Network Intrusion Detection System using Machine Learning (Reinforcement algorithm)
To detect these intrusions our proposed approach would be using Deep Reinforcement Learning and Q Learning which improves the stability and performance of the system.
We want to detect DDoS attack:
DDoS: Distributed Denial of Service attack is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. These attacks are one of the most dangerous security threats, in which attackers aim to break down the victim’s computer network or cyber system and interrupt their services. MEC systems are especially vulnerable to distributed DoS attacks, in which some distributed edge devices that are not well protected by security protocols can be easily compromised and then used to attack other edge nodes. Some attackers also aim to prevent the collaborative caching users from accessing the caching data. Jamming can be viewed as a special type of DoS attack.
The simplest approach could be to examine the logs of the web server and to identify whether the query relates to the DoS/DDoS attack or not. Collect the good and bad queries, label them (either bot or not). The tricky part will be to extract features. As features you can use: HTTP request method HTTP status code URL File name ([login to view URL]) Useragent IP address Geolocation of the IP address Train and test machine learning model. The drawback of the proposed approach is that the requests are treated as single objects and not as a part of the attack.
Our proposed method consists of first by using a supervised learning model the Support Vector Machines (SVM), which captures network traffic, filters HTTP headers, normalizes the data on the basis of the operational variables: rate of false positives, rate of false negatives, rate of classification and then sends the information to corresponding SVM’s training and testing sets.
then, we use Deep Q learning to attain the best possible reward.
We are using CICIDS 2017 dataset for intrusion detection which has the latest attributes with new types of attacks. In this section we have analyzed various types of publicly available dataset which we have used for training our neural network.
CICIDS2017: Generating the realistic background traffic is one of the highest priorities of this work. For this dataset, we used our proposed B-Profile system (Sharafaldin et al., 2017), which is responsible for profiling the abstract behavior of human interactions and generate a naturalistic benign background traffic. Our B-Profile for this dataset extracts the abstract behavior of 25 users based on the HTTP, HTTPS, FTP, SSH, and email protocols.
It also includes the results of the network traffic analysis using CICFlowMeter with labeled flows based on the time stamp, source and destination IPs, source and destination ports, protocols and attack (CSV files).