JoeyTaubert
commented
5 months ago Met on 4/17.
Demoed size prediction w/ model.
Original course of the last few days of Sprint 1 involved utilizing the model to create a real-time graph in the WebApp with continuous predictions.
Now the course will be changing slightly. I want to experiment with providing the model with protocol-level data and seeing if it can detect suspicious vs. normal traffic.
This will involve training on both normal traffic (0), and suspicious traffic (1). For example, training specifically on DNS requests, where some of the dataset is normal (0) and some of the dataset has been used for DNS exfiltration (1). This way, when we feed a DNS packet to the model, it can give us a rating of the packet on a scale from 0-1, depending on how much the packet aligns with our model of normal (0) or suspicious (1).
Probably going to focus on the following protocols:
- DNS (udp/53)
- Try to catch DNS exfiltration
- ICMP
- Try to catch the "ping of death"
I would still like to work some graphs into my WebApp if possible, but if not, I will manually make some graphics using the data I got.
Meeting scheduled for 4/17