Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

Framework for implementing Network Intrusion Detection Systems (NIDS) aimed at identifying anomalies in network flows using Federated Learning models.

License

NotificationsYou must be signed in to change notification settings

c2dc/anomaly-flow

Repository files navigation

License: MIT

Framework for implementing Intrusion Detection Systems (NIDS) aimed at identifying anomalies in network flows using Machine Learning models.

Create the Experimental Environment

To create the experimental environment, execute the following commands:

python -m venv .env

Note: The virtual environment must have this name because the scripts use this name to load the needed libraries.fl-unsup-nids/blob/anomaly-flow-baseline/utils/load_data.pyAfter creating the Virtual environment, use the following command to install the necessary python packages:

pip install -r requirements.txt

Commands to run local experiments

To run the local experiments, use the following command:

source experiments.sh

Commands to run the Federated Learning experiments

To run the Federated Learning experiments, use the following command:

source run.sh

Getting the data to run the experiments

To run the experiments, we need to have the CIC-IDS2018, BoT-IoT and ToN-IoT in a folder called datasets in the root of the project, e.g. :

|- anomaly-flow    |- datasets         |- NF-CSE-CIC-IDS2018-v2-DDoS.csv.gz        |- NF-BoT-IoT-v2-DDoS.csv.gz        |- NF-ToN-IoT-v2-DDoS.csv.gz

In our case we used derived datasets containing only benign and DDoS samples filtered from the originals datasets.

Generating Synthetic Data

To generate Synthetic Data for a specific dataset use the scriptmain.ipynb.

External models Simple Models Baseline

Install the EFC package

To run the external and simple model scripts, please install the custom pip package for the EFC algorithm:

  1. Make sure the scripts have run privileges:
chmod +x ./auxiliary_scripts/install-efc.sh
  1. Run the script (Git and the anomaly-flow environment named.env required):
./auxiliary_scripts/install-efc.sh

Baselines

The baselines for a multi-domain DDoS detection using federated learning are available here:

References

The data used to carry out the experiments can be obtained from:

Machine Learning-Based NIDS Datasets (Netflow V2 Datasets)

The following projects were used as reference for the preparation of this work:

GANomaly

Anomaly-Toolbox Project

Energy-based Flow Classifier

Authors

drawing   Leonardo Henrique de Melo

drawing   Gustavo de Carvalho Bertoli

drawing   Michele Nogueira

drawing   Aldri Luiz dos Santos

drawing   Lourenço Alves Pereira Junior

Cite this work

About

Framework for implementing Network Intrusion Detection Systems (NIDS) aimed at identifying anomalies in network flows using Federated Learning models.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published
[8]ページ先頭
©2009-2025 Movatter.jp