MLIDS is a Host Intrusion Detection System using Machine Learning. Several years ago (2014), the original idea was to write a C++ brute force network analyzer for a Cobalt Qube (http://www.jarredcapellman.com/2014/3/9/NetBSD-and-a-Cobalt-Qube-2). Fast-forward a few years, and my shift to utilizing Machine Learning (ML) every day professionally was a perfect fit for using ML. When it came time to decide on a topic for my dissertation research, this was at the top of my list.
Over the course of working on my dissertation, holding positions within my previous company, and starting a new job, I decided to expand the scope of the work. I primarily utilized Python and Rust for the training and inference, respectively, as opposed to using C# for everything. Going back to one of my core principles - using the best tool for the job. This of course affected my Chapter 3, but would make the research much more real-world.
As anyone who has followed my work over the last two decades - I like to use the right tools for the job. O
- Packet Capture Driver (NPCAP NDIS Filter Driver - https://nmap.org/npcap/)
- Packet Capture Application (.NET 8)
- Model Trainer Application (Python)
- Model Harness Application (Rust)
All artifacts will be built and packaged individually using GitHub Actions. In addition, SonarQube Analysis is being performed for Unit Test coverage, vulnerabilities, bugs, and enterprise readiness.
- Windows 10+
- Npcap Driver Installed
- MongoDB Installed or use of LiteDB, JSON or CSV if storing of the data is needed
- .NET 8 Runtime (https://dotnet.microsoft.com/en-us/download/dotnet/8.0)
- Python 3.12.5 (https://www.python.org/)
- Rust 1.80.1 (https://www.rust-lang.org/)
The idea is to follow the steps:
- Run the Packet Capture Application to generate a sizeable training and test set
- Run the Model Trainer Application to generate a model
- Run the Model within the Model Harness Application to verify performance impact and detection capabilities
As noted this is licensed under the GPL-3.0 License.