2021.4.27 Tianshuai Guan.pdf (1.42 MB)

MACHINE LEARNING BASED IDS LOG ANALYSIS

Download (1.42 MB)
thesis
posted on 06.05.2021, 14:07 by Tianshuai GuanTianshuai Guan

With the rapid development of information technology, network traffic is also increasing dramatically. However, many cyber-attack records are buried in this large amount of network trafficking. Therefore, many Intrusion Detection Systems (IDS) that can extract those malicious activities have been developed. Zeek is one of them, and due to its powerful functions and open-source environment, Zeek has been adapted by many organizations. Information Technology at Purdue (ITaP), which uses Zeek as their IDS, captures netflow logs for all the network activities in the whole campus area but has not delved into effective use of the information. This thesis examines ways to help increase the performance of anomaly detection. As a result, this project intends to combine basic database concepts with several different machine learning algorithms and compare the result from different combinations to better find potential attack activities in log files.

Funding

Tianshuai Guan

History

Degree Type

Master of Science

Department

Computer and Information Technology

Campus location

West Lafayette

Advisor/Supervisor/Committee Chair

Ida Ngambeki

Additional Committee Member 2

Baijian Yang

Additional Committee Member 3

Jin Kocsis

Usage metrics

Licence

Exports