NETWORK INTRUSION

DETECTION USING MACHINE

LEARNING

Team
K. Madhu Sudhan Royal VTU13154
N. Ashok VTU12789
PROJECT GUIDE Boddapati sivateja VTU11212
DR K SURESH
 1.ABSTACT
2.INTRODUCTION
3.EXISTING SYSTEM
4.PROPOSED SYSTEM
5.METHODOLOGY
6.USE CASE DIAGRAMS
CONTENTS 7.IMPLEMENTATION
8.SOFTWARE AND HARDWARE
REQUIREMENTS
9.ALGORITHMS
 10.Libraries

11.Execution

12.Conclusion

13.Future Enhancements

CONTENTS 14.Refereences
ABSTRACT
The internet has completely revolutionized the world in many ways. It has contributed immensely to
nation’s economic growth. As internet is widely used cybercrimes rate is also increasing.

Network Intrusion refers to any unauthorized activity on a digital network. Network and system security is
of paramount importance in the present data communication environment.

Hackers and intruders can create many successful attempts to cause the crash of the networks and web
services by unauthorized intrusion.

New threats and associated solutions to prevent these threats are emerging together with the secured
system evolution.

Intrusion Detection Systems (IDS) are one of these solutions.

ABSTRACT

The main function of Intrusion Detection System is to protect the resources from threats. IDS is
a system that monitors network traffic for suspicious activity. It analyses and predicts the
behaviours of users, and then these behaviours will be considered an attack or a normal
behaviour.

It is crucial to safeguard our data and resources from intruders and attackers. In addition to
Intrusion Prevention Intrusion Detection is the first step to prevent security attack.

A machine learning algorithm is developed to classify network traffic whether it is harmful or

harmless
INTRODUCTION

• From the last few decades, people do various transaction activities like air ticket reservation, online banking,
distance learning, group discussion and so on using the internet.

• Due to explosive growth of information exchange and electronic commerce in the recent decade, there is a need to
implement some security mechanisms in order to protect sensitive information.

• Detection of any intrusive behavior is one of the most important activity for protecting our data and assets.
Various intrusion detection systems are incorporated in the network for detecting intrusive behavior.

• Wide spreading usages of internet and increases in access to online contents, cybercrime is also happening at an
increasing rate

• Intrusion detection is the first step to prevent security attack. Hence the security solutions such as Firewall,
Intrusion Detection System (IDS), Intrusion Prevention System (IPS) are getting much attention in studies.
 INTRODUCTION

• In recent years, Intrusion Detection System (IDS) has become one of the hottest research areas in Computer Security. It
is an important detection technology and is used as a countermeasure to preserve data integrity and system availability
during an intrusion.

• The increasing number of security attacks have inspired researchers to employ various classifiers, such as support
vector machines (SVMs), to deal with them in Intrusion detection systems (IDSs)

• The challenges with anomaly based intrusion detection are that it needs to deal with novel attack for which there is no
prior knowledge to identify the anomaly.

• Hence the system somehow needs to have the intelligence to segregate which traffic is harmless and which one is
malicious or anomalous and for that machine learning techniques are being explored by the researchers over the last
few years .

• IDS however is not an answer to all security related problems.

EXISTING SYSTEM
EXISTING SYSTEM
•The Network IDS analyzes the data packets that travel over a network and this is carried out in
two ways
1.Signature based
2.Anomoly based
•Network IDS that works based on Signature have seen commercial success and widespread
through out the globe where as anomaly based network IDS have not gained such success
•To protect target systems and networks against maliciousactivities anomaly-based network IDS
is a valuable technology.Despite the variety of anomaly-based network intrusion
detectiontechniques described in the literature in recent years
PROPOSED SYSTEM

In our project IDS will be trained with all possible attacks signatures with machine learning
algorithms and then generate train model, whenever new request signatures arrived then this model
applied on new request to determine whether it contains normal or attack signatures.

we are evaluating performance of two machine learning algorithms such as SVM and ANN and
through we conclude that ANN outperform existing SVM in terms of accuracy.

In this algorithms we used Chi-Square Based feature selection algorithms to reduce dataset size,
this feature selection algorithms removed irrelevant data from dataset and then used model with
important features, due to this features selection algorithms dataset size will reduce and accuracy of
prediction will increase.
METHODOLOGY
USECASE DIAGRAM
IMPLEMENTATION
SOFTWARE AND HARDWARE REQUIREMENTS

HARDWARE REQUIREMENTS:
oProcessor : I3
oRam : 4GB
oHard Disk : 100GB
SOFTWARE REQUIREMENTS:
oOperating system : Windows .
oCoding Language : Python
oIDE : Jupyer Notebook(Anaconda)
oDataset : NSL KDD
ALGORITHMS

System is composed of
Feature selection :Used to reduce data dimensionality in machine learning for more accuracy
Learning Algorithms
ANN(Artificial Neural Network)
SVM(Support Vector Machine)
LIBRARIES

NumPy : General purpose array processing package

Pandas : Used to read and write different files and for data manipulation
Keras : Provides python interface for Artificial Neural Networks
Tkinter :Standard GUI Library for python
Sklearn :Machine learning package which include lot of ML algorithms
Mathplotlib :plotting library
Imutils :Used to display with Mathplotlib
IMPLEMENTATION

1) Load the dataset

2) Preprocess data
3) Generate training model
4) Run SVM algorithm
5) Run ANN algorithm
6) Upload test data
7) Detect attack
8) Find accuracy graph
IMPLEMENTATION

Preprocess Data
In dataset normal signature is changed to ‘0’ and anomaly is changed to ‘1’
All String attributes are removed

Generate train and test data

This is done by inbuilt function train_test_split( )
Training data :80%
Testing data :20%
IMPLEMENTATION

Detect attack for test data

1.Create SVM classifier
2.Train the model
3.Predict the response
IMPLEMENTATION

Accuracy score is calculated by inbuilt function accuracy_score()

Accuracy=(TP+TN)/(TP+TN+FN+FP)
CONFUSION MATRIX
DATA SET
EXECUTION

When we run the python code then

the below screen is visible
By clicking on upload NSL KDD Dataset we upload dataset
Clicking on Preprocess button to preprocess our data
Dataset after preprocessing
Click on Generate Training Model to split train and test data to generate training model
Click on Run SVM algorithm to generate SVM model and calculate its accuracy
Click on ‘Run ANN Algorithm’ to calculate ANN accuracy
click on ‘Upload Test Data & Detect Attack’ button to upload test data and to predict whether test
data is normal or contains attack. All test data has no class either 0 or 1 and application will predict
and give us result. See below some records from test data
By clicking on Accuracy graph we can see ANN got better accuracy compare to SVM, in above
graph x-axis contains algorithm name and y-axis represents accuracy of that algorithms
CONCLUSION

An Intrusion Detection system is built by choosing an effective classisfication approach where
each record is classified into normal or an anomaly.
We have compared the most well known classification algorithms ANN and SVM These
algorithms are tested with NSL KDD dataset
We conclude that the accuracy is more in the case of ANN algorithm.
FUTURE ENHANCEMENTS

We believe that these findings will contribute to research further in the domain of building a
detection system that can detect known attacks as well as novel attacks. The intrusion detection
system exist today can only detect known attacks.
Detecting new attacks or zero day attack still remains a research topic
REFERENCES

• H. Song, M. J. Lynch, and J. K. Cochran, “A macro-social exploratory analysis of the rate of

interstate cyber-victimization,” American Journal of Criminal Justice, vol. 41, no. 3, pp. 583–601,
2016.
• P. Alaei and F. Noorbehbahani, “Incremental anomaly-based intrusion detection system using
limited labeled data,” in Web Research (ICWR), 2017 3th International Conference on, 2017, pp.
178–184.
• M. Saber, S. Chadli, M. Emharraf, and I. El Farissi, “Modeling and implementation approach to
evaluate the intrusion detection system,” in International Conference on Networked Systems,
2015, pp. 513–517.
• M. Tavallaee, N. Stakhanova, and A. A. Ghorbani, “Toward credible evaluation of anomaly-
based intrusion-detection methods,” IEEE Transactions on Systems, Man, and Cybernetics, Part
C (Applications and Reviews), vol. 40, no. 5, pp. 516–524, 2010.
• A. S. Ashoor and S. Gore, “Importance of intrusion detection system (IDS),” International
Journal of Scientific and Engineering Research, vol. 2, no. 1, pp. 1–4, 2011. [
THANK YOU