Network Attack detection using machine learning technique
ABSTRACT: –
As the Internet has evolved over time, so has the number of Internet-based attacks. A robust intrusion detection system (IDS) is necessary to ensure the protection of a network. A unique supervised machine learning system is developed to classify network traffic as malicious or benign. A combination of supervised learning algorithms and alternative methods was used to identify the most effective model based on popularity and success rate. It was absolutely determined by this study that Artificial Neural Networks (ANNs) with support for envelope machine learning outperformed Support Vector Machine (SVM) techniques in classifying network traffic. Performance Evaluation Techniques A comparative study shows that the proposed model is much cheaper than the various existing models in terms of success rates in monitoring intruders.
Machine learning (ML) algorithms are widely used to develop effective attack detection (identity) structures to effectively mitigate and detect malicious cyber threats at the host and community level. This community also uses cross-site scripting to attack websites, as they use malicious code embedded in web applications. This malicious code is nothing more than JavaScript. To avoid this, we must first determine which script is malicious. This XSS attack is commonly used to steal important information. This attack is ranked third by the Open Source Foundation for Application Security (OWASP). We’ll build an XSS detection model to find this script. However, cybersecurity attacks continue to increase. An identity engine will play a crucial role in detecting such threats. Existing identity structures are incapable of scanning for malicious threats, primarily because they rely on methods that may be supported by an older system to know techniques that, given ideal class and feature preferences, may be significantly less supported by meaning. Therefore, the development of an intelligent identification device will be a concern. The primary goal of this study was to create an intelligent hybrid attack detection device that can learn critical options like efficiency and robotic control from massive untagged network traffic. Numerous sets of identity data are publicly available on the Cybersecurity Assessment Network. As a result, we typically use a strong classifier based on Spark MLlib (device learning library), such as B. deployment regression, strong gradient boosting for anomaly detection, and a progressive metric capacity unit, such as B. Extended Memory Short Term. an automatic abuse attack encoder to develop a cost-effective way to detect and classify unpredictable attacks. Our method used LSTM to detect temporary options and an additional option with visual performance options. To assess the effectiveness of our proposed approach, experiments were performed on a recent public dataset, the updated ISCX-UB Real Lifestyles dataset. For XSS, we use an accurate method to detect malicious scripts using an algorithm. This algorithm determines whether the input data is malicious or not. But for this, we use a real-time data set that has two characteristics: the lexical URL and the URL tag, which is the category of the content. The simulation results show that our proposed techniques, based on Spark mllib and lstmae, significantly outperform existing identification techniques, reaching an accuracy rate of up to 97. After multiple 10-fold cross-validation tests, the iscx-unb dataset scored 52%. It is very promising to use our projected HIDs on a large scale in real international instances.
SYSTEM:-
- data collection module: This module collects network data from various sources, such as network devices, firewalls, and intrusion detection systems. The collected data is then stored in a database for further analysis.
- Data preprocessing module: this module performs preprocessing on the collected data to remove noise and inconsistencies in the data. The preprocessing involves data cleaning, data transformation, and data reduction techniques.
- feature extraction module: this module extracts relevant features from the preprocessed data the features extracted depend on the type of network attack being detected for example the features extracted for a dos attack will be different from those extracted for a ddos attack.
- machine learning module :this module uses machine learning algorithms to train a model on the extracted features The trained model is used to classify new data as normal or abnormal. The machine learning algorithms used include decision trees, support vector machines, and neural networks.
- Alert generation module: This module generates alerts when a network attack is detected. The alerts can be in the form of emails, SMS, or notifications to a security operations center .
- reporting module: This module generates reports on the network attacks detected. The reports can be used for analysis and decision-making.
The system for network attack detection using machine learning techniques can be deployed in various organizations, such as financial institutions, government agencies, and healthcare organizations, to detect and prevent network attacks.
PROPOSED SYSTEM:-
The planned system consists of feature choice and learning rules. The feature selection section is in charge of extracting the most important options or attributes required to identify an instance with a specific cluster or category. The training rule part generates the mandatory intelligence or information. Using the results of the feature choice part, the model is trained with the coaching knowledge set and builds up its intelligence. The learned intelligences were then applied to a knowledge set to show how well the model classified the unperceivable knowledge.
Our projected approach is to utilize machine learning algorithms for the classification of standard and malicious sites based absolutely on the features separated from the URL and JavaScript code. As a result, the first step is to collect standard website pages that are influenced by XSS attacks. The subsequent advance is to remove URLs and JavaScript code from those website pages. The capacities are known, and the dataset is created utilizing the gathered URL and JavaScript code. This dataset is then utilized for preparing and testing the chosen machine learning algorithms.
MODULES:-
- data preprocessing module: This module is responsible for cleaning, formatting, and transforming the raw network data into a format that can be used for analysis. It may include tasks such as filtering out irrelevant data, converting data into numerical form, and scaling the features.
- feature selection module: This module selects the most relevant features that can be used for attack detection. It may use techniques such as correlation analysis, feature ranking, or PCA to select the most important features.
- machine learning module: This module applies machine learning algorithms to detect network attacks. It may use supervised or unsupervised learning techniques, such as decision trees, SVM, Random Forest, Naive Bayes, or clustering algorithms like K-means.
- model evaluation module: This module evaluates the performance of the machine learning models. It may use metrics such as accuracy, precision, recall, F1 score, ROC-AUC, or confusion matrix to evaluate the performance of the models.
- Alerting Module: This module generates alerts when a network attack is detected. It may include notification mechanisms such as email, SMS, or push notifications to alert the relevant security personnel about the detected attacks.
- Feedback Module: This module takes feedback from the security personnel to improve the performance of the machine learning models. It may include retraining the models with new data, adjusting the parameters of the models, or improving the feature selection process based on the feedback.
- Visualization Module: This module provides visualizations of the network traffic and detected attacks. It may include graphs, charts, or dashboards to help the security personnel understand the network traffic patterns and identify the potential attack vectors.
- Integration Module: This module integrates the attack detection system with other security tools, such as firewalls, intrusion detection systems, or SIEMs. It may include APIs or plugins to allow seamless integration with these tools.
- Compliance Module: This module ensures that the attack detection system complies with the relevant security standards and regulations, such as PCI-DSS, HIPAA, or GDPR. It may include audit trails, logs, or compliance reports to demonstrate the system’s compliance.
These modules work together to create a comprehensive network attack detection system using machine learning techniques.
APPLICATION:-
Application: Network Attack Detection System
The Network Attack Detection System is designed to detect and classify network attacks in real-time using machine learning techniques. The system takes input from network traffic data and applies a pre-trained machine learning model to identify potential attacks.
Modules:
- Data Preprocessing: This module is responsible for collecting and preprocessing the network traffic data to be used as input for the machine learning model. It involves data cleaning, feature extraction, and normalization of the data.
- machine learning model: This module is responsible for training a machine learning model using the preprocessed data. The model is trained to classify network traffic data as either benign or malicious based on pre-defined attack patterns. The model is updated regularly to keep up with the latest attack trends.
- Real-Time Detection: This module is responsible for detecting network attacks in real-time using the trained machine learning model. It takes input from the preprocessed network traffic data and applies the machine learning model to classify the traffic as either benign or malicious. If an attack is detected, an alert is triggered and sent to the system administrator for further action.
- Alert Generation: This module is responsible for generating alerts in case of a network attack. The module uses email or SMS to send alerts to the system administrator along with the details of the attack.
- Reporting: This module is responsible for generating reports of the network traffic data and the attacks detected by the system. The reports are used to analyze the network traffic and improve the performance of the machine learning model.
Overall, the Network Attack Detection System is an essential tool for organizations to secure their networks against various cyber threats and attacks.
HARDWARE AND SOFTWARE REQUIREMENTS:-
HARDWARE:-
· Processor: Intel i3 or above.
· RAM: 6GB or more
· Hard disk: 160 GB or more
SOFTWARE:-
- Operating System : Windows 7/8/10
- python
- Anaconda
- Jupyter notebook
- flask framework