This repository contains the codes used for my master thesis: "Unsupervised Machine Learning for Intrusion Detection Systems". For more information on the architecture setup you can take a look at the Appendix section in the thesis.
This thesis explores anomaly detection of web-based attack on microservices based applications by modeling application performance metrics and service logs. The general idea is that a normal activity profile can be built upon the (simulated) normal activity on the web application and then the anomalies such as web attacks can be detected as different behaviour with respect to the normal activity. This task will be carried out by generating a dataset only containing normal activity and then train machine learning models to distinguish between the learnt behaviour and different behaviours.
The contributions can be summarized as follows:
- Deployment of a complex microservice application.
- Usage of log production as added features.
- Design of an unsupervised approach to the problem.
IDS Overview
Architecture Testbed
ML Model Design
