I had read a lot of papers about network intrusion detection.I find that most of them only use datasets to validate IDS's performance, but how to apply it in practice? No datasets are available in real scenarios.
Data Sets are based on send by user in the computer network. But in view of machine learning algorithms input data set is based on the trained data on machine learning algorithm. This input data is nothing but trained data set and this is real data sets for machine learning algorithm.
we use datasets to test performance because ML/DL models need a large volume of data to understand traffic, if you want to apply your models to real-time traffic you can set up a test lab with a tool to recover traffic after recovering real-time traffic, you will have to extract the functionality (feature) that you used during the training of the detection model.
Thank you very much for your reply! However, I still have some doubts.
Are there practical applications of machine learning-based intrusion detection techniques today? Currently I have some knowledge of computers and machine learning, and also have the ability to construct machine learning models, tune parameters and use datasets for training.But how do I set up a test lab with live traffic? I haven't found any information on this.Need a database?How does the machine learning model achieve real-time detection? Ismaila Sy Dr Ekambaram Kesavulu Reddy
Yes you are right, there are no apps that I know based on real traffic yet.However to overcome this, if you have a good model you can consider integrating it into an existing IDS.You know that DL models need computing power, so if you want to do that you have to recover network traffic with classic network listening tools, extract the features to apply them to your model. But this requires a lot of computing resources.
I am currently working on a technique that will allow this.