Networks today, are prone to malicious attacks and the network can be manipulated easily by an attacker which is a very serious security issue. Thus, to tackle this issue, we have designed an intrusion detection system that can detect such attacks. We’ve designed a program using machine learning algorithms which learns from the signatures of the normal, abnormal/attack traffic. We’ve trained the algorithm with the 7 weeks connection records from raw tcpdump capture of US Airforce’s Local area Network released by DARPA. Then we’ve tested the both the codes with test data which has 2 weeks of connection records. We’ve achieved 92.39% with gradient machine learning algorithm and 92.2% with Adaboost algorithm.
We’ve also designed a code which sniffs the packets and stores the connection records into a csv file.
So, by training the program with modern day signatures, you can even test the present day connection records of any webserver and predict intrusions or attacks. You can also detect attacks from the packet capture files from any protocol analyzer like wireshark or tcpdump.