Hi, there are many different ways of implementing an intrusion detection system, and which way to follow heavily depends on the system you have, the data, etc. This is a complex field which cannot be answered with simple instructions. Anyway, to give you any hints to point you into the right direction, we need more info about your setting. You can get some hints on how to create good question in the post linked in my signature.
hi, i have my network data contains attributes src-ip, dstn-ip, protocol, sync, ack, sync+ack, time
now i have to find the intrusion on the basis of : if for the same src ip and dest ip, these three fields(ack, syn, ack+syn) have received Boolean value true in three rows then it's ok otherwise if there are only ack and syn value true and there is no corrsponding value for ack+syn(i.e. false) intrusion will be detected. data is captured using wireshark in .pcap format. how to convert pcap file to csv format.
I don't know the pcap format, can you post a short example?
Anyway, you will end up in a tabular data format in RapidMiner. To propose further steps, we would need the format of this data, too. Maybe you can post a short sample.
Contributor II
Answers
Best,
Marius
i have my network data contains attributes
src-ip, dstn-ip, protocol, sync, ack, sync+ack, time
now i have to find the intrusion on the basis of :
if for the same src ip and dest ip, these three fields(ack, syn, ack+syn) have received Boolean value true in three rows then it's ok otherwise if there are only ack and syn value true and there is no corrsponding value for ack+syn(i.e. false) intrusion will be detected.
data is captured using wireshark in .pcap format. how to convert pcap file to csv format.
regards
I don't know the pcap format, can you post a short example?
Anyway, you will end up in a tabular data format in RapidMiner. To propose further steps, we would need the format of this data, too. Maybe you can post a short sample.
Best,
Marius