Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jcapellman/mlids

Machine Learning Intrusion Detection and Network Monitor
https://github.com/jcapellman/mlids

csharp dotnet-core ids machine-learning ml-net

Last synced: about 5 hours ago
JSON representation

Machine Learning Intrusion Detection and Network Monitor

Host: GitHub
URL: https://github.com/jcapellman/mlids
Owner: jcapellman
License: gpl-3.0
Created: 2016-10-01T02:12:54.000Z (about 8 years ago)
Default Branch: master
Last Pushed: 2024-08-24T23:24:02.000Z (3 months ago)
Last Synced: 2024-08-25T00:27:59.569Z (3 months ago)
Topics: csharp, dotnet-core, ids, machine-learning, ml-net
Language: C#
Homepage:
Size: 1.46 MB
Stars: 13
Watchers: 6
Forks: 4
Open Issues: 7
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Citation: CITATION.cff
- Security: SECURITY.md

Awesome Lists containing this project

README

# MLIDS

MLIDS is a Host Intrusion Detection System using Machine Learning. Several years ago (2014), the original idea was to write a C++ brute force network analyzer for a Cobalt Qube (http://www.jarredcapellman.com/2014/3/9/NetBSD-and-a-Cobalt-Qube-2). Fast-forward a few years, and my shift to utilizing Machine Learning (ML) every day professionally was a perfect fit for using ML. When it came time to decide on a topic for my dissertation research, this was at the top of my list.

Over the course of working on my dissertation, holding positions within my previous company, and starting a new job, I decided to expand the scope of the work. I primarily utilized Python and Rust for the training and inference, respectively, as opposed to using C# for everything. Going back to one of my core principles - using the best tool for the job. This of course affected my Chapter 3, but would make the research much more real-world.

## Status of GitHub Actions
[![SonarQube Analysis](https://github.com/jcapellman/MLIDS/actions/workflows/SonarQubeAnalysis.yml/badge.svg)](https://github.com/jcapellman/MLIDS/actions/workflows/SonarQubeAnalysis.yml)

[![CodeQL](https://github.com/jcapellman/MLIDS/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/jcapellman/MLIDS/actions/workflows/codeql-analysis.yml)

## Components
As anyone who has followed my work over the last two decades - I like to use the right tools for the job. O
* Packet Capture Driver (NPCAP NDIS Filter Driver - https://nmap.org/npcap/)
* Packet Capture Application (.NET 8)
* Model Trainer Application (Python)
* Model Harness Application (Rust)

## Releases
All artifacts will be built and packaged individually using GitHub Actions. In addition, SonarQube Analysis is being performed for Unit Test coverage, vulnerabilities, bugs, and enterprise readiness.

## Requirements
* Windows 10+
* Npcap Driver Installed
* MongoDB Installed or use of LiteDB, JSON or CSV if storing of the data is needed
* .NET 8 Runtime (https://dotnet.microsoft.com/en-us/download/dotnet/8.0)
* Python 3.12.5 (https://www.python.org/)
* Rust 1.80.1 (https://www.rust-lang.org/)

## Usage
The idea is to follow the steps:
1. Run the Packet Capture Application to generate a sizeable training and test set
2. Run the Model Trainer Application to generate a model
3. Run the Model within the Model Harness Application to verify performance impact and detection capabilities

## License
As noted this is licensed under the GPL-3.0 License.