Update README.md

parent 3504ff8d
...@@ -40,7 +40,7 @@ The main objective of the research is to provide an Intrusion Detection System w ...@@ -40,7 +40,7 @@ The main objective of the research is to provide an Intrusion Detection System w
Specific Objectives : Specific Objectives :
• Identifying NTP Amplification attacks - IT17111034 • Identifying NTP Amplification attacks - IT17111034
To achieve the main objective, identifying NTP amplification attacks is very important. Here the main objective is to filters out the normal internet traffic and identify the NTP Responses and identify whether it is NTP Amplification attack or not. After identifying the Network traffic if there is any suspicious traffic a Notification should be given. To achieve the main objective, identifying NTP amplification attacks is very important. Here the main objective is to filter out the normal internet traffic and identify the NTP Responses and identify whether it is NTP Amplification attack or not. After identifying the Network traffic if there is any suspicious traffic a Notification should be given.
• Identifying Slow Loris attacks - IT17124904 • Identifying Slow Loris attacks - IT17124904
In order to achieve the main objective this specific objective proposed a way to identify the .pcap files and figure out whether it is a Slow Loris attack or not.is there any suspicious traffic, partial HTTP requests, a notification should be given to the user. Is that suspicious traffic is Slow Loris attack, system detect the attack type and ensure the availability of the systems for the legitimate users without any interruption. In order to achieve the main objective this specific objective proposed a way to identify the .pcap files and figure out whether it is a Slow Loris attack or not.is there any suspicious traffic, partial HTTP requests, a notification should be given to the user. Is that suspicious traffic is Slow Loris attack, system detect the attack type and ensure the availability of the systems for the legitimate users without any interruption.
...@@ -49,7 +49,7 @@ In order to achieve the main objective this specific objective proposed a way to ...@@ -49,7 +49,7 @@ In order to achieve the main objective this specific objective proposed a way to
To achieve the main object, one specific objective is to identify the IRC (Internet Relay Chat) traffic beside normal traffic and figure out whether it is a Mobile Botnet DDoS attack or not. If there are any suspicious traffic, a notification should be given to the user. By identifying Mobile Botnet DDoS attack, the detection system can ensure the availability of a system for the legitimate users without any interruption. And reduce financial and other losses of the industries and governments worldwide. To achieve the main object, one specific objective is to identify the IRC (Internet Relay Chat) traffic beside normal traffic and figure out whether it is a Mobile Botnet DDoS attack or not. If there are any suspicious traffic, a notification should be given to the user. By identifying Mobile Botnet DDoS attack, the detection system can ensure the availability of a system for the legitimate users without any interruption. And reduce financial and other losses of the industries and governments worldwide.
• Identifying Volumetric attacks - IT17114172 • Identifying Volumetric attacks - IT17114172
To achieve the main object, another specific objective is to identify Volumetric attacks. This paper proposes a way to identifying very high bandwidth (more than 50 Gb+) requests received to the system. To achieve the main object, another specific objective is to identify Volumetric attacks. The model is trained to identify very high bandwidth (more than 50 Gb+) requests received to the system.
**Summary of Individual Components** **Summary of Individual Components**
...@@ -61,7 +61,7 @@ Data Set used : https://www.uvic.ca/engineering/ece/isot/datasets/ ...@@ -61,7 +61,7 @@ Data Set used : https://www.uvic.ca/engineering/ece/isot/datasets/
**Identifying NTP Amplification attacks - IT17111034** **Identifying NTP Amplification attacks - IT17111034**
The component is implementing to filter out the normal internet traffic and identify the NTP Responses and identify whether it is a NTP Amplification attack or not. After identifying the Network traffic if there is any suspicious traffic a Notification should be given. This component is implementing to filter out the normal internet traffic and identify the NTP Responses and identify whether it is a NTP Amplification attack or not. After identifying the Network traffic if there is any suspicious traffic a Notification should be given.
Data Set used : http://205.174.165.80/CICDataset/CICDDoS2019/Dataset/CSVs/ Data Set used : http://205.174.165.80/CICDataset/CICDDoS2019/Dataset/CSVs/
**Identifying Slow Loris attacks - IT17124904** **Identifying Slow Loris attacks - IT17124904**
...@@ -80,10 +80,27 @@ Data Set used : Extracted DDoS Flows from CSE-CIC-IDS2018- AWS, CICIDS2017, CIC ...@@ -80,10 +80,27 @@ Data Set used : Extracted DDoS Flows from CSE-CIC-IDS2018- AWS, CICIDS2017, CIC
http://gitlab.sliit.lk/2020---092/2020-092/blob/master/Images/system_overview_diagram.JPG http://gitlab.sliit.lk/2020---092/2020-092/blob/master/Images/system_overview_diagram.JPG
According to the above diagram, first malicious traffic signatures should be obtained from the raw data and then added to the database. In order do this a dataset which is related to the NTP Amplification attack is used. Then by using the feature selection generation of the SDS will be done and afterwards the Machine Learning Algorithm is being trained. Then it is supplied to the system of traffic classification. According to the above diagram, first malicious traffic signatures should be obtained from the raw data and then added to the database. In order do this, datasets which are related to the NTP Amplification attacks, Mobile Botnet attacks, Slowloris attacks and Volumetric attacks are used. Then, by using the feature selection, generation of the SDS will be done and afterwards the Machine Learning Algorithm is being trained. Then it is supplied to the system of traffic classification.
**Other Necessary Instructions to run the code:** **Other Necessary Instructions to run the code:**
First, run the application.py to run the trained models
Then run the WANHEDA front end using `npm start` command in the visual studio code or command prompt **Run it on your PC**
1. Install the following
1. git
2. python
3. npm
4. pip
2. Clone the repository
git clone http://gitlab.sliit.lk/2020---092/2020-092.git
3. Run the application.py file using PyCharm.
4. Open the WANHEDA Front End folder in Visual Studio Code and run.
Open the Terminal in VS Code
Run the command ‘npm start’
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment