构建入侵检测系统，但从哪里开始 [英] Building Intrusion Detection System but from where to begin

问题描述

我已经在入侵检测系统上进行了大量搜索，但现在我很困惑，因为我现在应该从哪里开始。
我不知道是否存在任何开源可重用代码，但我想用神经网络制作入侵检测和预防系统。

I have searched a lot on Intrusion Detection system but now I am confused as now from where should I start. I dont know whether any open source reusable codes exists but I want to make Intrusion Detection and Prevention System with Neural Network.

从开发者的角度来看，我的问题是从哪里开始。请指导我这个主题。

From the Developer point of view my question is from where should I begin with. Kindly guide me on this topic.

此外，我目前正在分析KDD CUP 1999数据集。并寻找更多此类数据集。

Also I am presently working and analysing KDD CUP 1999 Dataset. And in search for more such data sets.

请告诉我哪些是构建入侵检测系统的最佳算法。

Kindly tell me which will be the best algorithms for building Intrusion Detection System.

感谢无论是谁回复或阅读..请指导我。
提前致谢。

Thanks to whomsoever reply or read.. Kindly guide me on this. Thanks in advance.

推荐答案

我在同一科目学习。入侵检测和机器学习。这是一个相当广泛的主题。我将更多地回答有关数据预处理和特征构造的观点。神经网络部分是完全不同的故事。

I study in the same subject. Intrusion detection and machine learning. It is rather broad subject. I will answer more about data pre-processing and feature construction point of view. Neural Network part is different story altogether.

首先，这个领域已经大量商业化，因此几乎没有开源代码示例。很多事情都是在一个封闭的生态系统中完成的。

First of all, this area is heavily commercialized therefore there is almost no open source code examples. A lot things are done commercially in a closed ecosystem.

从学术角度来看：存在一个很大的数据集问题。 DK99C（Darpa - KDD99数据集）存在，但它已经很老了。 KDD99数据集由DARPA tcpdumps构建。
他们使用兄弟IDS，tcpdump api构建功能。
从我的角度来看，从原始tcpdump创建功能比在现成功能上使用机器学习算法（神经网络）要困难得多。

From academic perspective: There is a big data set problem. DK99C (Darpa - KDD99 data set) exists but it is very old. KDD99 dataset is constructed from DARPA tcpdumps. They used bro IDS , tcpdump api to construct features. From my perspective it is a lot harder to create features from raw tcpdump than working with machine learning algorithms (Neural Network) on ready features.

阅读本文了解更多关于它（KDD99）是如何构建的

Read this article to learn more about how it (KDD99) is constructed

Article (Lee2000framework) Lee, W. & Stolfo, S. J. 
A framework for constructing  features and models for intrusion detection systems 
ACM Trans. Inf. Syst. Secur., ACM, 2000, 3, 227-261

阅读本文及其演示文稿，了解原因这个课题是一个难以研究的问题。

Read this article and its presentation to learn why this subject is a hard problem to study.

 Inproceedings (Sommer2010Outside) Sommer, R. & Paxson, V. 
 Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
 Proceedings of the 2010 IEEE Symposium on Security and Privacy, IEEE Computer Society, 2010, 305-316

阅读本文，了解大多数学者如何在这个主题中工作。真的有点令人失望。

Read this article to see how most academics work in this subject. A bit disappointing really.

Article (Tavallaee2010Toward) Tavallaee, M.; Stakhanova, N. & Ghorbani, A. 
Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods 
Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, 2010, 40, 516 -524

了解DK99C被认为有害的原因。这是有害的，但没有其他可靠的数据集。

Read this why DK99C is considered harmful. It is harmful but no other credible dataset exists.

Article (Brugger2007KDD) Brugger, S. 
KDD Cup’99 dataset (Network Intrusion) considered harmful 
KDnuggets newsletter, 2007, 7, 15

阅读本文关于IDS数据预处理的分类

Read this about taxonomy of IDS data pre processing

Article (Davis2011Data) Davis, J. J. & Clark, A. J. 
Data preprocessing for anomaly based network intrusion detection: A review 
Computers & Security, 2011, 30, 353 - 375

这篇关于构建入侵检测系统，但从哪里开始的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！