├── test_time_figure.png
├── train_time_figure.png
├── test_accuracy_figure.png
├── training_accuracy_figure.png
├── dataset
    ├── kddcup.data_10_percent.gz
    ├── training_attack_types
    ├── typo-correction.txt
    └── kddcup.names
└── README.md


/test_time_figure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mudgalabhay/Intrusion-Detection-System/HEAD/test_time_figure.png


--------------------------------------------------------------------------------
/train_time_figure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mudgalabhay/Intrusion-Detection-System/HEAD/train_time_figure.png


--------------------------------------------------------------------------------
/test_accuracy_figure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mudgalabhay/Intrusion-Detection-System/HEAD/test_accuracy_figure.png


--------------------------------------------------------------------------------
/training_accuracy_figure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mudgalabhay/Intrusion-Detection-System/HEAD/training_accuracy_figure.png


--------------------------------------------------------------------------------
/dataset/kddcup.data_10_percent.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mudgalabhay/Intrusion-Detection-System/HEAD/dataset/kddcup.data_10_percent.gz


--------------------------------------------------------------------------------
/dataset/training_attack_types:
--------------------------------------------------------------------------------
 1 | back dos
 2 | buffer_overflow u2r
 3 | ftp_write r2l
 4 | guess_passwd r2l
 5 | imap r2l
 6 | ipsweep probe
 7 | land dos
 8 | loadmodule u2r
 9 | multihop r2l
10 | neptune dos
11 | nmap probe
12 | perl u2r
13 | phf r2l
14 | pod dos
15 | portsweep probe
16 | rootkit u2r
17 | satan probe
18 | smurf dos
19 | spy r2l
20 | teardrop dos
21 | warezclient r2l
22 | warezmaster r2l
23 | 
24 | 


--------------------------------------------------------------------------------
/dataset/typo-correction.txt:
--------------------------------------------------------------------------------
 1 | Note of Correction (June 26, 2007)
 2 | 
 3 | There was one typo in this data set.  It was in row 4817100 
 4 | in kddcup.data (and line 485798 in kddcup.data_10_percent):
 5 | 
 6 | 0,tcp,private,S0,0,0,0,0,0,0,0,0,0,0,00,tcp,http,SF,334,1684,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,9,0.00,0.00,0.00,0.00,0.33,0,0,0.00,0.00,0.00,0.00,0.00,0.00,0.00,0.00,normal.
 7 | 
 8 | 
 9 | Notice that part of another row was appended to this row 
10 | (it probably was an accidental duplication of the row above).  
11 | We have fixed the typo by removing the "partial row", so now
12 | the row looks like this:
13 | 
14 | 0,tcp,http,SF,334,1684,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,9,0.00,0.00,0.00,0.00,1.00,0.00,0.33,0,0,0.00,0.00,0.00,0.00,0.00,0.00,normal.
15 | 
16 | The correct data is now in kddcup.data.gz and kddcup-data_10_percent.gz.  
17 | 
18 | Many thanks to those who have notified us of this typo.
19 | 
20 | --Librarian
21 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Intrusion-Detection-System
 2 | IDS monitors a network or systems for malicious activity and protects a computer network from unauthorized access from users,including perhaps insider.
 3 | The motive of this study is to propose a predictive model (i.e. a classifier) capable of distinguishing between 'bad connections' (intrusions/attacks) and a 'good
 4 | (normal) connections' after applying some feature extraction on KDD Cup 1999 dataset by DARPA. 
 5 | 
 6 | # DATASET
 7 | KDD Cup 1999 dataset by DARPA
 8 | The whole dataset can be downloaded from- http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
 9 | 
10 | # MODELS
11 | A total of seven models is trained and tested. The performance of all the algorithms is examined based
12 | on accuracy and computational time. Derived results show that Decision Tree
13 | outperforms the best on measures like Accuracy and Computational Time.
14 | 
15 | # ALGORITHMS USED
16 | Gaussian Naive Bayes, Decision Tree, Random Forest, SVM, Logistic Regression,Gradient Boosting, ANN
17 | 
18 | # ARTICLE
19 | https://www.geeksforgeeks.org/intrusion-detection-system-using-machine-learning-algorithms/
20 | 


--------------------------------------------------------------------------------
/dataset/kddcup.names:
--------------------------------------------------------------------------------
 1 | back,buffer_overflow,ftp_write,guess_passwd,imap,ipsweep,land,loadmodule,multihop,neptune,nmap,normal,perl,phf,pod,portsweep,rootkit,satan,smurf,spy,teardrop,warezclient,warezmaster.
 2 | duration: continuous.
 3 | protocol_type: symbolic.
 4 | service: symbolic.
 5 | flag: symbolic.
 6 | src_bytes: continuous.
 7 | dst_bytes: continuous.
 8 | land: symbolic.
 9 | wrong_fragment: continuous.
10 | urgent: continuous.
11 | hot: continuous.
12 | num_failed_logins: continuous.
13 | logged_in: symbolic.
14 | num_compromised: continuous.
15 | root_shell: continuous.
16 | su_attempted: continuous.
17 | num_root: continuous.
18 | num_file_creations: continuous.
19 | num_shells: continuous.
20 | num_access_files: continuous.
21 | num_outbound_cmds: continuous.
22 | is_host_login: symbolic.
23 | is_guest_login: symbolic.
24 | count: continuous.
25 | srv_count: continuous.
26 | serror_rate: continuous.
27 | srv_serror_rate: continuous.
28 | rerror_rate: continuous.
29 | srv_rerror_rate: continuous.
30 | same_srv_rate: continuous.
31 | diff_srv_rate: continuous.
32 | srv_diff_host_rate: continuous.
33 | dst_host_count: continuous.
34 | dst_host_srv_count: continuous.
35 | dst_host_same_srv_rate: continuous.
36 | dst_host_diff_srv_rate: continuous.
37 | dst_host_same_src_port_rate: continuous.
38 | dst_host_srv_diff_host_rate: continuous.
39 | dst_host_serror_rate: continuous.
40 | dst_host_srv_serror_rate: continuous.
41 | dst_host_rerror_rate: continuous.
42 | dst_host_srv_rerror_rate: continuous.
43 | 


--------------------------------------------------------------------------------