I'm working on IDS using machine learning on real traffic. basically, Lots of work has been done on datasets and I have found a very few works on testing on real traffic. So I want to know how can I achieve testing of IDS on real traffic which is trained using datasets.
How would I collect the real traffic like what tools and methodology + How would I extract features from that traffic
If anyone has reference papers or some helping material I would be grateful. Thank you
Many works have been proposed to detect Malicious traffic.
but most of them rely on a legacy data set. Simply the idle dataset is not found, due to most of them internal and cannot be shared due to privacy issues.
I highly recommend you to use CSE-CIC-IDS2018 as a new and realistic dataset.
check out this paper as a similar work :
http://www.warse.org/IJATCSE/static/pdf/file/ijatcse15942020.pdf
In order to extract the feature, I strongly recommend CICFlowMeter-V3 and Wireshark.
regarding evaluating the IDS on real traffic, when you are splitting the dataset to train and test set, evaluating the model using a test set like evaluating the model using real traffic .
If your interest is in protecting a website, maybe we can help.
There's a description of how we designed our IDS/IPS here:
Article What's An IPS?
In addition we have records of thousands of attempted hacks, featuring exploits of bash, SQL, WordPress etc which you can have for free.
Article A survey of neural networks usage for intrusion detection systems
- Badges
- Science topic