Framework for implementing Intrusion Detection Systems (NIDS) aimed at identifying anomalies in network flows using Machine Learning models.
To create the experimental environment, execute the following commands:
python -m venv .env Note: The virtual environment must have this name because the scripts use this name to load the needed libraries. fl-unsup-nids/blob/anomaly-flow-baseline/utils/load_data.py After creating the Virtual environment, use the following command to install the necessary python packages:
pip install -r requirements.txtTo run the local experiments, use the following command:
source experiments.shTo run the Federated Learning experiments, use the following command:
source run.sh To run the experiments, we need to have the CIC-IDS2018, BoT-IoT and ToN-IoT in a folder called datasets in the root of the project, e.g. :
|- anomaly-flow
|- datasets
|- NF-CSE-CIC-IDS2018-v2-DDoS.csv.gz
|- NF-BoT-IoT-v2-DDoS.csv.gz
|- NF-ToN-IoT-v2-DDoS.csv.gz
In our case we used derived datasets containing only benign and DDoS samples filtered from the originals datasets.
To generate Synthetic Data for a specific dataset use the script main.ipynb.
To run the external and simple model scripts, please install the custom pip package for the EFC algorithm:
- Make sure the scripts have run privileges:
chmod +x ./auxiliary_scripts/install-efc.sh- Run the script (Git and the anomaly-flow environment named .env required):
./auxiliary_scripts/install-efc.shThe baselines for a multi-domain DDoS detection using federated learning are available here:
The data used to carry out the experiments can be obtained from:
Machine Learning-Based NIDS Datasets (Netflow V2 Datasets)
The following projects were used as reference for the preparation of this work:
Michele Nogueira
