I have an IDS (Intrusion Detection System) built in c language and I need to test it with real traffic. It is an anomaly detection system. So I need to train it with normal traffic first.
So the IDS that I built is called MAIS-IDS and it is originally tested against the NSL KDD dataset. This IDS is from the article "MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach".
The first thing I need to do is to convert the tcpdump data to NSL KDD 99 dataset so I can analyze the traffic in real time. So in my research I saw I could use tcpreplay, or tshark, or another option is to right my own script. I would like to know what is the best way of doing that.
After that I'm going to use my IDS toghether with graph attack built through the software mulval in order to reduce the false positives.
To test everything I'm going to use metasploit which is a framework that I could use in order to right scripts to attack my network.
So the other thing I would like to know is if these softwares that I'm going to use are the best way of doing that. I'm kind of lost my first time trying to prepare this kind of experiment...
Aucun commentaire:
Enregistrer un commentaire