Professional Documents
Culture Documents
RSI Project AI For Cybersecurity
RSI Project AI For Cybersecurity
RSI Project AI For Cybersecurity
Objective
The aim is to understand and analyze network behavior under normal operating conditions and during specific
types of cyber attacks. This project involves capturing network traffic data during a normal usage scenario and
then during three distinct attack scenarios: a scanning attack, a Denial-of-Service (DoS) attack, and a Man-in-The-
Middle (MITM) attack.
• Xmas Scan (Scanning Attack): Collect network traffic using Wireshark or tcpdump on the victim machine
for the duration necessary to complete two or three scans. This method helps in understanding the traffic
pattern generated by scanning attacks.
• DNS Cache Poisoning (Man-in-The-Middle Attack): Similarly, the collection period should cover two
or three instances of the attack to capture a comprehensive dataset of the DNS manipulation efforts.
• UDP Flood (Denial-of-Service Attack): Given the high volume of traffic generated by this attack,
consider a shorter collection period of 10 to 15 minutes. This timeframe is sufficient to understand the
intensity and impact of the DoS attack without overwhelming storage with excessive data.
• Normal traffic: it is crucial to collect normal network traffic to serve as a baseline. To do this, launch
Wireshark while using your machine normally and collect traffic for a duration of 30 to 60 minutes.
For each attack, execute one at a time, capture the network traffic on the victim machine, and save it as a
PCAP file. This structured approach allows for a detailed analysis of each attack’s characteristics and effects on
the network, compared to normal traffic patterns. Figure 1 illustrates this process.
2. Four CSV files capturing network traffic: One for the normal traffic, one for each of the three attacks.
1
Normal
Add Label
Normal
Normal
Target Dataset
Attack 1
Hacker
Traffic (PCAP)
Attack 1
Traffic Features Attack 1
exporter calculation
Attack N
Attack N
Traffic Features Attack N
exporter calculation
Training
Performance evaluation
Decision Tree
1. For each CSV file, add a new column named ”Label.” Assign to this column the name of the attack for
the respective attack captures, and for the capture containing normal traffic, assign the value ”Normal.”
Subsequently, merge the four CSV files into a single CSV file, name it ”Dataset.csv”.
2. Use the dataset (CSV file) to train and create a decision tree classifier using the Scikit-Learn library. The
decision tree should be capable of distinguishing between normal traffic and the various types of attacks.
3. Evaluate the performance of the decision tree using the following two metrics:
• Detection rate (Recall)
• False positive rate
3 Deliverables
Please submit the following deliverables, adhering to the specified format requirements:
4. A detailed report, not exceeding 5 pages, in PDF format. The report should cover the process, methodology,
results, and conclusions of your work.
Important: the Python scripts and the dataset dataset.csv should be packaged together in a single .zip
archive for submission. If the size of the file exceeds the email attachment limit, please share it via a private
Google Drive link and ensure access is granted to.