1

Hello I want to develope Intrusion detection system using neural network. I know there are 41 inputs. ( I know this from the Dataset which I used to train the neural network) .

I need help how to capture this 41 inputs in live connection. Please somebody help me or atleast guide me in the correct direction.

Thank you for your answers in advance...

Hemang Rami
  • 338
  • 4
  • 14
  • 1
    *"Thank you for your answers in advance..."* What is your question (in retrospect)? – Andrew Thompson Oct 02 '11 at 18:45
  • Neural networks are a *very* broad class of models and algorithms. Have you even read up on them yet? – Fred Foo Oct 02 '11 at 18:48
  • yes I have read it and current training it for my project. IDS requires 41 attributes to be extract as per datasets I have refered. Now for the live environment how to get those 41 attribute that I want to know. If you have done IDS project then you could have know this. – Hemang Rami Oct 02 '11 at 19:02

2 Answers2

1

What you are trying to do is feature extraction or reduction on your input data.

As input data I could imagine logs from a firewall, captured packets, ...

And as features you could have things like failed login attempts per time unit, number of connections, ...

But if you want to have your system work with the training you feed it, you need to have the same distribution of the features in the data you process, as you have trained it on (or at least very similar).

So to make matters short and simple : if you want to use the training data you cite, you need to get to know exactly which data they worked on gathering the training data, and exactly how they preprocessed it.

jpjacobs
  • 9,359
  • 36
  • 45
  • THANK YOU FOR YOUR GUIDANCE. BUT FOR THE TRAINING PURPOSE I AM USING KDD CUP 99 DATASET. AND ALSO I AM AT PRESENT TRAING THE NEURAL NETWORK BUT THE PROBLEM WITH ME IS THAT HOW TO CAPTURE 41 INPUT ATTRIBUTE FROM THE LIVE SYSTEM AS THERE ARE 41 INPUT ATTRIBUTES IN KDD CUP 99 DATASET.?? ANOTHER IS IT ENOUGH THAT ONLY CATCHING 41 ATTIBUTE WILL BE ABLE TO DETECT INTRUSION.?? I CAME TO KNOW THAT TCPTRACE WILL BE USE IF I WANT TO EXTRACT THOSE 41 ATTRIBUTES IS IT TRUE..?? – Hemang Rami Oct 09 '11 at 06:18
  • You might consider unsticking that caps key. The only thing you could do is split of a chunk of the set, train on that, and test the training on the other part. That way you could already test your network. But for gathering real data, and using the same training data to actually use the system, you need to figure out how the 41 inputs are being extracted from which data. There is no way around that. – jpjacobs Oct 09 '11 at 11:08
  • Thank you jpjacobs for your answer. but can u please guide me on that. Do we have some api available I came to know about winpcap library. do you have some ready made code available for capturing those 41 attributes..??? – Hemang Rami Oct 22 '11 at 07:14
  • I agree with jpjacobs from looking at the dataset winpcap does not seem to provide a unified mechanism for capturing all attributes. Your should look at each attribute individually and determine an appropriate way to recover it from the system. Also, consider linear regression as a means of predicting the probability of intrusion. – Romaine Carter Oct 22 '11 at 22:01
1

I have answered your other question (http://stackoverflow.com/questions/7587657/building-intrusion-detection-system-but-from-where-to-begin) more thoroughly. But I repeat here.

Read this article to learn more about how it (KDD99) is constructed

Article (Lee2000framework) Lee, W. & Stolfo, S. J. A framework for constructing features and models for intrusion detection systems ACM Trans. Inf. Syst. Secur., ACM, 2000, 3, 227-261

Atilla Ozgur
  • 14,339
  • 3
  • 49
  • 69