-
Notifications
You must be signed in to change notification settings - Fork 0
Machine Learning for Packet Analysis
I wanted to make note of a potential avenue for packet analysis being Machine Learning. By using Microsoft's ML.NET Library it is possible to train a functional ML model given you have a the time, normalized data, and processing power to train one. I've done this before when working on text sentiment projects, with rather good results.
Once you have a normalized dataset, and an input source you'd like to evaluate, you need to provide relevant features in, in order to predict one of the features as output. At least, this is my rudimentary understanding. In this screenshot, notice the "Column to predict" is the target with a given csv file input.
https://www.unb.ca/cic/datasets/ids-2018.html
CICIDS2017 dataset contains benign and the most up-to-date common attacks, which resembles the true real-world data (PCAPs). It also includes the results of the network traffic analysis using CICFlowMeter with labeled flows based on the time stamp, source, and destination IPs, source and destination ports, protocols and attack (CSV files). Also available is the extracted features definition.