DEVELOPMENT OF SECURITY TESTBED FOR MACHINE LEARNING NETWORK-BASED INTRUSION DETECTION SYSTEMS
Security testing on the ML-NIDS is carried out as an effort to find out the characteristics and defects that may exist in ML-NIDS. Security testing is done by adjusting the type and method of analysis on ML-NIDS. The ML-NIDS based on supervised learning with the method of flow analysis has a char...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/85054 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Security testing on the ML-NIDS is carried out as an effort to find out the
characteristics and defects that may exist in ML-NIDS. Security testing is done by
adjusting the type and method of analysis on ML-NIDS. The ML-NIDS based on
supervised learning with the method of flow analysis has a character in the form of
intrusion analysis carried out based on data that has been labeled in the training
process and determination of intrusion efforts is carried out based on network
flow which has a set of packets out from and into the network. There are several
methods of security testing for ML-NIDS, namely adversarial testing on modified
datasets and cross-testing with different models and datasets. In addition to model
performance, the general methods of security testing on IDS-es are to measure the
resource usage and detection time of the IDS. All of these methods are limited to
the focus of each method and do not describe ML-NIDS as a whole.
A security testbed was created to facilitate security testing on ML-NIDS-es. The
security testbed is intended for ML-NIDS-es that have a flow analysis method
on traffic with a supervised learning algorithm on the ML model. Based on
the characteristics of the ML-NIDS mentioned above, it is necessary to analyze
the model performance, detection time, and resource usage of ML-NIDS. To
accommodate the need to analyze ML-NIDS, the security testbed has a number
of features, including stopwatch(es) to measure detection time, resource monitor(s)
to measure the resource usage of the ML-NIDS, and statistics analyzer(s) to process
statistical data obtained during the security testing process. At the end of security
testing, the security testbed issues a report containing data analysis of the security
testing process.
The security testbed built can run well when there is traffic in the network and also
when both the controller and the agent are well connected. In ideal conditions, the
security testbed is able to provide analysis results from the security testing process
that has been carried out by providing a report that contains analysis results from
security testing. The security testbed is able to run both in normal use and with
simulated attacks. In addition, the security testbed has a small resource footprint
that does not significantly affect the performance of the running system. |
|---|