« UC5 : Machine Learning vs DDoS » : différence entre les versions
Aucun résumé des modifications |
Aucun résumé des modifications |
||
Ligne 4 : | Ligne 4 : | ||
|Status=Production | |Status=Production | ||
}} | }} | ||
== Overview== | == Overview== | ||
The use case focuses on vast varieties of intrusions and attack activities of | The use case focuses on vast varieties of intrusions and attack activities of the network traffic. We propose three Dataset ready for exploration and modeling. | ||
the network traffic. We propose three Dataset ready for exploration and modeling. | |||
[ | * [CSE-CIC-IDS2018Datasets](https://www.unb.ca/cic/datasets/ids-2018.html#:~:text=In%20CSE-CIC-IDS2018%20dataset%2C%20we%20use%20the%20notion%20of,human%20operators%20to%20generate%20events%20on%20the%20network) | ||
[ | * [UNSW-NB15Datasets](https://research.unsw.edu.au/projects/unsw-nb15-dataset) | ||
* [USB-IDS Datasets](http://idsdata.ding.unisannio.it/index.html) | |||
For each cyber security dataset we propose data analysis, data standardization an modeling notebooks. In some notebooks standardization step is include in the modeling notebook | |||
**Keywords | * Authors: Christian Maréchal | ||
Clustering, Data Standardization | * Keywords: Supervised Machine Learning, Half-Supervised Machine Learning, Clustering, Data Standardization | ||
==Plan of Study== | ==Plan of Study== | ||
* Data Analysis Notebook --\> Standardization Notebook --\> Modeling Notebook | |||
Data Analysis Notebook --\> Standardization Notebook --\> Modeling Notebook | |||
To make things easier each notebook can be run independently. | To make things easier each notebook can be run independently. | ||
Dataset Cse cic ids | == Dataset Cse cic ids == | ||
===Data=== | ===Data=== | ||
{| class="wikitable" | |||
|+ | |||
|cleaned_ids2018S_test.cs | |||
| | |||
| | |||
| | |||
|- | |||
|cleaned_ids2018S_train.csv | |||
| | |||
| | |||
| | |||
|} | |||
| | ===Notebooks=== | ||
{| class="wikitable" | |||
|+ | |||
!Notebook | |||
!Data Science step | |||
! | |||
|- | |||
|Cyber_cse-cic-ids_analysis.ipynb | |||
|''Data exploration'' | |||
| | |||
|- | |||
|Cyber_cse-cic-ids_model.ipynb | |||
|''Standardization and Half-Supervised Autoencoder model'' | |||
| | |||
|} | |||
== Dataset Unsw == | |||
| NUSW-NB15_features.utf8. | === Data === | ||
|- | {| class="wikitable" | ||
| UNSW_NB15S_test. | |+ | ||
| UNSW_NB15S_train.csv | ! | ||
| UNSW-NB15_1.csv | ! | ||
| UNSW-NB15_2.csv | ! | ||
| UNSW-NB15_3.csv | |- | ||
| UNSW-NB15_4.csv | |NUSW-NB15_features.utf8.csv | ||
| | |||
| | |||
|- | |||
|UNSW_NB15S_test.csv | |||
| | |||
| | |||
|- | |||
|UNSW_NB15S_train.csv | |||
| | |||
| | |||
|- | |||
|UNSW-NB15_1.csv | |||
| | |||
| | |||
|- | |||
|UNSW-NB15_2.csv | |||
| | |||
| | |||
|- | |||
|UNSW-NB15_3.csv | |||
| | |||
| | |||
|- | |||
|UNSW-NB15_4.csv | |||
| | |||
| | |||
|} | |||
===Notebooks=== | === Notebooks === | ||
{| class="wikitable" | |||
|+ | |||
!Notebook | |||
!Data Science step | |||
! | |||
|- | |||
|Cyber_unsw_analysis.ipynb | |||
|''Data exploration'' | |||
| | |||
|- | |||
|Cyber_unsw_analysisGmm.ipynb | |||
|''data exploration for GMM clustering'' | |||
| | |||
|- | |||
|Cyber_unsw_standardization.ipynb | |||
|''data standardization'' | |||
| | |||
|- | |||
|Cyber_unsw_autoencoder.ipynb | |||
|''Binary classifier study. Half-Supervised Autoencoder modeling, we tested:'' | |||
| | |||
|- | |||
| | |||
| -logistic regression | |||
| | |||
|- | |||
| | |||
| -Autoencoder Inria like | |||
| | |||
|- | |||
| | |||
| -Autoencoder single layer | |||
| | |||
|- | |||
| | |||
| -Autoencoder multi layers | |||
| | |||
|- | |||
|Cyber_unsw_complete_analysis.ipynb | |||
|''data exploration'' | |||
| | |||
|- | |||
|Cyber_unsw_model.ipynb | |||
|''Data Supervised model, to classify attacks of different kinds, we tested:'' | |||
| | |||
|- | |||
| | |||
| -Random Forest Classifier (rfc) | |||
| | |||
|- | |||
| | |||
| -Support Vector Classification (svm) | |||
| | |||
|- | |||
| | |||
| -Multi-Layer Perceptron (mlp) | |||
| | |||
|- | |||
| | |||
| -Artificial Neural Network (ann) | |||
| | |||
|- | |||
| | |||
| -eXtreme Gradient Boosting (xgb) | |||
| | |||
|- | |||
| | |||
| -Convolutional Neural Network (cnn) | |||
| | |||
|} | |||
== Dataset USB IDS == | |||
=== Data === | |||
{| class="wikitable" | |||
|+ | |||
! | |||
! | |||
! | |||
|- | |||
|USB-IDS-1S-TEST.csv | |||
| | |||
| | |||
|- | |||
|USB-IDS-1S-TRAIN.csv | |||
| | |||
| | |||
|- | |||
|USB-IDS-1S-VALIDATION.csv | |||
| | |||
| | |||
|} | |||
=== Notebooks === | |||
{| class="wikitable" | |||
|+ | |||
!Notebook | |||
!Data Science step | |||
! | |||
|- | |||
|Cyber_USB-IDS_analysis.ipynb | |||
|''Data exploration'' | |||
| | |||
|} | |||
| Notebook | Data Science step | | | Notebook | Data Science step | | ||
|----------------------------------|---------------------------------------------------------| | |----------------------------------|---------------------------------------------------------| |
Version du 12 novembre 2024 à 15:06
Développement du Use Case pédagogique "Machine Learning vs Attaque DDoS" dans le cadre du GT IA et Cyber
Catégorie : Commun Statut : Production 1 : Idée - 2 : Prototype - 3 : Validation - 4 : Production
Overview[modifier | modifier le wikicode]
The use case focuses on vast varieties of intrusions and attack activities of the network traffic. We propose three Dataset ready for exploration and modeling.
- [CSE-CIC-IDS2018Datasets](https://www.unb.ca/cic/datasets/ids-2018.html#:~:text=In%20CSE-CIC-IDS2018%20dataset%2C%20we%20use%20the%20notion%20of,human%20operators%20to%20generate%20events%20on%20the%20network)
- [UNSW-NB15Datasets](https://research.unsw.edu.au/projects/unsw-nb15-dataset)
- [USB-IDS Datasets](http://idsdata.ding.unisannio.it/index.html)
For each cyber security dataset we propose data analysis, data standardization an modeling notebooks. In some notebooks standardization step is include in the modeling notebook
- Authors: Christian Maréchal
- Keywords: Supervised Machine Learning, Half-Supervised Machine Learning, Clustering, Data Standardization
Plan of Study[modifier | modifier le wikicode]
- Data Analysis Notebook --\> Standardization Notebook --\> Modeling Notebook
To make things easier each notebook can be run independently.
Dataset Cse cic ids[modifier | modifier le wikicode]
Data[modifier | modifier le wikicode]
cleaned_ids2018S_test.cs | |||
cleaned_ids2018S_train.csv |
Notebooks[modifier | modifier le wikicode]
Notebook | Data Science step | |
---|---|---|
Cyber_cse-cic-ids_analysis.ipynb | Data exploration | |
Cyber_cse-cic-ids_model.ipynb | Standardization and Half-Supervised Autoencoder model |
Dataset Unsw[modifier | modifier le wikicode]
Data[modifier | modifier le wikicode]
NUSW-NB15_features.utf8.csv | ||
UNSW_NB15S_test.csv | ||
UNSW_NB15S_train.csv | ||
UNSW-NB15_1.csv | ||
UNSW-NB15_2.csv | ||
UNSW-NB15_3.csv | ||
UNSW-NB15_4.csv |
Notebooks[modifier | modifier le wikicode]
Notebook | Data Science step | |
---|---|---|
Cyber_unsw_analysis.ipynb | Data exploration | |
Cyber_unsw_analysisGmm.ipynb | data exploration for GMM clustering | |
Cyber_unsw_standardization.ipynb | data standardization | |
Cyber_unsw_autoencoder.ipynb | Binary classifier study. Half-Supervised Autoencoder modeling, we tested: | |
-logistic regression | ||
-Autoencoder Inria like | ||
-Autoencoder single layer | ||
-Autoencoder multi layers | ||
Cyber_unsw_complete_analysis.ipynb | data exploration | |
Cyber_unsw_model.ipynb | Data Supervised model, to classify attacks of different kinds, we tested: | |
-Random Forest Classifier (rfc) | ||
-Support Vector Classification (svm) | ||
-Multi-Layer Perceptron (mlp) | ||
-Artificial Neural Network (ann) | ||
-eXtreme Gradient Boosting (xgb) | ||
-Convolutional Neural Network (cnn) |
Dataset USB IDS[modifier | modifier le wikicode]
Data[modifier | modifier le wikicode]
USB-IDS-1S-TEST.csv | ||
USB-IDS-1S-TRAIN.csv | ||
USB-IDS-1S-VALIDATION.csv |
Notebooks[modifier | modifier le wikicode]
Notebook | Data Science step | |
---|---|---|
Cyber_USB-IDS_analysis.ipynb | Data exploration |
| Notebook | Data Science step | |----------------------------------|---------------------------------------------------------| | Cyber_cse-cic-ids_analysis.ipynb | *Data exploration* | | Cyber_cse-cic-ids_model.ipynb | *Standardization and Half-Supervised Autoencoder model* |
| Notebook | Data Science step |
|-------------------------------------|-----------------------------------------------------------------------------|
| Cyber_unsw_analysis.ipynb | *Data exploration* |
| Cyber_unsw_analysisGmm.ipynb | *data exploration for GMM clustering* |
| Cyber_unsw_standardization.ipynb | *data standardization* |
| Cyber_unsw_autoencoder.ipynb | *Binary classifier study. Half-Supervised Autoencoder modeling, we tested:* |
| | \-logistic regression |
| | \-Autoencoder Inria like |
| | \-Autoencoder single layer |
| | \-Autoencoder multi layers |
| Cyber_unsw_complete_analysis.ipynb | *data exploration* |
| Cyber_unsw_model.ipynb | *Data Supervised model, to classify attacks of different kinds, we tested:* |
| | \-Random Forest Classifier (rfc) |
| | \-Support Vector Classification (svm) |
| | \-Multi-Layer Perceptron (mlp) |
| | \-Artificial Neural Network (ann) |
| | \-eXtreme Gradient Boosting (xgb) |
| | \-Convolutional Neural Network (cnn) |
Dataset USB IDS
Dataset Unsw
Data[modifier | modifier le wikicode]
| USB-IDS-1S-TEST.csv | |---------------------------| | USB-IDS-1S-TRAIN.csv | | USB-IDS-1S-VALIDATION.csv |
Notebooks[modifier | modifier le wikicode]
| Notebook | Data Science step | |------------------------------|--------------------| | Cyber_USB-IDS_analysis.ipynb | *Data exploration* | | | |
>:/translate>