Πλοήγηση ανά Συγγραφέας "Sygletos, Dimitrios"
Τώρα δείχνει 1 - 1 of 1
Αποτελέσματα ανά σελίδα
Επιλογές ταξινόμησης
Τεκμήριο Complete near-real-time machine learning - based network intrusion detection system.(ΕΛΜΕΠΑ, Σχολή Μηχανικών (ΣΜΗΧ), Τμήμα Ηλεκτρολόγων Μηχανικών και Μηχανικών Υπολογιστών, 2024-10-15) Sygletos, Dimitrios; Συγλέτος, Δημήτριος; Markakis, Evangelos; Μαρκάκης, ΕυάγγελοςThe rapid growth of the Internet in recent years has allowed technological advancements, including communication fields by enabling global connectivity in real time, which has broken down geographical barriers and allows communication with anyone, anywhere, at any time. The size of the network data and the corresponding information that gets transmitted though communication channels have significantly increased as a result of these improvements, while technological advancement creates concerns regarding the security of data during transactions, since even the simplest transactions contain sensitive information. The security of the data is constantly under threat, while cyber-crimes are evolving to be more effective and complicated to detect. However, cyber security techniques are under constant enhancement as well. Researchers are investigating and employing a variety of approaches to secure computers and networks in order to protect systems and data. Among the suggested approaches resides the development of systems that analyze the network, monitor for signs of malicious activity, and trigger an alert when they detect potential threats, namely Network Intrusion Detection Systems (NIDSs). Initially, these systems were signature-based detection systems. The signature-based technique refers to maintaining indicative malicious traffic, which may constitute cyber-attacks, in a database and comparing incoming traffic with the stored traffic. Nonetheless, this technique has a drawback: it cannot recognize intrusions if they don't exist in the database, i.e., unknown attacks. To compensate for this problem, Machine Learning (ML) and Deep Learning (DL) techniques were introduced into NIDSs to enhance detection efficacy and potentially identify unknown attacks, namely zero-day attacks, which is among the main reasons why researchers are concentrating increasingly on this appealing method. ML and DL models are trained with network traffic data in order to learn to identify patterns of malicious and benign activity. A challenge of this approach is that ML and DL models should always be trained and tested with modern network traffic in order to achieve improved detection results, while models should also be evaluated in realistic network environments. Although there are numerous studies across the literature that propose and develop NIDS solutions, the majority of them don’t deploy the model after training into a realistic network for validation or they use outdated datasets for the training of the model. This thesis proposes a NIDS that incorporates a model that was developed to detect intrusions with the utilization of the DL method and an in-house dataset developed in our laboratory, which portrays modern network traffic. The dataset was typically divided into training and testing sets and ML metrics such as Accuracy, Recall, Precision and F1-score were used to evaluate the models’ performance during the training and testing phase while the NIDS was also deployed in a realistic network and was evaluated in near-real time conditions. The proposed model showcased promising results, by achieving over 97% rate on the accuracy evaluation metric during the training phase and over 90% when deployed in a realistic network environment and evaluated during a near-real time scenario. By using the proposed NIDS to detect network intrusions, a system administrator may monitor and possibly prevent intrusions in near real-time.