Titulo Estágio
Exploration of ML-based network anomaly detection techniques
Local do Estágio
Universidade de Roma 3 (Itália) e LCT/DEI
This proposal aims to research and develop network intrusion detection solutions using machine learning techniques. It is intended to implement an intelligent system that can, through network traffic, determine occurrences of attacks or non-attacks. This effort encompasses not only the exploratory study, but also the creation of a suitable dataset and the development of a preliminary feature analysis effort.
The fundamental objective for this thesis is focused in exploring the use of ML techniques for network anomaly detection purposes, with a focus on cyber-physical systms. This will encompass the study of available datasets and their respective suitability analysis, as well as the creation of a representative dataset for training and testing purposes.
Moreover, one of the relevant problems to tackle has to do with feature selection/engineering and with the pre-processing the network data and the definition of its structure so that the effectiveness of a subsequent analysis module may be maximized. More specifically, the following characteristics need to be selected: i) the relevant features (e.g., bytes, packets) to be used; ii) at which protocol level data will be analyzed (e.g., IP layer, transport layer); iii) the data normalization requirements; or iv) the type of information that needs to be represented for each traffic parameter (e.g. the traffic volume, the correlation between traffic patterns of different nodes).
Finally, a comparative analysis of existing ML techniques for network anomaly detection will be undertaken, with a view towards using the selected approaches as part of a proof-of-concept IDS implementation.
Plano de Trabalhos - Semestre 1
• State of the Art Research on existing datasets and their respective suitability
• Research on the state-of-the art for network anomaly detection using ML techniques
• Feature study and preliminary feature engineering analysis
• Preliminary evaluation of candidate ML approaches
• Definition of a preliminary architecture for the Network IDS
• Writing of documentation, including the interim report
Plano de Trabalhos - Semestre 2
• Implementation of the selected approaches
• Refinement of the proposed architecture
• Integration and system testing
• Final Documentation and Writing of the Report/Dissertation
The ability to work within a team will be essential, as the candidate will be part of a joint effort between the Multimedia and Security Laboratory of the University of Roma Tre and the Laboratory of Communications and Telematics of the Department of Informatics Engineering of the University of Coimbra. A workspace will be provided in a Roma Tre laboratory, which will be involved in the daily dynamics of the project and the group, under joint coordination/monitoring of both the Italian and Portuguese teams.
Co-Orientador do lado da Universidade de Roma 3: Prof. Marco Carli
Paulo Simões
psimoes@dei.uc.pt 📩