Bachelor Thesis

Due to the variety of possible ways to attack a computer system, network intrusion detection has been always a very complex task. The main problem of detection tools is to balance the detection ratio with the errors. The cost of generating a false alarm can be prohibitive and should be avoided when possible. The increasing amount of attacks witnessed in the last few years makes it very necessary to have a detection tool for protecting the network. Stratosphere IPS is a free-software network intrusion detection tool which uses machine learning algorithms for identification of infected devices in the network. One of the downsides of the first version of Stratosphere IPS is that it detects individual connections and it, therefore, generates a lot of false alarms. This thesis proposes to design, implement and test a machine learning improvement of Stratosphere IPS which aggregates the partial detections of hosts and classifies them using the XGBoost algorithm to improve the overall performance of the tool. Our method is based on an additional layer of abstraction called Source Address layer which collects the partial data and pre-processes it or the classifier. Compared to the first version of Stratosphere IPS proposed extension results in 40% increase in accuracy and 26% improvement in the False Positive rate.

Download this thesis here.