Improving the threat detection performance of a network intrusion detection system using A 3-Tier framework

Abstract

Information security is becoming more and more critical for data and information. Network security plays a major role in securing the data and systems from Cyber adversaries. It is crucial to detect the dangers actively and implement defences to protect network infrastructure from Cyber-attackers. In this project, we have introduced a way to optimise the threat detection capabilities using Zeek Network Security Monitor and Weka machine learning application. In fact, we have performed a comprehensive study on the evolution of Intrusion Detection Systems (IDS) using the past literature and identified the factors that contributed to both improved performance and limitations in threat detection. We have designed and developed a Network Security Monitoring (NSM) system prototype using Zeek NSM, Elasticsearch, Filebeat and Kibana Stack(EFK stack) and Weka application. Moreover, our prototype actively performs network surveillance and alerts the user in an event of intrusion. Finally, we have performed a passive machine learning analysis using Random Forrest, K-Nearest Neighbors and Naïve Bayes classifiers on Denial of Service, Reconnaissance and Worm attacks. We have used a sample set of data from the UNSW-NB15 data set for the machine learning analysis activities. Installation and configuration of open-source applications are not always straightforward, and they could be swamped with cumbersome processes. We have provided foolproof, stepwise guidance to perform the installation and configure of the Zeek and EFK stack at the end of this thesis. The authors main objective is to design and develop user-friendly security solutions for threat detection using open-source applications. This project is the initial step to achieve that objective.