MASTER OF SCIENCE

Department of Computer Science

NETWORK INTRUSION DETECTION SYSTEM

HAREESHA H M
P18UZ21S00145

Chairperson: Guide :ShivaKumar

Ramesh B Kudenatti Assistant Professsor
Department of Computer Science Department of Computer Science
Contents : -
1 . Introduction
2. Existing and Proposed System
3. Implementation
4. Software and Hardware requirements
5.System Architecture
6. Design
7. Snap Shots
8. Conclusion and Future Enhancement
9. Bibliography
 INTRODUCTION
Network intrusion detection is a critical component of cybersecurity aimed at safeguarding computer networks
from unauthorized access, malicious activities, and security breaches. It involves monitoring and analyzing
network traffic in real-time to identify and respond to suspicious or potentially harmful activities. Network
intrusion detection is vital for maintaining the confidentiality, integrity, and availability of networked systems and
data.

Here's an introduction to network intrusion detection, including its objectives, methods, and types:
Threat Detection: The primary objective is to detect and identify various types of threats and attacks, including
malware infections, unauthorized access attempts, denial-of-service attacks, and other malicious activities.
Security Monitoring: Network intrusion detection helps security teams monitor network traffic and system
behavior continuously, providing early warnings of potential security incidents.
Incident Response: When an intrusion or suspicious activity is detected, the system can trigger alerts, enabling
security professionals to respond promptly and mitigate the impact of the incident.
Methods of Network Intrusion Detection:-

Signature-Based Detection: This method uses predefined patterns or signatures of known attacks. It compares
incoming network traffic against a database of signatures and raises an alert when a match is found. It's
effective against well-known threats but may miss new or zero-day attacks.
Anomaly-Based Detection: Anomaly detection looks for deviations from normal network behavior. It
establishes a baseline of normal traffic and flags any unusual patterns or activities. While it can identify
previously unseen attacks, it may also generate false positives.
Hybrid Detection: Many modern intrusion detection systems (IDS) use a combination of signature-based and
anomaly-based detection to improve accuracy and coverage. They leverage known attack signatures while
also monitoring for unusual behaviors.
Different classes of Attacks :-
Denial of Service (DoS) Attack:-
◦ A sudden and significant increase in network traffic or a high volume of connection request
◦ to a specific service or server.
◦ Detection Techniques :- monitoring for traffic volume spikes,tracking the number of connection requests
and implementing rate limitng or traffic filtering to control the attack.

Probe Attack:-
Description: Probe attacks involve an attacker scanning a network or system to gather information about
vulnerabilities and potential targets.
Identification: Port Scanning: Detect repeated attempts to access different ports on your network or systems.
Remote to Local (R2L) Attack:-
Description: R2L attacks involve an attacker attempting to gain unauthorized access to a system or network
from a remote location.
Identification: Unusual Authentication Attempts: Detect multiple failed login attempts or authentication requests
from remote IP addresses.
User to Root (U2R) Attack :-
An attacker has local access to the victim machine and tries to gain super-user privilege. For example,
buffer overflow attacks.
EXISTING AND PROPOSED SYSTEM
EXISTING SYSTEM:
Network Intrusion Detection System Based On Machine Learning Algorithms Vipin, Das & Vijaya, Pathak &
Sattvik, Sharma & , Sreevathsan & , MVVNS.Srikanth & Kumar T, Gireesh. (2010), International Journal of
Computer Science & Information Technology.

Network and system security is of paramount importance in the present data communication environment.
Hackers and intruders can create many successful attempts to cause the crash of the networks and web services
by unauthorized intrusion. New threats and associated solutions to prevent these threats are emerging together
with the secured system evolution. Intrusion Detection Systems (IDS) are one of these solutions. The main
function of Intrusion Detection System is to protect the resources from threats. It analyzes and predicts the
behaviours of users, and then these behaviours will be considered an attack or a normal behaviour. We use Rough
Set Theory (RST) and Support Vector Machine (SVM) to detect network intrusions. First, packets are captured
from the network, RST is used to pre-process the data and reduce the dimensions. The features selected by RST
will be sent to SVM model to learn and test respectively. The method is effective to decrease the space density of
data. The experiments compare the results with Principal Component Analysis (PCA) and show RST and SVM
schema could reduce the false positive rate and increase the accuracy.
Keywords: IDS, RST, SVM, PCA
DISADVANTAGES OF EXISTING MODEL:-
Most intrusion detection techniques focus on how to find malicious network behaviors and acquire the
characteristics of attack packets, i.e., attack patterns, based on the histories recorded in log files. Real time
attack detection at incoming rate is still a challenging
False Positives and False Negatives:
False Positives: IDS may generate alerts for benign or legitimate network activity, leading to wasted time
and resources investigating non-threats.
False Negatives: IDS may fail to detect some attacks, especially sophisticated or zero-day exploits, leaving
the network vulnerable.
Alert Overload:
A high volume of alerts, especially false positives, can overwhelm security personnel and lead to important
alerts being overlooked.
Existing techniques cannot easily authenticate remote-login users and detect specific types of intrusions,
e.g., when an unauthorized user logs in to a system with a valid user ID and password.
PROPOSED SYSTEM :-
Proposed smart intrusion detection system (IDS) is viewed as an effective solution for network
security and protection against external threats. However, the existing IDS often has a lower
detection rate under new attacks and has a high overhead when working with audit data, and thus
machine learning methods have been widely applied in intrusion detection.
In our proposed method, Decision Tree, Logistic regression, Random Forest and KNN is
developed as learning methods in solving the classification problem of pattern recognition and
intrusion identification
Compared with other classification algorithms, Decision Tree, Logistic regression, Random
Forest and KNN can better solve the problems of small samples, nonlinearity and high
dimensionality.
ADVANTAGES OF PROPSED SYSTEM:-
High accuracy on detection rate.
High True positive rate.
True Positive
 A legitimate attack which triggers to produce an alarm.
False Positive
An event signaling to produce an alarm when no attack has taken place.
False Negative
When no alarm is raised when an attack has taken place.
True Negative
An event when no attack has taken place and no detection is made.
Accuracy = Total number of samples / True positives + False negatives
IMPLEMENTATION
DataSet Details :-
1. Data Collection:-
Here will collect network traffic data, often in the form of network packets or log files, from
various sources within your network. These sources could include routers, switches, firewalls, and
other network devices.
2. Data Preprocessing:-
Data preprocessing involves cleaning and preparing the raw network data for analysis. This includes
removing irrelevant data, handling missing values, and transforming data into a suitable format for
machine learning algorithms.
3. Feature Extraction:-
We will extract relevant features from the network data to be used as input to your machine learning
model. Features might include source and destination IP addresses, port numbers, packet sizes,
protocols, and more
.4. Model Selection:-
We'll design a machine learning model to classify network traffic into normal and malicious
categories. Here We Commonly used algorithms for network intrusion detection include Decision
trees, K-Nearest Neighbouring (KNN), Linear Regression etc
5. Training:-
Train the chosen machine learning model on labeled data. Labeled data means you have examples of network
traffic that are known to be either normal or malicious. The model learns to recognize patterns in the data that
differentiate between the two.
6. Intrusion Detection:-
Once the model is trained, we’ll deploy it to monitor incoming network traffic in real-time. As new data flows
through the network, the model evaluates whether it is normal or potentially malicious based on the patterns it
has learned during training.
7. Alerting and Response:-
When the model detects suspicious activity, it generates alerts or triggers predefined responses. These responses
might include logging the event, blocking the suspicious traffic, or notifying network administrators.
Some Network Traffic Features: -
1.Source and Destination IP Addresses 3.Port Numbers
2.Pocket Sizes 4.Protocal Type
Logistic Regression Algorithm:-
Logistic Regression is one of the most common algorithms used for binary
classification. It predicts the probability of occurrence of a binary outcome using
a logit function. It is a special case of linear regression as it predicts the probabilities
of outcome using log function.
In simple, Linear Regression predicts scores on one variable from the scores on a
second variable. The variable that predicted is called Criterion Variable. The variable
base for 21 predictions on is called predictor variable. When there is only one
predictor variable, the prediction method is called simple regression.
We use the activation function (sigmoid) to convert the outcome into categorical value. There are many
examples where we can use Logistic Regression for example, it can be used for Fraud Detection, Spam
Detection, Cancer Detection, etc
Decision trees:-
In decision trees, for predicting a class label for a record we start from the root of the tree. Then compare
the values of the root attribute with record’s attribute. On the basis of comparison, follow the branch
corresponding to that value and jump to the next node.
Decision Tree works in following manner
1.Place the best attribute of the dataset at the root of the tree.
2.Split the training set into subsets. Subsets should be made
in such a way that each subset contains data with the same
value for an attribute.
3. Repeat step 1 and step 2 on each subset until you find leaf
nodes in all the branches of the tree.
SOFTWARE AND HARDWARE REQUIREMENTS:-
HARDWARE REQUIREMENTS :-
System : Hp i3 Processor
 Hard Disk: 500GB
Input Devices: Keyboard ,Mouse
RAM :4 GB

SOFTWARE REQUIREMENTS :-
Operating system: Windows 10
Coding Language: Python
Tool used: VS code , Jupyter Notebook
SYSTEM ARCHITECTURE :-
 DESIGN
Use Case Diagram:
A use case diagram is a type of UML (Unified
Modeling Language) diagram used to visualize and
document the functional requirements of a system or
software application from the user's perspective. Use
case diagrams are particularly helpful for understanding
how users interact with a system and the various tasks
or actions they can perform. They depict the
relationships between actors (users or external systems)
and use cases (individual functionalities or features of
the system).
SNAP SHOTS:
CONCLUSION:-
In this network intrusion detection project, we have successfully implemented an intrusion detection system that has contributed significantly to the security
and integrity of our network infrastructure. Through the project's phases, including data collection, feature engineering, model selection, and real-time
deployment, we have achieved the following:
Improved Security: The intrusion detection system has proven effective in identifying and alerting on various types of network attacks, including malware
infections, phishing attempts, and unauthorized access.Reduced Response Time: By providing real-time alerts, the system has enabled our security team to
respond quickly to security incidents, mitigating potential damage and minimizing downtime.
Enhanced Visibility: The project has improved our understanding of network traffic patterns and potential vulnerabilities, allowing us to proactively
address security risks.

Future Enhancements:
While our network intrusion detection system has been successful, there are several opportunities for future enhancements to further strengthen our security posture:
Advanced Machine Learning Models: Consider implementing more advanced machine learning models, such as deep learning and anomaly detection techniques, to improve the accuracy of threat detection and reduce false positives.
Behavioral Analysis: Expand the system's capabilities to include behavioral analysis, which can detect deviations from established network behavior patterns, even in the absence of known attack signatures.
Integration with Threat Intelligence: Integrate the system with threat intelligence feeds to stay up-to-date on emerging threats and zero-day vulnerabilities.
FUTURE ENHANCEMENT:-
While our network intrusion detection system has been successful, there are several opportunities
for future enhancements to further strengthen our security posture:
Advanced Machine Learning Models: Consider implementing more advanced machine learning
models, such as deep learning and anomaly detection techniques, to improve the accuracy of
threat detection and reduce false positives.
Behavioral Analysis: Expand the system's capabilities to include behavioral analysis, which can
detect deviations from established network behavior patterns, even in the absence of known
attack signatures.
Integration with Threat Intelligence: Integrate the system with threat intelligence feeds to stay up-
to-date on emerging threats and zero-day vulnerabilities.
REFERENCES:-
[1] Johansson Danie l,Andersson Par, “Intrusion Detection Systems with Correlation Capabilities”
[2]Yasm Curt, “Prelude as a Hybrid IDS Framework”, March, 2009
[3] Kumar Vinod, Sangwan Prakash Om, “Signature Based Intrusion Detection System Using SNORT”, IJCAIT,
International Journal of Computer Applications & Information Technology, Vol. I, Issue III, November 2012.
[4] Singh Deepak Kumar, Gupta Jitendra Kumar, “An approach for Anomaly based Intrusion detection System using
SNORT“, IJSER, International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September 2013.
[5] S, Vijayarani, and Maria Sylviaa S. “Intrusion Detection System – A Study”, IJSPTM, International Journal of
Security, Privacy and Trust Management ,Vol 4, Issue 1, pp. 31–44, February 2015.
https://ieeexplore.ieee.org
https://www.researchgate.net
https://scholar.google.com
https://youtoube.com
THANK

YOU