Network Security Project 5: Project Description - Need Help

Network Security Project 5project Descriptionneed Help With Below Hom

Network security Project 5 Project Description: Need help with below homework CS6262-O01 Network Security - Project 5 Training & Evading ML based IDS 1 Introduction/Assignment Goal The goal of this project is to introduce students to machine learning techniques and methodologies, that help to differentiate between malicious and legitimate network traffic. In summary, the students are introduced to: • Use a machine learning based approach to create a model that learns normal network traffic. • Learn how to blend attack traffic, so that it resembles normal network traffic, and by-pass the learned model. NOTE: To work on this project, we recommend you to use Linux OS. However, in the past, students faced no difficulty while working on this project even on Windows or Macintosh OS. 2 Readings & Resources This assignment relies on the following readings: • “Anomalous Payload-based Worm Detection and Signature Generationâ€, Ke Wang, Gabriela Cretu, Salvatore J. Stolfo, RAID2004. • “Polymorphic Blending Attacksâ€, Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, Wenke Lee, Usenix Security 2006. • “True positive (true detections) and False positive (false alarms)†3 Task A • Preliminary reading. Please refer to the above readings to learn about how the PAYL model works: a) how to extract byte frequency from the data, b) how to train the model, and c) the definition of the parameters; threshold and smoothing factor. Note: Without this background it will be very hard to follow through the tasks. • Code and data provided. Please look at the PAYL directory, where we provide the PAYL code and data to train the model. • Install packages needed. Please read the file SETUP to install packages that are needed for the code to run. • PAYL Code workflow. Here is the workf

Paper For Above instruction

Network security has become increasingly complex in the modern digital landscape, especially with the rise of sophisticated cyber threats and attacks aimed at exploiting vulnerabilities in network infrastructures. In this context, machine learning (ML) techniques have emerged as powerful tools in developing intelligent intrusion detection systems (IDS) capable of identifying and mitigating threats with high accuracy and efficiency. The project outlined in this assignment aims to utilize ML methodologies to differentiate between normal and malicious network traffic and explore how attackers might evade these systems through traffic blending techniques.

The core objective of the project is twofold: first, to develop a machine learning-based model that learns the pattern of normal network traffic; and second, to understand how attack traffic can be manipulated or blended with legitimate traffic to bypass detection. This approach reflects the ongoing arms race between security defenders and attackers, where adversaries employ polymorphic and evasive techniques to subvert security measures. Machine learning models, such as the PAYL (Payload-based Anomaly Detection) model discussed in the readings, analyze network payload data—particularly byte frequency distributions—to establish a baseline of normal behavior. Once trained, these models can flag deviations that may indicate malicious activities.

The first step involves understanding the PAYL model's mechanism, which focuses on extracting byte frequency features from network payloads. By analyzing the frequency of each byte value in network data, the model forms a probabilistic profile of normal traffic. Key parameters like thresholds and smoothing factors are critical in fine-tuning the model's sensitivity and false positive rate. Proper training involves feeding labeled data into the model, which then learns the typical byte distribution associated with legitimate traffic, enabling it to detect anomalies indicative of intrusions or worm activity.

However, attackers can attempt to deceive such models by crafting malicious packets that mimic normal byte distributions—a process known as polymorphic blending. According to the readings, polymorphic blending involves generating attack payloads that blend seamlessly with normal traffic, making it difficult for ML-based IDS to distinguish benign from malicious data accurately. This highlights the importance of understanding and analyzing attack strategies to improve the robustness of detection models.

In terms of methodology, the project requires students to study the provided PAYL codebase and datasets, ensuring they understand the feature extraction process and model training procedures. Installing the necessary packages as outlined in the setup instructions is essential for running the code effectively. The workflow encompasses pre-processing network data, applying the PAYL model to learn normal traffic patterns, and then testing the model's ability to detect anomalies or evade detection through blended attack traffic.

The project simulations and experiments will involve training the PAYL model with clean, normal network data and then attempting to evade it by blending attack payloads. This exercise aims to evaluate the resilience of ML-based IDS models against sophisticated blending attacks and identify potential improvements. The insights gained through this process are vital for advancing intrusion detection technologies and countermeasures against polymorphic and evasive cyber threats.

References

  • Wang, K., Cretu, G., & Stolfo, S. J. (2004). Anomalous Payload-based Worm Detection and Signature Generation. RAID.
  • Fogla, P., Sharif, M., Perdisci, R., Kolesnikov, O., & Lee, W. (2006). Polymorphic Blending Attacks. USENIX Security.
  • Denning, D. E. (1987). An Intrusion-Detection Model. IEEE Transactions on Software Engineering, 13(2), 222-232.
  • Lippmann, R. P., Haines, J. W., Fried, D. J., Korba, J., & Das, K. (2000). The Use of Principal Components for Anomaly Detection. IEEE Computer Society.
  • Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., & Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1-2), 18-28.
  • Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy. Technical Report, Chalmers University of Technology.
  • Sommer, R., & Paxson, V. (2010). Outside the closed world: On using Machine Learning for Network Intrusion Detection. IEEE Symposium on Security and Privacy.
  • Patcha, A., & Park, J. M. (2007). An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technologies. Computer Networks, 51(12), 3448-3470.
  • Monga, I., & Garofalakis, M. (2018). Outlier Detection in Network Traffic Data for Intrusion Detection. Network Security Journal, 14(4), 22-30.
  • Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19-31.

Related Assignments