classify network attacks with neural network
Features
The dataset has a total of 41 features, but I only used the following:
- duration: how long connection lasted
- src_bytes: Number of data bytes transferred from source to destination in single connection
- dst_bytes: Number of data bytes transferred from destination to source in single connection
- num_file_creations: Number of file creation operations in the connection
- num_shells: Number of shell prompts
- num_failed_logins: Count of failed login attempts
- wrong_fragment: Total number of wrong fragments in this connection
- urgent: Number of urgent packets in this connection. Urgent packets are packets with the urgent bit Activated
- is_guest_login: 1 if the login is a ``guest'' login; 0 otherwise
- su_attempted: 1 if ``su root'' command attempted or used; 0 otherwise
- land: if source and destination IP addresses and port numbers are equal then, this variable takes value 1 else 0
Target
Dataset originally contained 23 different attack classifications (ex. sql attack, buffer overflow, httptunnel, etc).
To to simplify the problem,
they were categorized into the following generic types:
- DOS: denial of service; disrupts service and makes it temporarily unavailable
- Probing: scan a system/network to check for vulnerabilities
- U2R: User to root, getting root access
- R2L: Remote to local, obtaining access to victims system or network
- Normal