School of Computing and Engineering

Project Proposal Report

CP60046E/CP6CS46E

Student name: Brandon Savio Phillips

Student ID: 21518722
Course: Cyber Security
Project title:
Supervisor name: Dr. Muhammed Asshad

1
Contents
Introduction...........................................................................................................................................................
Aim and Objectives..............................................................................................................................................
Aim.......................................................................................................................................................................
Objectives...........................................................................................................................................................
Research Question(s)........................................................................................................................................
Background............................................................................................................................................................
Definition of terms...........................................................................................................................................
Relevant theories..............................................................................................................................................
Reference to literature.....................................................................................................................................
Literature gap....................................................................................................................................................
Conclusions............................................................................................................................................................
Critical Evaluation.............................................................................................................................................
Justification........................................................................................................................................................
Project Plan............................................................................................................................................................
Work Breakdown..............................................................................................................................................
Deliverables........................................................................................................................................................
Tools & Skills.....................................................................................................................................................
Research Method..............................................................................................................................................
Risks.....................................................................................................................................................................
Gantt Chart with Time estimation.................................................................................................................
References............................................................................................................................................................
Appendix..............................................................................................................................................................

2
 Introduction
A successful Intrusion Detection System (IDS) should keep an automatically updated database
of attacks to effectively prevent new threats, in addition to monitoring network activities for
malicious intent. The prevalence of cyberattacks has increased, and the development of new
technology has led to an increase in new threats and weaknesses. Companies always try to
reduce the possibility of having someone break into their networks and systems. Accenture
data indicates that there was an 11% increase in security breaches in 2018 and a significant
67% spike in breaches in 2014. As a result, efforts are being made by both individuals and
businesses to create secure network systems that guarantee availability, confidentiality, and
integrity (AlYousef & Abdelmajeed, 2019).
As technology advances quickly, the incorporation of neural networks is being investigated to
improve Intrusion Detection System (IDS) performance. When it comes to situations where
acquiring the precise data required to build an effective system is difficult, neural networks are
a good option. Whether they come from outside sources or via authorized user access, hackers
frequently target system vulnerabilities. Certain hardware or software versions of computers
may be specifically vulnerable to these flaws. Thus, it is necessary to design a system that
keeps track of user behavior instead of looking for pre-established flaws (Shah, et al., 2018).

Aim and Objectives

Aim
The aim of this research is to investigate a different approach for the Snort (Intrusion
Detection System - IDS) to detect new anomalies and reduce false positives or alarms.

Objectives
• To evaluate how the prototype model's anomaly detection method may be made more
accurate.
• To evaluate how well the prototype model is being trained going forward and how well it is
being integrated into the Intrusion Detection System (IDS) to improve data classification.
• To compare the reinforced IDS, which has been enhanced by the neural network prototype
model, with a conventional IDS in terms of the decrease in false positives.

Research Question(s)
• Is it possible to reduce false positives in the system?

3
 Background
Definition of terms
Anomaly-based Intrusion: By monitoring system activity and categorizing it as normal or unusual,
an intrusion detection system that uses anomaly-based approaches can identify both network and
computer intrusions.
Intrusion detection system: An intrusion detection system monitors networks and systems for
malicious activity or policy breaches. It can take the shape of a hardware device or software
program.
Machine Learning: Machine learning is a branch of artificial intelligence and computer science that
uses data and algorithms to simulate how humans learn, progressively improving accuracy.
Artificial neural networks: Part of machine learning that are essential to deep learning algorithms,
they are also known as simulated neural networks or neural networks.

Relevant theories
The use of advanced machine learning techniques, like Random Forests, can reduce the
number of false positives in intrusion detection systems (IDS). These algorithms do detailed
examinations of network patterns, making it easier to pinpoint irregularities. Techniques
including contextual awareness, behavioral analysis, and anomaly-based detection are used to
improve the system's ability to distinguish between legitimate and malicious activity, which
reduces the number of false positives. The detection thresholds are adjusted based on
Precision-Recall trade-off concepts, which guarantee accuracy without sacrificing sensitivity. By
including mechanisms for continuous learning through system upgrades and providing access
to threat information feeds, IDS can become more adaptive to changing threats and reduce
false positives significantly. These approaches greatly improve threat detection precision, even
though total removal is still difficult.

Reference to literature
The importance of IDS has increased due to the rise in network inflation, which has led
scholars to investigate its complexities and developments. Because of the constant drive for
network development and the ever-changing panorama of cyber dangers, intrusion detection
has become an essential field. To strengthen IDS capabilities to handle the increasing
complexity of modern computer technology, researchers have investigated several different
approaches, tactics, and technologies (Jasim, 2018).

Numerous scientists have examined the application of machine learning to better anomalous
intrusion detection, notably focusing on neural networks. Several academics have made a
significant contribution towards the revolutionary argument that neural networks provide a
comprehensive answer to a range of problems in this field. To identify notable departures from
regular user behavior, the academics have presented a novel methodology in which basic user
attributes are included into neural networks during training. This method allows neural
networks to learn new behaviors on their own during the training phase, increasing their
flexibility in responding to changing threat environments (Jawhar & Mehrotra, 2010).

According to (Shone, et al., 2018), a Denoising Auto-Encoder (DAE) model should be used to
extract important feature representations from unbalanced training data. This will help build a

4
strong model that can distinguish between normal and abnormal behaviors. An unsupervised
learning technique is used in the model's pre-training phase as a preventative step against
overfitting and problems with local optima. The model is then updated with a softmax
classifier to express the intended results. 10% of the KDDCUP99 dataset was designated as test
data for the experiment, and by using this methodology, an amazing 94.71% detection
accuracy was achieved.
To improve Intrusion Detection System (IDS) effectiveness, Chuan-long, et al., (2017) suggest
using a deep learning model that makes use of recurrent neural networks (RNN). The model's
main goal is to gather information within a multiclass classification framework. It also analyzes
how different learning rates related to the number of neurons and the effect of RNN-IDS
accomplishments affect the model's overall accuracy.
The goal of Mallissery, et al., (2013) work is to verify the precision of a machine learning idea
centered on the recognition of anomalies that were previously divided into different classes.
The decision tree technique is used to distinguish between genuine positives and false
negatives while classifying unknown and known classes. The study makes use of the KDD'99
dataset, which has 22 attack classes and one normal class, each represented by a single case.
The study's main goal is to suggest a different approach to Snort for the identification of novel
anomalies to enhance its functionality and reduce false alarms.
In current studies, researchers recommend using a variety of datasets to expose models to a
wide range of behavioral characteristics. A deep neural network-based model that can identify
and categorize unexpected attacks should be developed. The research uses a variety of
datasets, such as KDDCup 99, UNSW-NB15, NSL-KDD, CICIDS 2017, Kyoto, and WSNDS, to
improve the model's comprehension of a range of behavioral patterns. The Scalable Hybrid
Intrusion Analysis (SHIA) framework, which is intended to handle large amounts of host-level
and network-level events, is utilized by the researchers. This makes it possible for SHIA to
efficiently identify harmful traits and provide administrators with correct alerts (Ravi, et al.,
2019)

Literature gap
In studying the existing literature, I have noticed a major gap relative to the restricted exploration of
real-time adaptation mechanisms in Intrusion Detection Systems (IDS). A lack of study exists on the
dynamic modification of detection parameters in response to changing network threats, even though
many studies address different machine learning methods and their use in intrusion detection
systems (IDS). This gap emphasizes the need for more research into adaptive IDS frameworks, which
can improve real-time detection and response capabilities by automatically modifying their
configurations based on the state of the threat landscape.

Conclusions
Critical Evaluation

Justification
By reducing the detection period, the research seeks to improve an intrusion detection system

5
(IDS) currently in use and minimize potential harm. Furthermore, the study aims to improve
how hazards are documented inside an organization to facilitate better reporting. It is hoped
that the improved IDS results would help to improve quality control in the planning and
implementation of security measures. Additionally, it is anticipated that the improved IDS will
offer useful intrusion data, assisting in the identification and removal of the root causes of the
invasions. The application of continuous learning processes for keeping an updated IDS is one
of this research's significant achievements. The IDS is made to decrease the amount of data
that needs to be inspected while maintaining quality. To reduce further harm, the study also
highlights how critical it is to identify intrusions online as soon as possible. The project also
intends to solve the issue of excessive false positives that are frequently connected to
anomaly-based intrusion detection systems by creating an intrusion detection system that
correctly classifies data.

6
 Project Plan
Work Breakdown

Deliverables
Implementing and evaluating Artificial Neural Networks (ANNs) to increase intrusion detection
system (IDS) accuracy is part of the deliverable. It is composed of comprehensive
documentation on the use of ANNs, detailing the architecture, training procedures, and
dataset-related issues. The deliverable includes insights on how ANNs can adjust to changing
cyber threats and covers a range of performance measures, with a particular emphasis on
lowering false positives. It also provides instructions on how to incorporate ANNs into current
cybersecurity frameworks. The goal of this deliverable is to serve as a thorough reference for
all parties involved, providing actionable advice on how to use ANNs in real-world IDS
applications to improve cybersecurity defenses in general.

Tools & Skills

Tools:

7
Google Colab is used to build the developed model, while Python version 3.9 is the programming
language used. PyTorch version 1.9 is the main library used in this environment. Furthermore, a Linux
distribution called Ubuntu has the Intrusion Detection System (IDS) program, Snort, installed on it. A
virtual box serves as the host for the Ubuntu system.

Skills:
 Python
 Configuring Snort

Research Method
Using quantitative research methodology helps to put problems into numbers by producing
numerical data that can then be transformed into useful statistics. To obtain factual insights
and recognize observable trends within the study context, this approach depends
on computed data.

Risks
Completing my dissertation project comes with a lot of obstacles. Time management becomes
complicated when I must juggle with coursework. As I attempt to strike a compromise
between the demanding needs of third-year modules and the methodological rigor of
research, the complexity increases. Because cybersecurity research is dynamic and full of
unknowns, it is necessary to keep up with changes in the business. Managing the rigors of
third-year modules requires a deep understanding of complex ideas. Critical issues include
stress management, focus maintenance, and productivity assurance throughout long work
hours. Intellectual obstacles include coming up with a cogent research story and getting
beyond writer's block. Managing many obligations necessitates skillful multitasking and
perseverance for finishing a dissertation successfully, requiring a planned method to
thoroughly address these challenges.

Gantt Chart with Time estimation

8
References

9
Appendix

10