. IoT anomalies: Kitsune is a recently proposed deep learning-based approach for IoT anomaly detection; authors released their code and dataset. However, using deep learning has serious explainability and computational issues, and it is hard to pinpoint the exact motivations of why an anomaly is detected. This project will aim to rerun Kitsune and then design and develop implementation variants that increase explainability.
3. Datasets generalization: there are now many public datasets for network intrusion detection, but it is unclear which ones are actually effective or generalize better to other domains. This project will explore what are the best publicly
4. Adversarial ML in network traffic: how easy it is to craft adversarial examples for ML-based network intrusion detection systems? This project will explore robustness of ML-based methods, starting from the Kitsune intrusion detection system.
5. Hybrid datasets: the LANL dataset (see secrepo.com) contains both host-level and network-level events, with labeled data about intrusions. This sub-project will explore * I am happy to discuss other sub-topics proposed by students themselves, as I believe it is important that the students do something they really enjoy. I will consider also student proposals (if they want to), and I will assess suitability for the project timeframe and also likelihood of success. By the first group project meeting, the scope of the project will be finalized for each student.
Background Network intrusion detection has a long history. The main challenges resides in the fact that only a very small percentage of traffic is malicious, and even a false positive rate of 1% is unacceptable as it triggers to many alarms. Most research efforts focused on traffic patterns of large organizations, which are extremely complex and hard to analyze, as they have high variability. Recently, with the rise of IoT devices, it has become somewhat easier again to characterize network traffic as IoT devices have a pre-defined set of expected behaviors.
Nevertheless, it remains an open problem also in this domain, as well as in more traditional host-based large scale networks.