Reference no: EM132307398
Data analytics for intrusion detection
Purpose of the assessment
This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.
c) Evaluate intelligent security solutions based on data analytics
d) Analyse and interpret results from descriptive and predictive data analysis
Assignment Overview
For this assignment, you will analyses and evaluate one public dataset for Network Intrusion dataset, which is given in table 1.
Your task is to complete and make a research report based on the following:
1- Perform intrusion detection using the available data analytics techniques (WEKA) or other platforms, as per the instructions provided in section 1.
2- In consultation with your lecturer, you are to choose at least three data analytic techniques for network intrusion detection and prepare a technical research report. Evaluate the performance of data analytic techniques in intrusion detection using comparative analysis.
3- Recommend with the justification, the suitable security solution from the comparative study of the selected data analytic techniques.
Table 1: List of public intrusion datasets.
Dataset
|
Attacks
|
UNSW-NB15
|
analysis, backdoors, DoS, exploits, fuzzers, generic, reconnaissance,
shellcode, worms
|
NSL-KDD
|
NSL-KDD [66] DoS, remote-to-local,
user-to-root, probing
|
KDD CUP 99
|
DoS, remote-to-local, user-to-root,
probing
|
CIC DoS
|
Application layer DoS attacks (executed through ddossim, Goldeneye, hulk, RUDY,
Slowhttptest, Slowloris)
|
Section 1: Data Analytic Tools and Techniques
In this section, your task is to complete and write a report on the following:
1. Install/deploy the data analytic platform of your choice (on Win8 VM on VirtualBox).
2. Demonstrate the use of at least two data analytic techniques (e.g. decision tree, clustering or other techniques) - you are free to use any sample testing data to demonstrate your skills and knowledge.
3. Lab demonstration: Must explain how each tool technique works in your lab prior to week
11. Students need to choose only one dataset from Table 1.
Section 2: Data Analytic for Network Intrusion Detection
You are to perform the following tasks and write a full report on your outcomes:
1. Convert the benchmark data suitable for the data analytic tools and platform of your choice. Explain the differences in the available data format for data analytics.
2. Select the features with rationale (external reference or your own reasoning).
3. Create training and testing data samples.
4. Evaluate and select the data analytic techniques for testing.
5. Classify the network intrusion given the sample data.
6. Evaluate the performance of intrusion detection using the available tools and technologies (e.g. confusion matrix).
7. Identify the limitation of overfitting.
8. Evaluate and analyse the use of ensemble tools.
9. Recommend the data analytic solution for the network intrusion detection.
10. Discuss future research work given time and resources
Note: Take screenshots of your work on WEKA, showing the answer of above questions. Include these screenshots in your final report.
Attachment:- Data analytics for intrusion detection.rar