kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Machine Learning for a Network-based Intrusion Detection System: An application using Zeek and the CICIDS2017 dataset
KTH, School of Engineering Sciences in Chemistry, Biotechnology and Health (CBH), Biomedical Engineering and Health Systems, Health Informatics and Logistics.
2019 (English)Independent thesis Basic level (university diploma), 10 credits / 15 HE creditsStudent thesisAlternative title
Maskininlärning för ett Nätverksbaserat Intrångsdetekteringssystem : En tillämpning med Zeek och datasetet CICIDS2017 (Swedish)
Abstract [en]

Cyber security is an emerging field in the IT-sector. As more devices are connected to the internet, the attack surface for hackers is steadily increasing. Network-based Intrusion Detection Systems (NIDS) can be used to detect malicious traffic in networks and Machine Learning is an up and coming approach for improving the detection rate. In this thesis the NIDS Zeek is used to extract features based on time and data size from network traffic. The features are then analyzed with Machine Learning in Scikit-Learn in order to detect malicious traffic. A 98.58% Bayesian detection rate was achieved for the CICIDS2017 which is about the same level as the results from previous works on CICIDS2017 (without Zeek). The best performing algorithms were K-Nearest Neighbors, Random Forest and Decision Tree.

Abstract [sv]

IT-säkerhet är ett växande fält inom IT-sektorn. I takt med att allt fler saker ansluts till internet, ökar även angreppsytan och risken för IT-attacker. Ett Nätverksbaserat Intrångsdetekteringssystem (NIDS) kan användas för att upptäcka skadlig trafik i nätverk och maskininlärning har blivit ett allt vanligare sätt att förbättra denna förmåga. I det här examensarbetet används ett NIDS som heter Zeek för att extrahera parametrar baserade på tid och datastorlek från nätverkstrafik. Dessa parametrar analyseras sedan med maskininlärning i Scikit-Learn för att upptäcka skadlig trafik. För datasetet CICIDS2017 uppnåddes en Bayesian detection rate på 98.58% vilket är på ungefär samma nivå som resultat från tidigare arbeten med CICIDS2017 (utan Zeek). Algoritmerna som gav bäst resultat var K-Nearest Neighbors, Random Forest och Decision Tree.

Place, publisher, year, edition, pages
2019. , p. 39
Series
TRITA-CBH-GRU ; 2019:033
Keywords [en]
Machine Learning, Flow-based traffic characterization, Intrusion Detection System (IDS), Zeek, Bro, CICIDS2017, Scikit-Learn
Keywords [sv]
Maskininlärning, Flödesbaserad trafik-karaktärisering, Intrångsdetekteringssystem (IDS), Zeek, Bro, CICIDS2017, Scikit-Learn
National Category
Other Computer and Information Science Information Systems Communication Systems
Identifiers
URN: urn:nbn:se:kth:diva-253273OAI: oai:DiVA.org:kth-253273DiVA, id: diva2:1324795
Subject / course
Computer Technology, Networks and Security
Educational program
Bachelor of Science in Engineering - Computer Engineering
Supervisors
Examiners
Available from: 2019-06-14 Created: 2019-06-14 Last updated: 2022-06-26Bibliographically approved

Open Access in DiVA

fulltext(616 kB)9487 downloads
File information
File name FULLTEXT01.pdfFile size 616 kBChecksum SHA-512
03af4561b8e088bba08f9c2cfafb7519d6cdc60f388f9e7923f638c723cff68291ba74fb3e3d42e1aaf081c2de1231513454b3cbbf1fb6fae03fef3244c7dc0a
Type fulltextMimetype application/pdf

By organisation
Health Informatics and Logistics
Other Computer and Information ScienceInformation SystemsCommunication Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 9498 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 9146 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf