Code Monkey home page Code Monkey logo

ids2018-ddos-traffic-classify's Introduction

IDS2018-DDoS-Traffic-Classify

杭电综合项目实践源代码,主要包括:

  • 模型训练:基于公开的入侵检测数据集IDS 2018中Thursday-15-02这一天的数据,使用LightGBM和XGBoost算法训练DDoS流量分类模型,实现对正常流量和DDoS流量的分类,模型五折交叉验证AUC达到0.99
  • 流量采集与分类:基于软件定义网络虚拟环境Mininet搭建了一个简单的网络拓扑,通过使用sFlow RT采集网络流量,并利用DDoS流量分类模型进行检测,模型AUC为0.81

目录

依赖

  • Anaconda 3环境
  • pip install lightgbm
  • pip install xgboost

使用

数据集下载

数据集存储在AWS上,因此首先需要安装AWS CLI

安装完成后,在命令行中输入以下命令查看目录下的所有文件:

aws s3 ls --no-sign-request "s3://cse-cic-ids2018" --recursive --human-readable --summarize

下载数据集:

aws s3 cp --no-sign-request "s3://cse-cic-ids2018/Processed Traffic Data for ML Algorithms/Thursday-15-02-2018_TrafficForML_CICFlowMeter.csv" G:\

AWS CLI下载并不稳定,可以直接访问http://cse-cic-ids2018.s3.amazonaws.com/Processed%20Traffic%20Data%20for%20ML%20Algorithms/Thursday-15-02-2018_TrafficForML_CICFlowMeter.csv 下载。

模型训练

文件 内容
dataset_understanding.ipynb 数据理解
EDA.ipynb 数据探索性分析
feature_engineering.ipynb 特征工程
baseline.ipynb initial baseline
baseline2.ipynb final baseline

流量采集

两台虚拟机,安装Ubuntu,一台作为sFlow Collector,另一台作为sFlow Agent。

sFlow Collector

配置JDK环境,下载sFlow RT 3.0,安装sFlow RT流量分析APP flow-trend和browse-metrics:

./sflow-rt/get-app.sh sflow-rt flow-trend
./sflow-rt/get-app.sh sflow-rt browse-metrics

启动

./sflow-rt/start.sh

访问localhost:8008打开Web界面,sFlow Collector接收sFlow Agent数据在6343端口。

sFlow Agent

配置Mininet环境,mn创建拓扑。

设置交换机开启sFlow功能:

ovs-vsctl -- --id=@sflow create sflow agent=eth0 target=\"192.168.222.129:6343\" sampling=10 polling=1 -- set bridge s1 sflow=@sflow

查看已配置的sFlow Agent:

ovs-vsctl list sflow

查看网络链路情况:

ip link

定义流

./sflow_traffic/define_flow.py

采集流量

./sflow_traffic/get_data_from_sflow.py

流量分类

./sflow_traffic/sflow_traffic_classift.ipynb

License

GPL © Bil369

ids2018-ddos-traffic-classify's People

Contributors

bil369 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

mzbqhbc ljw-hit 15536818056 chaochaochaozi cugwhzenith passcet46 brianlin314

ids2018-ddos-traffic-classify's Issues

0.0

我想问问,采集的数据集是如何进行标记,这一点,困惑我很久了,是人工手动标注或者有其他的方法嘛,我很想知道,谢谢

运行多久

./sflow_traffic/get_data_from_sflow.py
流量采集这一步大概是要运行多久呢,

你好

你好,能加个vx好友吗?最近在做ddos攻击的毕设,想有偿的请教一下。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.