Network Intrusion Detection System using Machine Learning

Abstract

In modern network environments, security threats such as Denial of Service (DoS) and Distributed Denial of Service (DDoS attacks pose significant risks to network availability and performance. These attacks aim to overwhelm network resources, disrupt services, and make systems inaccessible to legitimate users. A Network Intrusion Detection System (NIDS) plays a crucial role in identifying and mitigating these threats by continuously monitoring network traffic and detecting malicious activities. This project presents a Network Intrusion Detection System (NIDS) utilizing the Fast k-Nearest Neighbors (Fast k-NN) algorithm for detecting Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks in a network environment. The CICIDS2017 dataset is used for model training, involving data preprocessing steps such as cleaning, trans formation, feature selection, extraction, and labeling. The dataset is split into training, validation, and testing sets, where the Fast k-NN algorithm is applied to train the NIDS model. The experimental setup includes a Mininet-based custom topology controlled by the POX SDN controller. DoS and DDoS attacks are simulated using hping3, and network traffic is captured using Wireshark. Features are extracted using NTL FlowLyzer and processed for intrusion detection. The trained model predicts attack patterns, logging detected intrusions for analysis. This approach provides an efficient and scalable intrusion detection system that enhances network security by leveraging machine learning for accurate attack detection.