- Benchmark Basics (23 Dec 2018)
Now that we have this fancy lab, a benchmark is needed for qualitative evaluation of different algorithms and products.
For this, I’ve built a Python 3-based framework for ease of use.
- Datasets (23 Dec 2018)
There are various well known and well used datasets that are used in academia.
Let’s have a look at some of them and their properties. For the final version of my testbench I am using NSL-KDD as well as CICIDS2017.
- Master Netflow Lab (27 Jun 2018)
For the matter of my masters’ thesis I am in need of a well defined lab environment that is capabale of simulating traffic as well as running on test data.
This is how I built it.
- Lab Overview (12 Jun 2018)
As I am building a different approach to IDS from the bottom, I am in need of a proper lab setup.
This post outlines a high level overview to nuture a basic understanding of future architecture decisions.
- Mermaid (12 Jun 2018)
It is time for graphs and pictures to better illustrate the archtitecture of various stuff I am bulding.
So I settled on mermaid, wich is a lightweight markdown-like script language for chart generation.
In this post I am presenting you the way I set it up with Github Pages.
- Splunk and Netflows (27 May 2018)
So, you want to do your large scale intrusion detection on netflows - but how do you get them in a datasink?
Let me tell you about Splunk Stream, the TA that saved my prolonged back in the setup phase.
- Machine Learning Basics (14 May 2018)
Until now, we have successfully defined what an Intrusion Detection System is and how it can be categorized.
Now I have to say, I am a really lazy person, as many Computer Science people are.
I like to leave the heavy lifting and processing to machines that are really good and efficient at this task.
That’s where Machine Learning comes into play.
- What are Intrusion Detection Systems? (24 Feb 2018)
Interconnected computer systems have an ever increasing importance in our modern lives.
As these networks grow in complexity, human-based monitoring of activities is unlikely to find malicious activity.
Therefore it can be beneficent to add another layer of defense into the system after authorization and authentication to ensure that possible intrusions are detected and reported.
- Signature vs anomaly-based detection (20 Feb 2018)
As [Wang2017] and [Lee1998] state, IDS detection can be classified either as signature-based or anomaly-based detection.
If you need a little primer on intrusion detection systems, read my post on defining IDS in the wild.