SNORT (NIDS) LINUX (Ubuntu-14.04)

APPLYING SNORT RULES

CLEAN

ATTACK

BARNYARD2 (Convert data into readable form)

MySQL DATABASE

NETWORK PACKETS DATA IDENTIFIED AS CLEAN OR ATTACK BY SNORT

KDD Dataset

SELECT KDD FEATURES MATCHED WITH SNORT'S

PRE-PROCESS THE DATA TO REMOVE CLASS IMBALANCE.

BUILD MACHINE LEARNING BASED PREDICTION MODELS USING KDD-TRAINING DATA AND THE FOLLOWING MACHINE LEARNING ALG.: SMO / RANDOM- FOREST / SIMPLE-LOGISTIC

FOR VALIDATION APPLY MACHINE LEARNING MODEL ON PACKETS DATA ALREADY CLASSIFIED AS CLEAN/ATTACK BY SNORT

OR-LOGIC FOR FINAL PREDICTION MACHINE LEARNING PREDICTION SNORT PREDICTION OUTPUT ATTACK ATTACK ATTACK CLEAN CLEAN ATTACK ATTACK CLEAN ATTACK CLEAN

OR LOGIC

OUTPUT (ATTACK/CLEAN)