Skip to content
/ Firewall-AI Public

A new generation firewall for detectting DDoS attack using artificial intelligence.

3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DavidRamosArchilla/Firewall-AI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
ML_models
ML_models
 
 
client
client
 
 
notebooks
notebooks
 
 
test_files
test_files
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
prediction.py
prediction.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Firewall AI

This work consists of building a system that acts as a firewall for detecting denial-of-service attacks. To perform these detections, Machine Learning and Deep Learning techniques have been employed to train models with these capabilities. In addition, a graphical interface has been implemented through which the traffic received by the system can be observed in real-time, as well as the predictions it makes about whether or not the traffic is an attack.

Firstly, to train an artificial intelligence model, training data is required. A dataset has been chosen that contains different characteristics about a large number of network flows and a label indicating whether it is an attack, and if so, what type of attack it is. After choosing the dataset, a preprocessing stage is necessary, which consists of preparing the data so that the training phase is good. Once the data is ready, two models have been trained. The first is a neural network, specifically, a multilayer perceptron, and the second is a gradient boosting algorithm based on decision trees. After training, evaluating, and comparing them, it has been found that the gradient boosting model outperforms the neural network, achieving 99% accuracy on the validation dataset, so this model has been used when launching the system.

On the other hand, it has been necessary to implement a tool to capture network traffic, which is also capable of obtaining the same characteristics about network flows that are used for model training. To do this, an existing tool developed by the same university that created the dataset used has been used as a base. However, this tool does not meet all the requirements necessary to be included in this work, so a version of it that does meet the requirements has been implemented.

Finally, a graphical interface has been implemented that allows traffic to be visualized and all of this has been integrated under the same system. After conducting several experiments, quite promising results have been obtained, as the system has been able to detect denial-of-service attacks.

Installation

This system has been developed Debian, but similar distributions should work as well.

First, you have to install the dependencies and clone this repository:

sudo apt install libpcap0.8
sudo apt install tcpdump
git clone https://github.com/DavidRamosArchilla/Firewall-AI.git
cd Firewall-AI

Then, it is advisable to create a Python virtual environment

python -m venv venv
source venv/bin/activate

and install the libraries

pip install -q --upgrade pip
pip install -q pyflowmeter
pip install -q -r Firewall-AI/requirements.txt

Lastly, run the command to start the server:

sudo venv/bin/python app.py

Demo

There is a Google Colab notebook available with a demo of this project.

Open In Colab

Note: to obtain a free Ngrok token you need to access https://dashboard.ngrok.com/get-started/your-authtoken

About

A new generation firewall for detectting DDoS attack using artificial intelligence.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages