search

cwhitman / neural-network-intrusion-detection

A work in progress project to use a simple neural network in order to detect FTP password guessing attacks, DOS attacks, and DDOS attacks.
1 stars 1 forks source link

Determine Tensor Input #8

Open cwhitman opened 7 years ago

cwhitman commented 7 years ago

We need to think about the form of the input tensors.

As a starting idea: We could have a tensor for each individual packet. This tensor would contain all of the information for that packet plus some simple statistical information regarding previous packets. For example, the a basic tensor for a packet would look something like:

[ source IP, protocol, packet length, . . ., average of time between connections for source IP, total number of connections from source IP in last hour, total number of connections from source IP in last month]

Or

[192.168.56.101, FTP, 1000, . . . , 3.6, 10, 100]

The advantage of this system is that we could determine an attack on a packet by packet basis. The disadvantage of this system is that we would have to write code to remember/update the statistical information as each packet comes through. The idea is pretty rough right now, working on making it more robust.

cwhitman commented 6 years ago

Currently tensor is formatted as [exponential moving average of time between packets, total number of packets received in last second, protocol type, bytes sent, average Time between connection for this IP, total number of connections for this IP].

It will be continuously modified as we attempt to get this thing working.