doriguzzi / lucid-ddos Goto Github PK

Hey there,

I've been working on implementing your model in my Desktop environment following the steps provided in the description. However, I'm encountering some challenges in improving the performance metrics. Here are the details:

1. Current Metrics:

   • F1 Score: 0.8146
   • Accuracy: 0.7697
   • FPR (False Positive Rate): 0.4615

2. Steps Taken:

   • I've used epochs 1000, 1500, 2000, and 2500 during training.
   • I also tried Cross Validation with 2, 3, 5, and 7 folds.
   • The dataset used is [UNB's CIC-DDoS2019].

3. Prediction Output:
   "'{Model': 'SYN2020-LUCID',
   'Time': '0.193',
   'Packets': 8907,
   'Samples': 5240,
   'DDOS%': '0.731',
   'Accuracy': '0.7697',
   'F1Score': '0.8136',
   'TPR': '0.9966',
   'FPR': '0.4615',
   'TNR': '0.5385',
   'FNR': '0.0034',
   'Source': '10t-10n-IDS201X-dataset-test.hdf5'}"

4. Approach:
   I would appreciate some guidance on potential approaches to further improve the performance of the model. Specifically, I'm interested in:

   • Increasing the F1 Score beyond 0.8146
   • Improving the Accuracy above 0.7697
   • Reducing the FPR below 0.4615

5. Dataset:
   I used your latest provided datasets ([UNB's CIC-DDoS2019]).

Any insights or suggestions on how to tackle these challenges would be greatly appreciated. Thank you in advance for your help!

A test:

Model TIME(sec) PACKETS SAMPLES DDOS% ACC ERR F1 PPV TPR FPR TNR FNR Data Source SYN2020-LUCID 0.022 0001761 0000352 0.497 0.9972 0.0981 0.9971 0.9943 1.0000 0.0056 0.9944 0.0000 10t-10n-SYN2020-dataset-test.hdf5

It's not able to detect a slowloris attack. The accuracy is 99%..... I'm using a newer tshark version than recommended. Oops my interface would be enp4s0

Hello,
I used PCAP detection and live traffic detection, but when I press execute, it always displays "RuntimeWarning: invalid value encountered in long_scalars", and ERR, F1, PPV, TPR are all displayed as 0, what is wrong? Thanks!!!!

Can u explain the process how can one know the required time to train the model and how can on e know the required time to predict the live attack?

step one is fine,and i got the .data file,but when i run step two,it tells me this

what can i do about this?

Hi,
When I run the Inference on pcap files command, I get the following error:

Also, the script runs for a while then killed. Would appreciate if you could assist in this. Thanks.

Dear @doriguzzi,

I am analyzing your Source code, and would like to ask how you judge DDoS & Benign traffic in the Label stage of
Traffic pre-processing?

In the Traffic pre-processing file, I see that you explained using IP address to Label and 5-tuple(SrcIP, SrcPort, DstIP, DstPort, Protocol) & features (f=11) mentioned in the paper, but I think What is the standard of judgment?

Thank you for listening 😃.

Traceback (most recent call last):
File "/home/kali/lucid-ddos/lucid-ddos-master/lucid_dataset_parser.py", line 706, in
main(sys.argv)
File "/home/kali/lucid-ddos/lucid-ddos-master/lucid_dataset_parser.py", line 431, in main
preprocessed_flows = list(flows_list[0])
IndexError: list index out of range

Kindly help me in resolving this issue. Thank You.

Hello,
I used the CICIDS2017 Wednesday Dataset for Traffic pre-processing, but the result does not match the ground truth given by CICIDS2017. Is there any error? Or are there any parameters that need to be adjusted? Thanks :)

▲I analyze the DDoS attack period.

▲The PCAP file for this period.

▲Results of Traffic pre-processing first step.

▲The sum of DoS attacks was 252,661.