A MAJOR PROJECT REPORT ON

“Network Intrusion Detection using Machine Learning”

In partial fulfillment of the requirements for the award of the degree of

BACHELOR OF TECHNOLOGY
IN
ELECTRONICS AND COMMUNICATION ENGINEERING

Submitted by

B. Maniroop Reddy (17911A0408) Praneeth Raj. M(17911A0443)

K. Nikhil Reddy (17911A0430) D. Venkat Likith (17911A041)

Under the Esteemed Guidance

of Mr. J. Sridevi
Assistant. Professor

DEPARTMENT OF ELECTRONICS AND COMMUNICATION

ENGINEERING
VIDYA JYOTHI INSTITUTE OF TECHNOLOGY
(An Autonomous Institution)
(Accredited by NBA, Approved by AICTE, Affiliated to JNTU Hyderabad)
Aziz Nagar Gate, C.B.Post, Chilkur Road, Hyderabad – 500075
2017 - 2021
 VIDYA JYOTHI INSTITUTE OF TECHNOLOGY
(An Autonomous Institution)
(Accredited by NBA, Approved by AICTE, Affiliated to JNTU Hyderabad)
Aziz Nagar Gate, C.B.Post, Chilkur Road, Hyderabad - 500075

DEPARTMENT OF ELECTRONICS AND COMMUNICATION

ENGINEERING

CERTIFICATE

This is to certify that the Major project Report on “Network Intrusion Detection using Machine
Learning” is a bonafide work by Kola Shanmukha Sai Nikhil Reddy (17911A0430),
B.Maniroop Reddy(17911A0408), Praneeth Raj. M(17911A0443) and D.Venkat
Likith(17911A0415) in partial fulfillment of the requirement for the award of the degree of
Bachelor of Technology in “ELECTRONICS AND COMMUNICATION ENGINEERING ”
JNTU Hyderabad during the year 2017- 2021.

Project Guide Head of the Department

Mrs. J. Sridevi, Dr. K. Vasanth M.E.
Assistant Professor. Ph.D.
Professor.

EXTERNAL EXAMINER
 VIDYA JYOTHI INSTITUTE OF TECHNOLOGY
(Accredited by NBA, Approved by AICTE, Affiliated to JNTU Hyderabad)
Aziz Nagar Gate, C.B.Post, Chilkur Road, Hyderabad - 500075
2017 - 2021

DECLARATION

We, the undersigned, hereby declare that Project Report entitled “Network Intrusion
Detection using Machine Learning”, is submitted in the partial fulfillment of the
requirement for the award of Bachelor of Technology in Electronics and
Communication Engineering, Vidya Jyothi Institute of Technology, affiliated to JNTU -
Hyderabad, is an authentic work and has not been submitted to any other university or
institute for the degree.

PROJECT ASSOCIATE

B.Maniroop Reddy (17911A0408)

Praneeth RAJ..M (17911A0443)

K. Nikhil Reddy (17911A0430)

D. Venkat Likith (17911A0415)

 ACKNOWLEDGEMENT

We would like to express our sincere gratitude to Mrs. J SRIDEVI Project guide who
has guided and supported us through every stage in the project.

We are really grateful to Mr. S PRADEEP KUMAR REDDY Project Coordinator for
his time to time, much needed valuable guidance throughout my study.

We are really grateful to Dr. K. Vasanth, HOD ECE Dept, Vidya Jyothi Institute of
Technology for his time to time, much needed valuable guidance throughout my study.

We express our hearted gratitude to Dr. A. Padmaja Principal Vidya Jyothi Institute
of Technology for giving us spontaneous encourage for completing the project.

We thank Dr. P. Venugopal Reddy, Dean of Examinations, Vidya Jyothi Institute of

Technology for encouraging us in the completion of our project.

. We thank Dr. E. Saibaba Reddy, Director of Vidya Jyothi Institute of Technology for
encouraging us in the completion of our project.

We express our heartful thanks to Staff of Electronics and Communication

Department, Vidya Jyothi Institute of Technology for helping us in carrying out our
project successfully.

PROJECT ASSOCIATE

B. MANIROOP REDDY (17911A0408)

PRANEETH RAJ M (17911A0443)

K. NIKHIL REDDY (17911A0430)

D. VENKAT LIKHIT (17911A0415)

4
 ABSTRACT
A novel supervised machine learning system is developed to classify network traffic whether it is
malicious or benign. To find the best model considering detection success rate, combination of
supervised learning algorithm and feature selection method have been used. Through this study, it is
found that Artificial Neural Network (ANN) based machine learning with wrapper feature selection
outperform support vector machine (SVM) technique while classifying network traffic. To evaluate the
performance, NSL-KDD dataset is used to classify network traffic using SVM and ANN supervised
machine learning techniques. Comparative study shows that the proposed model is efficient than other
existing models with respect to intrusion detection success rate.

v
 TABLE OF CONTENTS

CHAPTER NO. TITLE PAGE NO.

ABSTRACT
LIST OF TABLES
LIST OF FIGURES
LIST OF SYMBOLS

1. INTRODUCTION
1.1.Problem Statement 1
1.2.Motivation 1
1.3.Objective 3
1.3.1.Proposed System 5
1.3.2.Advantages of Proposed system 5
2. TECHNOLOGIES LEARNT 4

3. SYSTEM DESIGN 24
3.1 System Architecture 24
3.2 Module description 24
3.3 System Specification 33
3.3.1 Software Requirements 33
3..3.2 Hardware Requirements 33
3.4 Detailed Design 34
3.4.1 Use case Diagram 34
3.4.2 Sequence Diagram 34
3.4.3 Class Diagram 34
3.4.4 Dataflow diagram 34

6
 3.4.5 Activity diagram 34

4. IMPLEMENTATION 43

4.1 Implementation details 43

5. TEST RESULTS 49

5.1 Test cases 49

6. RESULTS AND DISCUSSIONS 52

7. CONCLUSION AND FUTURE WORK 58

7.1 Conclusion 58

7.2 Future Work 58

❖ REFERENCES 59

7
 LIST OF FIGURES

S. No Name of Figure Page No:

1 Fig.1 Proposed supervised machine learning 24
classifier
2 Support vector machine graph 25
3 Right Hyper-plane(scenario 1) 26
4 Right Hyper-plane(scenario 2) 26, 27
5 Right Hyper-plane(scenario 3) 27
6 Right Hyper-plane(scenario 4) 28, 29
7 Fig.2 Training Examples 31
8 Fig.3 Test Example 31
9 Use Case Example 35
10 Sequence diagram 36
11 Class diagram 37
12 Data flow diagram 38
13 Component diagram 39
14 Activity diagram 40
15 State chart diagram 41
16 Flow chart diagram 42

8
 CHAPTER 1

INTRODUCTION TO PROJECT

1. Problem statement :

In this paper author is evaluating performance of two supervised machine learning algorithms such as
SVM (Support Vector Machine) and ANN (Artificial Neural Networks). Machine learning algorithms
will be used to detect whether request data contains normal or attack (anomaly) signatures. Now-a-days
all services are available on internet and malicious users can attack client or server machines through
this internet and to avoid such attack request IDS (Network Intrusion Detection System) will be used,
IDS will monitor request data and then check if its contains normal or attack signatures, if contains
attack signatures then request will be dropped.
IDS will be trained with all possible attacks signatures with machine learning algorithms and then
generate train model, whenever new request signatures arrived then this model applied on newrequest
to determine whether it contains normal or attack signatures. In this paper we are evaluating
performance of two machine learning algorithms such as SVM and ANN and through experiment we
conclude that ANN outperform existing SVM in terms of accuracy.

2. Motivation:

In the modern computer world, use of the internet is increasing day by day. However, the increasing
use of the internet creates some security issues. These days, such new type of security attacks occurs
everyday and it is not easy to detect and prevent those attacks effectively. One common method of
attack involves sending large amount of request to site or server and server will be unable to handle
such huge requests and site will be offline for many days . This type of attack is called distributed denial
of service (DDOS) attack, which act as a major security threat to internet services and most critical
attack for cyber security world . Detection and prevention of Distributed Denial of Service Attack
(DDoS) becomes a crucial process for the commercial organizations that uses the internet . Different
approaches have been adopted to process traffic information collected by a monitoring stations (Routers
and Servers) to distinguish malicious traffic such as DDoS attack from normal traffic in Intrusion
Detection Systems (IDS). In general, Machine learning techniques can be designed and implemented
with the intrusion systems to protect the organizations from malicious traffic. Specifically, supervised
clustering techniques allow to effectively distinguish the normal traffic from malicious traffic with
good accuracy. In this paper, machine learning algorithms are used to detect DDoS attacks collected

1
from “KDDcup 99 Dataset” , pre-processing and feature selection technique is used on the dataset to
enhance the performance of the classifiers and reduce the detection time. The classification algorithms
such as C4.5 decision tree and NavieBayes is applied on the training dataset and the implementation
of the algorithm is done using spyder tool. The performance comparison of algorithms is shown using
confusion matrix and it is found that C4.5 decision is more efficient in detection of DDOS attack .The
proposed method can be used as DDoS defense system.

1.3 Objective:

In supervised learning, learning data comes with labels or desired outputs and the objective is to find
a general rule that maps inputs to outputs. This kind of learning data is called labeled data .The
learned Rule is then used to label new data with unknown outputs. It involves building a machine
learning model based that is based on labeled samples. Reducing the impact of attacks; and secondly
the evaluation of the system IDS. Indeed, in one hand the IDSs collect network traffic information
from some sources present in the network or the computer system and then use these data to enhance
the systems safety. In the other hand, the evaluation of IDS is a critical task. In fact, its important to
note the difference between evaluating the effectiveness of an entire system and evaluating the
characteristics of the system components.

1. Proposed System:

The promise and the contribution machine learning did till today are fascinating. There are many real
life applications we are using today offered by machine learning. It seems that machine learning will
rule the world in coming days. Hence we came out into a hypothesis that the challenge of identifying
new attacks or zero day attacks facing by the technology enabled organizations today can be overcome
using machine learning techniques. Here we developed a supervised machine learning model that can
classify unseen network traffic based on what is learnt from the seen traffic. We used both SVM and
ANN learning algorithm to find the best classifier with higher accuracy and success rate.

2. Advantages of proposed system:

• The new proposal was innovative as Hidden Naïve bayes which shows more advantage then
traditional naïve bayes
• Which analyzes the large volume of network data and considers the complex properties of
attack behaviours to improve the performance of detection speed and detection accuracy
 CHAPTER-2
TECHNOLOGIES LEARNT

What is Python:-

Below are some facts about Python.

Python is currently the most widely used multi-purpose, high-level programming language.

Python allows programming in Object-Oriented and Procedural paradigms. Python programs

generally are smaller than other programming languages like Java.
Programmers have to type relatively less and indentation requirement of the language, makes
them readable all the time.
Python language is being used by almost all tech-giant companies like – Google, Amazon,
Facebook, Instagram, Dropbox, Uber… etc.
The biggest strength of Python is huge collection of standard library which can be used for the
following –
• Machine Learning

• GUI Applications (like Kivy, Tkinter, PyQt etc. )

• Web frameworks like Django (used by YouTube, Instagram, Dropbox)

• Image processing (like OpenCV, Pillow)

• Web scraping (like Scrapy, BeautifulSoup, Selenium)

• Test frameworks

• Multimedia

Advantages of Python:-
Let’s see how Python dominates over other languages.
1. Extensive Libraries
Python downloads with an extensive library and it contain code for various purposes like regular
expressions, documentation-generation, unit-testing, web browsers, threading, databases, CGI, email,
image manipulation, and more. So, we don’t have to write the complete code for that manually.

1
Extensible
As we have seen earlier, Python can be extended to other languages. You can write some of your
code in languages like C++ or C. This comes in handy, especially in projects.

3. Embeddable
Complimentary to extensibility, Python is embeddable as well. You can put your Python code in your
source code of a different language, like C++. This lets us add scripting capabilities to our code in the
other language.

4. Improved Productivity
The language’s simplicity and extensive libraries render programmers more productive than
languages like Java and C++ do. Also, the fact that you need to write less and get more things done.

5. IOT Opportunities
Since Python forms the basis of new platforms like Raspberry Pi, it finds the future bright for the
Internet Of Things. This is a way to connect the language with the real world.
6. Simple and Easy
7. When working with Java, you may have to create a class to print ‘Hello World’. But in Python, just a print
statement will do. It is also quite easy to learn, understand, and code. This is why when people pick up
Python, they have a hard time adjusting to other more verbose languages like Java.

8. Readable

Because it is not such a verbose language, reading Python is much like reading English. This is the
reason why it is so easy to learn, understand, and code. It also does not need curly braces to define
blocks, and indentation is mandatory. This further aids the readability of the code.

9. Object-Oriented

This language supports both the procedural and object-oriented programming paradigms. While
functions help us with code reusability, classes and objects let us model the real world. A class allows
the encapsulation of data and functions into one.

10. Free and Open-Source

Like we said earlier, Python is freely available. But not only can you download Python for free, but
you can also download its source code, make changes to it, and even distribute it. It downloads with
an extensive collection of libraries to help you with your tasks.

1
Advantages of Python Over Other Languages

1. Less Coding

Almost all of the tasks done in Python requires less coding when the same task is done in other
languages. Python also has an awesome standard library support, so you don’t have to search for any
third-party libraries to get your job done. This is thereason that many people suggest learning Python
to beginners.

2. Affordable

Python is free therefore individuals, small companies or big organizations can leverage the free
available resources to build applications. Python is popular and widely used so it gives you better
community support.

3. Python is for Everyone

Python code can run on any machine whether it is Linux, Mac or Windows. Programmers need to learn
different languages for different jobs but with Python, you can professionally build web apps, perform
data analysis and machine learning, automate things, do web scraping and also build games and
powerful visualizations. It is an all-rounder programming language.

Disadvantages of Python
So far, we’ve seen why Python is a great choice for your project. But if you choose it, you should be
aware of its consequences as well. Let’s now see the downsides of choosing Python over another
language.

1. Speed Limitations

We have seen that Python code is executed line by line. But since Python is interpreted, it often results
in slow execution. This, however, isn’t a problem unless speed is a focal point for the project. In other
words, unless high speed is a requirement, the benefits offered by Python are enough to distract us from
its speed limitations.

2. Weak in Mobile Computing and Browsers

While it serves as an excellent server-side language, Python is much rarely seen on the client-side.
Besides that, it is rarely ever used to implement smartphone-based applications. One such application
is called Carbonnelle.

1
and solve problems. We can call it data-driven decisions taken by machines, particularly to automate
the process. These data-driven decisions can be used, instead of using programing logic, in the problems
that cannot be programmed inherently. The fact is that we can’t do without human intelligence, but
other aspect is that we all need to solve real-world problems with efficiency at a huge scale. That is
why the need for machine learning arises.

Challenges in Machines Learning:-

While Machine Learning is rapidly evolving, making significant strides with cybersecurity and
autonomous cars, this segment of AI as whole still has a long way to go. The reason behind is that ML
has not been able to overcome number of challenges. The challenges that ML is facing currently are −

Quality of data − Having good-quality data for ML algorithms is one of the biggest challenges. Use
of low-quality data leads to the problems related to data preprocessing and feature extraction.

Time-Consuming task − Another challenge faced by ML models is the consumption of time especially
for data acquisition, feature extraction and retrieval.

Lack of specialist persons − As ML technology is still in its infancy stage, availability of expert
resources is a tough job.

No clear objective for formulating business problems − Having no clear objective and well-defined
goal for business problems is another key challenge for ML because this technology is not that mature
yet.

Issue of overfitting & underfitting–If the model is overfitting or underfitting, it cannot be

represented well for the problem.

Curse of dimensionality −Another challenge ML model faces is too many features of data points.
This can be a real hindrance.

Difficulty in deployment − Complexity of the ML model makes it quite difficult to be deployed in real
life.

Applications of Machines Learning:-

Machine Learning is the most rapidly growing technology and according to researchers we are in the
golden year of AI and ML. It is used to solve many real-world complex problems which cannot be solved
with traditional approach. Following are some real-world applications of ML −

1
(a) Learn Linear Algebra and Multivariate Calculus

Both Linear Algebra and Multivariate Calculus are important in Machine Learning. However, the extent
to which you need them depends on your role as a data scientist. If you are more focused on application
heavy machine learning, then you will not be that heavily focused on maths as there are many common
libraries available. But if you want to focus on R&D in Machine Learning, then mastery of Linear
Algebra and Multivariate Calculus is very important as you will have to implement many ML algorithms
from scratch.
(b) Learn Statistics

Data plays a huge role in Machine Learning. In fact, around 80% of your time as an ML expert will be
spent collecting and cleaning data. And statistics is a field that handles the collection, analysis, and
presentation of data. So it is no surprise that you need to learn it!!!
Some of the key concepts in statistics that are important are Statistical Significance, Probability
Distributions, Hypothesis Testing, Regression, etc. Also, Bayesian Thinking is also a very important
part of ML which deals with various concepts like Conditional Probability, Priors, and Posteriors,
Maximum Likelihood, etc.
(c) Learn Python

Some people prefer to skip Linear Algebra, Multivariate Calculus and Statistics and learn them as they
go along with trial and error. But the one thing that you absolutely cannot skip is Python! While there
are other languages you can use for Machine Learning like R, Scala, etc. Python is currently the most
popular language for ML. In fact, there are many Python libraries that are specifically useful for
Artificial Intelligence and Machine Learning such as Keras, TensorFlow, Scikit-learn, etc.
So if you want to learn ML, it’s best if you learn Python! You can do that using various online
resources and courses such as Fork Python available Free on GeeksforGeeks.

Step 2 – Learn Various ML Concepts

Now that you are done with the prerequisites, you can move on to actually learning ML (Which is the
fun part!!!) It’s best to start with the basics and then move on to the more complicated stuff. Some of
the basic concepts in ML are:

11
 blunders can set off a chain of errors that can go undetected for long periods of time. And when they do
get noticed, it takes quite some time to recognize the source of the issue, and even longer to correct it.

Python Development Steps : -

Guido Van Rossum published the first version of Python code (version 0.9.0) at alt.sources in February
1991. This release included already exception handling, functions, and the core data types of list, dict, str
and others. It was also object oriented and had a module system.
Python version 1.0 was released in January 1994. The major new features included in this release were
the functional programming tools lambda, map, filter and reduce, which Guido Van Rossum never liked.
Six and a half years later in October 2000, Python 2.0 was introduced. This release included list
comprehensions, a full garbage collector and it was supporting unicode. Python flourished for another 8
years in the versions 2.x before the next major release as Python 3.0 (also known as "Python 3000" and
"Py3K") was released. Python 3 is not backwards compatible with Python 2.x. The emphasis in Python
3 had been on the removal of duplicate programming constructs and modules, thus fulfilling or coming
close to fulfilling the 13th law of the Zen of Python: "There should be one -- and preferably only one --
obvious way to do it." Some changes in Python 7.3:

• Print is now a function

• Views and iterators instead of lists

• The rules for ordering comparisons have been simplified. E.g. a heterogeneous list cannot be sorted,
because all the elements of a list must be comparable to each other.
• There is only one integer type left, i.e. int. long is int as well.

• The division of two integers returns a float instead of an integer. "//" can be used to have the "old"
behaviour.
• Text Vs. Data Instead Of Unicode Vs. 8-bit

Purpose :-
We demonstrated that our approach enables successful segmentation of intra-retinal layers—even
with low-quality images containing speckle noise, low contrast, and different intensity ranges
throughout—with the assistance of the ANIS feature.

Python
15
▪ Useful linear algebra, Fourier transform, and random number capabilities

Besides its obvious scientific uses, Numpy can also be used as an efficient multi-dimensional container
of generic data. Arbitrary data-types can be defined using Numpy which allows Numpy to seamlessly
and speedily integrate with a wide variety of databases.

Pandas

Pandas is an open-source Python Library providing high-performance data manipulation and analysis
tool using its powerful data structures. Python was majorly used for data munging and preparation. It
had very little contribution towards data analysis. Pandas solved this problem. Using Pandas, we can
accomplish five typical steps in the processing and analysis of data, regardless of the origin of data
load, prepare, manipulate, model, and analyze. Python with Pandas is used in a wide range of fields
including academic and commercial domains including finance, economics, Statistics, analytics, etc.

Matplotlib

Matplotlib is a Python 2D plotting library which produces publication quality figures in a variety of
hardcopy formats and interactive environments across platforms. Matplotlib can be used in Python
scripts, the Python and IPython shells, the Jupyter Notebook, web application servers, and four
graphical user interface toolkits. Matplotlib tries to make easy things easy and hard things possible.
You can generate plots, histograms, power spectra, bar charts, error charts, scatter plots, etc., with just
a few lines of code. For examples, see the sample plots and thumbnail gallery.

For simple plotting the pyplot module provides a MATLAB-like interface, particularly when combined
with IPython. For the power user, you have full control of line styles, font properties, axes properties,
etc, via an object oriented interface or via a set of functions familiar to MATLAB users.

Scikit – learn

Scikit-learn provides a range of supervised and unsupervised learning algorithms via a consistent
interface in Python. It is licensed under a permissive simplified BSD license and is distributed under
many Linux distributions, encouraging academic and commercial use. Python

Python is an interpreted high-level programming language for general-purpose programming. Created

by Guido van Rossum and first released in 1991, Python has a design philosophy that emphasizes code
readability, notably using significant whitespace.

16
• Python is Interpreted − Python is processed at runtime by the interpreter. You do not need to compile
your program before executing it. This is similar to PERL and PHP.
• Python is Interactive − you can actually sit at a Python prompt and interact with the interpreter directly
to write your programs.
Python also acknowledges that speed of development is important. Readable and terse code is part of
this, and so is access to powerful constructs that avoid tedious repetition of code. Maintainability also
ties into this may be an all but useless metric, but it does say something about how much code you have
to scan, read and/or understand to troubleshoot problems or tweak behaviors. This speed of
development, the ease with which a programmer of other languages can pick up basic Python skills and
the huge standard library is key to another area where Python excels. All its tools have been quick to
implement, saved a lot of time, and several of them have later been patched and updated by people with
no Python background - without breaking.

Install Python Step-by-Step in Windows and Mac :

Python a versatile programming language doesn’t come pre-installed on your computer devices.
Python was first released in the year 1991 and until today it is a very popular high-level programming
language. Its style philosophy emphasizes code readability with its notable use of great whitespace.
The object-oriented approach and language construct provided by Python enables programmers to
write both clear and logical code for projects. This software does not come pre-packaged with
Windows.

How to Install Python on Windows and Mac :

There have been several updates in the Python version over the years. The question is how to install
Python? It might be confusing for the beginner who is willing to start learning Python but this tutorial will
solve your query. The latest or the newest version of Python is version 3.7.4 or in other words, it is Python
3.
Note: The python version 3.7.4 cannot be used on Windows XP or earlier devices.

Before you start with the installation process of Python. First, you need to know about your System
Requirements. Based on your system type i.e. operating system and based processor, you must download
the python version. My system type is a Windows 64-bit operating system. So the steps below are to
18
Now, check for the latest and the correct version for your operating system.

Step 2: Click on the Download Tab.

Step 3: You can either select the Download Python for windows 3.7.4 button in Yellow Color or you
can scroll further down and click on download with respective to their version. Here, we are
downloading the most recent python version for windows3.7.4

20
 Step 4: Scroll down the page until you find the Files option.

Step 5: Here you see a different version of python along with the operating system.

• To download Windows 32-bit python, you can select any one from the three options: Windows x86

embeddable zip file, Windows x86 executable installer or Windows x86 web-based installer.
• To download Windows 64-bit python, you can select any one from the three options: Windows
x86-64 embeddable zip file, Windows x86-64 executable installer or Windows x86-64 web-based
installer.

Here we will install Windows x86-64 web-based installer. Here your first part regarding which version of
python is to be downloaded is completed. Now we move ahead with the second part in installing python
i.e. Installation
21
Installation of Python

Step 1: Go to Download and Open the downloaded python version to carry out the installation process.

Step 2: Before you click on Install Now, Make sure to put a tick on Add Python 3.7 to PATH.

Step 3: Click on Install NOW After the installation is successful. Click on Close.

23
With these above three steps on python installation, you have successfully and correctly installed
Python. Now is the time to verify the installation.
Note: The installation process might take a couple of minutes.

Verify the Python Installation

Step 1: Click on Start

Step 2: In the Windows Run Command, type “cmd”

24
Step 3: Open the Command prompt option.

Step 4: Let us test whether the python is correctly installed. Type python –V and press Enter.

Step 5: You will get the answer as 3.7.4

Note: If you have any of the earlier versions of Python already installed. You must first uninstall the
earlier version and then install the new one.

Check how the Python IDLE works

Step 1: Click on Start

Step 2: In the Windows Run command, type “python idle”

Step 3: Click on IDLE (Python 3.7 64-bit) and launch the program

Step 4: To go ahead with working in IDLE you must first save the file. Click on File > Click on Save

26
Step 5: Name the file and save as type should be Python files. Click on SAVE. Here I have named
the files as Hey World.
Step 6: Now for e.g. enter print (“Hey World”) and Press Enter.

You will see that the command given is launched. With this, we end our tutorial on how to install Python.
You have learned how to download python for windows into your respective operating system.
Note: Unlike Java, Python doesn’t need semicolons at the end of the statements otherwise it won’t work.
This stack that includes:

27
 CHAPTER 3
SYSTEM DESIGN

3.1 SYSTEM ARCHITECTURE:

3.2 Module description

Feature selection is an important part in machine learning to reduce data dimensionality and extensive
research carried out for a reliable feature selection method. For feature selection filter method and
wrapper method have been used. In filter method, features are selected on the basis of their scores in
various statistical tests that measure the relevance of features by their correlation with dependent
variable or outcome variable. Wrapper method finds a subset of features by measuring the usefulness
of a subset of feature with the dependent variable. Hence filter methods are independent of any machine
learning algorithm whereas in wrapper method the best feature subset selected depends on the machine
learning algorithm used to train the model. In wrapper method a subset evaluator uses all possible
subsets and then uses a classification algorithm to convince classifiers from the features in each subset.
The classifier consider the subset of feature with which the classification algorithm performs the best.

28
then sees the predictive accuracy of the classification algorithm. Weights or rank put by the ranker
algorithms are different than those by the classification algorithm. Wrapper method is useful for
machine learning test whereas filter method is suitable for data mining test because data mining has
thousands of millions of features.

Algorithms used in this project :-

Support Vector Machine :-

“Support Vector Machine” (SVM) is a supervised machine learning algorithm which can be used for
both classification or regression challenges. However, it is mostly used in classification problems. In
the SVM algorithm, we plot each data item as a point in n-dimensional space (where n is number of
features you have) with the value of each feature being the value of a particular coordinate. Then, we
perform classification by finding the hyper-plane that differentiates the two classes very well (look at
the below snapshot).

Support Vectors are simply the co-ordinates of individual observation. The SVM classifier is a frontier
which best segregates the two classes (hyper-plane/ line).You can look at support vectormachines and
a few examples of its working here.

25
Let’s understand:

Identify the right hyper-plane (Scenario-1): Here, we have three hyper-planes (A, B and C). Now,
identify the right hyper-plane to classify star and circle.

You need to remember a thumb rule to identify the right hyper-plane: “Select the hyper-plane which
segregates the two classes better”. In this scenario, hyper-plane “B” has excellently performed this job.

Identify the right hyper-plane (Scenario-2): Here, we have three hyper-planes (A, B and C) and all
are segregating the classes well. Now, How can we identify the right hyper-plane?

27
Here, maximizing the distances between nearest data point (either class) and hyper-plane will help us
to decide the right hyper-plane. This distance is called as Margin. Let’s look at

28
:

Above, you can see that the margin for hyper-plane C is high as compared to both A and B. Hence,
we name the right hyper-plane as C. Another lightning reason for selecting the hyper-plane with
higher margin is robustness. If we select a hyper-plane having low margin then there is high chance
of miss-classification.

• Identify the right hyper-plane (Scenario-3):Hint: Use the rules as discussed in previous section to
identify the right hyper-plane

27
• Can we classify two classes (Scenario-4)?: Below, I am unable to segregate the two classes usinga
straight line, as one of the stars lies in the territory of other(circle) class as an outlier.

As I have already mentioned, one star at other end is like an outlier for star class. The SVM algorithm
has a feature to ignore outliers and find the hyper-plane that has the maximum margin. Hence, we can
say, SVM classification is robust to outliers

29
 we have only looked at the linear hyper-plane.

SVM can solve this problem. Easily! It solves this problem by introducing additional feature. Here,
we will add a new feature z=x^2+y^2. Now, let’s plot the data points on axis x and z:

All values for z would be positive always because z is the squared sum of both x and y

In the original plot, red circles appear close to the origin of x and y axes, leading to lower value of z
In the SVM classifier, it is easy to have a linear hyper-plane between these two classes. But, another
burning question which arises is, should we need to add this feature manually to have a hyper-plane.
No, the SVM algorithm has a technique called the kernel trick. The SVM kernel is a function that
takes low dimensional input space and transforms it to a higher dimensional space i.e. it converts not
separable problem to separable problem. It is mostly useful in non-linear separation problem. Simply
put, it does some extremely complex data transformations, then finds out the process to separate the
data based on the labels or outputs you’ve defined.

When we look at the hyper-plane in original input space it looks like a circle:

Now, let’s look at the methods to apply SVM classifier algorithm in a data science challenge.

Artificial neural network :-

Artificial neural networks are one of the main tools used in machine learning. As the “neural” part of
their name suggests, they are brain-inspired systems which are intended to replicate the way that we
humans learn. Neural networks consist of input and output layers, as well as (in most cases) a hidden
layer consisting of units that transform the input into something that the output layer can use. They are
excellent tools for finding patterns which are far too complex or numerous for a human programmer to

30
In Computer Science, we model this process by creating “networks” on a computer using matrices. These
networks can be understood as abstraction of neurons without all the biological complexities taken into
account. To keep things simple, we will just model a simple NN, with two layers capable of solving linear
classification problem.

Let’s say we have a problem where we want to predict output given a set of inputs and outputs as training
example like so:

Note that the output is directly related to third column i.e. the values of input 3 is what the output is in
every training example in fig. 2. So for the test example output value should be 1.

The training process consists of the following steps:

32
3. System Specification

1. Software Requirements

Functional requirements for a secure cloud storage service are straightforward:

1. The service should be able to store the user’s data;

2. The data should be accessible through any devices connected to the Internet;

3.The service should be capable to synchronize the user’s data between multiple devices
(notebooks, smart phones, etc.);
4. The service should preserve all historical changes (versioning);

5. Data should be shareable with other users;

6. The service should support SSO; and

7.The service should be interoperable with other cloud storage services, enabling data migration
from one CSP to another.

• Operating System: Windows

• Coding Language: Python 3.7

• Script:

• Database :

3.3.2 Hardware Requirements:

• Processor - Pentium –III

• Speed – 2.4 GHz

• RAM - 512 MB (min)

• Hard Disk - 20 GB

• Floppy Drive - 1.44 MB

• Key Board - Standard Keyboard

• Monitor – 15 VGA Colour

35
 4. Detailed Design

UML is an acronym that stands for Unified Modeling Language. Simply put, UML is a modern
approach to modeling and documenting software. In fact, it’s one of the most popular business process
modeling techniques.

It is based on diagrammatic representations of software components. As the old proverb says: “a

picture is worth a thousand words”. By using visual representations, we are able to better understand
possible flaws or errors in software or business processes.

UML was created as a result of the chaos revolving around software development and documentation.
In the 1990s, there were several different ways to represent and document software systems. The need
arose for a more unified way to visually represent those systems and as a result, in 1994-1996, the UML
was developed by three software engineers working at Rational Software. It was later adopted as the
standard in 1997 and has remained the standard ever since, receiving only a few updates.

GOALS:

The Primary goals in the design of the UML are as follows:

1. Provide users a ready-to-use, expressive visual modeling Language so that they can develop
and exchange meaningful models.
2. Provide extendibility and specialization mechanisms to extend the core concepts.

3. Be independent of particular programming languages and development process.

4. Provide a formal basis for understanding the modeling language.

5. Encourage the growth of OO tools market.

6 Support higher level development concepts such as collaborations, frameworks, patterns and
components.
7 Integrate best practices.

37
i. USE CASE DIAGRAM:

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagram
defined by and created from a Use-case analysis. Its purpose is to present a graphical overview of the
functionality provided by a system in terms of actors, their goals (represented as use cases), and any
dependencies between those use cases. The main purpose of a use case diagram is to show what system
functions are performed for which actor. Roles of the actors in the system can be depicted.

38
ii. SEQUENCE DIAGRAM:
A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that shows
how processes operate with one another and in what order. It is a construct of a Message Sequence
Chart. Sequence diagrams are sometimes called event diagrams, event scenarios, and timing diagrams.

39
iii. CLASS DIAGRAM:
In software engineering, a class diagram in the Unified Modeling Language (UML) is a type of static
structure diagram that describes the structure of a system by showing the system's classes, their
attributes, operations (or methods), and the relationships among the classes. It explains which class
contains information.

40
iv. DATA FLOW DIAGRAM:
1. The DFD is also called as bubble chart. It is a simple graphical formalism that can be used to represent
a system in terms of input data to the system, various processing carried out on this data, and the output
data is generated by this system.
2. The data flow diagram (DFD) is one of the most important modeling tools. It is used to model the
system components. These components are the system process, the data used by the process, an external
entity that interacts with the system and the information flows in the system.
3. DFD shows how the information moves through the system and how it is modified by a series of
transformations. It is a graphical technique that depicts information flow and the transformations that
are applied as data moves from input to output.
4. DFD is also known as bubble chart. A DFD may be used to represent a system at any level of
abstraction. DFD may be partitioned into levels that represent increasing information flow and
functional detail.

41
Component Diagram:-

Component diagram is a special kind of diagram in UML. The purpose is also different from all other
diagrams discussed so far. It does not describe the functionality of the system but it describes the
components used to make those functionalities.

Thus from that point of view, component diagrams are used to visualize the physical components in a
system. These components are libraries, packages, files, etc.

Component diagrams can also be described as a static implementation view of a system. Static
implementation represents the organization of the components at a particular moment.

A single component diagram cannot represent the entire system but a collection of diagrams is used to
represent the whole.

UML Component diagrams are used in modeling the physical aspects of object-oriented systems that
are used for visualizing, specifying, and documenting component-based systems and also for
constructing executable systems through forward and reverse engineering. Component diagrams are
essentially class diagrams that focus on a system's components that often used to model the static
implementation view of a system.

42
v. ACTIVITY DIAGRAM:
Activity diagrams are graphical representations of workflows of stepwise activities and actions with
support for choice, iteration and concurrency. In the Unified Modeling Language, activity diagrams
can be used to describe the business and operational step-by-step workflows of components in a
system. An activity diagram shows the overall flow of control.

43
State Chart Diagram:-

Statechart diagram is one of the five UML diagrams used to model the dynamic nature of a system. They
define different states of an object during its lifetime and these states are changed by events. Statechart
diagrams are useful to model the reactive systems. Reactive systems can be defined as a system that
responds to external or internal events.
Statechart diagram describes the flow of control from one state to another state. States are defined
as a condition in which an object exists and it changes when some event is triggered. The most
important purpose of Statechart diagram is to model lifetime of an object from creation to termination.

44
Flow Chart Diagram :-

A flowchart is simply a graphical representation of steps. It shows steps in sequential order and is
widely used in presenting the flow of algorithms, workflow or processes. Typically, a flowchart shows
the steps as boxes of various kinds, and their order by connecting them with arrows.

45
 CHAPTER 4
IMPLEMENTATION
from future import absolute_import
from future import division
from future import print_function

import argparse
import collections
from datetime import datetime
import hashlib
import os.path
import random
import re
import sys
import tarfile

import numpy as np

from six.moves import urllib

import tensorflow as tf

from tensorflow.python.framework import graph_util

from tensorflow.python.framework import tensor_shape
from tensorflow.python.platform import gfile
from tensorflow.python.util import compat

FLAGS = None

MAX_NUM_IMAGES_PER_CLASS = 2 ** 27 - 1 # ~134M

def create_image_lists(image_dir, testing_percentage, validation_percentage):

46
 sub_dirs = [
os.path.join(image_dir,item)

for item in gfile.ListDirectory(image_dir)]

sub_dirs = sorted(item for item in sub_dirs
if gfile.IsDirectory(item))
for sub_dir in sub_dirs:
extensions = ['jpg', 'jpeg', 'JPG', 'JPEG']
file_list = []
dir_name = os.path.basename(sub_dir)
if dir_name == image_dir:
continue

tf.logging.info("Looking for images in '" + dir_name + "'")

for extension in extensions:
file_glob = os.path.join(image_dir, dir_name, '*.' + extension)
file_list.extend(gfile.Glob(file_glob))
if not file_list:

tf.logging.warning('No files found')

continue
if len(file_list) < 20:

tf.logging.warning(

'WARNING: Folder has less than 20 images, which may cause issues.')
elif len(file_list) > MAX_NUM_IMAGES_PER_CLASS:
tf.logging.warning(
'WARNING: Folder {} has more than {} images. Some images will '

'never be selected.'.format(dir_name, MAX_NUM_IMAGES_PER_CLASS))

label_name = re.sub(r'[^a-z0-9]+', ' ', dir_name.lower())
training_images = []
testing_images = []
validation_images = []
for file_name in file_list:
base_name = os.path.basename(file_name)
48
 String email=request.getParameter("email");
String pass=request.getParameter("pass");
String phone=request.getParameter("phone");
Random randomno = new Random();
int key_=randomno.nextInt(10000);
int a;String url=null;

Connection con=DBCon.getConnection();
Statement st=con.createStatement();
a=st.executeUpdate("update user set
name='"+name+"',uname='"+uname+"',pass='"+pass+"',email='"+email+"',phone='"+phone+"' where
userId='"+userId+"'");

if(a!=0)

url="umessage.jsp?msg=User Profile Updated Successfully&color=green";

response.sendRedirect(url);
}else

url="umessage.jsp?msg=Fails to Update Profile&color=red";

response.sendRedirect(url);
}

%>

def get_random_distorted_bottlenecks(

sess, image_lists, how_many, category, image_dir, input_jpeg_tensor,

distorted_image, resized_input_tensor, bottleneck_tensor):
class_count = len(image_lists.keys())

50
 for unused_i in range(how_many):

label_index = random.randrange(class_count)
label_name = list(image_lists.keys())[label_index]
image_index = random.randrange(MAX_NUM_IMAGES_PER_CLASS + 1)
image_path = get_image_path(image_lists, label_name, image_index, image_dir,
category)

if not gfile.Exists(image_path):

tf.logging.fatal('File does not exist %s', image_path)

jpeg_data = gfile.FastGFile(image_path, 'rb').read()
distorted_image_data = sess.run(distorted_image,
{input_jpeg_tensor: jpeg_data})
bottleneck_values = sess.run(bottleneck_tensor,
{resized_input_tensor: distorted_image_data})
bottleneck_values = np.squeeze(bottleneck_values)
ground_truth = np.zeros(class_count, dtype=np.float32)
ground_truth[label_index] = 1.0
bottlenecks.append(bottleneck_values)
ground_truths.append(ground_truth)
return bottlenecks, ground_truths

def should_distort_images(flip_left_right, random_crop, random_scale,

random_brightness):
return (flip_left_right or (random_crop != 0) or (random_scale != 0) or
(random_brightness != 0))

def add_input_distortions(flip_left_right, random_crop, random_scale,

random_brightness, input_width, input_height,
input_depth, input_mean, input_std):
jpeg_data = tf.placeholder(tf.string, name='DistortJPGInput')

52
 margin_scale = 1.0 + (random_crop / 100.0)
resize_scale = 1.0 + (random_scale / 100.0)
margin_scale_value = tf.constant(margin_scale)
resize_scale_value = tf.random_uniform(tensor_shape.scalar(),

minval=1.0,
maxval=resize_scale)
scale_value = tf.multiply(margin_scale_value, resize_scale_value)
precrop_width = tf.multiply(scale_value, input_width)
precrop_height = tf.multiply(scale_value, input_height)
precrop_shape = tf.stack([precrop_height, precrop_width])
precrop_shape_as_int = tf.cast(precrop_shape, dtype=tf.int32)
precropped_image = tf.image.resize_bilinear(decoded_image_4d,
precrop_shape_as_int)

precropped_image_3d = tf.squeeze(precropped_image, squeeze_dims=[0])

cropped_image = tf.random_crop(precropped_image_3d,
[input_height, input_width, input_depth])

if flip_left_right:

flipped_image = tf.image.random_flip_left_right(cropped_image)
else:
flipped_image = cropped_image

brightness_min = 1.0 - (random_brightness / 100.0)

brightness_max = 1.0 + (random_brightness / 100.0)
brightness_value = tf.random_uniform(tensor_shape.scalar(),
minval=brightness_min,
maxval=brightness_max)
brightened_image = tf.multiply(flipped_image, brightness_value)
offset_image = tf.subtract(brightened_image, input_mean)
mul_image = tf.multiply(offset_image, 1.0 / input_std)
distort_result = tf.expand_dims(mul_image, 0, name='DistortResult')
return jpeg_data, distort_result
def variable_summaries(var):

54
 CHAPTER – 5
TEST RESULTS

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or weakness in a work product. It provides a way to check the functionality of
components, subassemblies, assemblies and/or a finished product It is the process of exercising
software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an unacceptable
manner. There are various types of test. Each test type addresses a specific testing requirement.

TYPES OF TESTS

Unit testing
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches and internal
code flow should be validated. It is the testing of individual software units of the application
.it is done after the completion of an individual unit before integration. This is a structural testing, that
relies on knowledge of its construction and is invasive. Unit tests perform basic tests at component
level and test a specific business process, application, and/or system configuration. Unit tests ensure
that each unique path of a business process performs accurately to the documented specifications and
contains clearly defined inputs and expected results.

Integration testing

Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic outcome of
screens or fields. Integration tests demonstrate that although the components were individually
satisfaction, as shown by successfully unit testing, the combination of components is correct and
consistent. Integration testing is specifically aimed at exposing the problems that arise from the
combination of components.

57
Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key functions, or

special test cases. In addition, systematic coverage pertaining to identify Business process flows; data
fields, predefined processes, and successive processes must be considered for testing. Before functional
testing is complete, additional tests are identified and the effective value of current tests is determined.

System Test
System testing ensures that the entire integrated software system meets requirements. It tests a
configuration to ensure known and predictable results. An example of system testing is the
configuration oriented system integration test. System testing is based on process descriptions and
flows, emphasizing pre-driven process links and integration points.

White Box Testing

White Box Testing is a testing in which in which the software tester has knowledge of the inner
workings, structure and language of the software, or at least its purpose. It is purpose. It is used to test
areas that cannot be reached from a black box level.

Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner workings, structure
or language of the module being tested. Black box tests, as most other kinds of tests, must be written
from a definitive source document, such as specification or requirements document, such as
specification or requirements document. It is a testing in which the software under test is treated, as a
black box .you cannot ―see‖ into it. The test provides inputs and responds to outputs without
considering how the software works.

59
 Unit testing is usually conducted as part of a combined code and unit test phase of the software
lifecycle, although it is not uncommon for coding and unit testing to be conducted as two distinct
phases.

Test strategy and approach

Field testing will be performed manually and functional tests will be written in detail.

Test objectives
• All field entries must work properly.

• Pages must be activated from the identified link.

• The entry screen, messages and responses must not be delayed.

Features to be tested
• Verify that the entries are of the correct format

• No duplicate entries should be allowed

• All links should take the user to the correct page.

5.2 Integration Testing

Software integration testing is the incremental integration testing of two or more integrated
software components on a single platform to produce failures caused by interface defects.
The task of the integration test is to check that components or software applications, e.g. components
in a software system or – one step up – software applications at the company level – interact without
error.

Test Results: All the test cases mentioned above passed successfully. No defects encountered.

60
5.3 Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional requirements.
Test Results: All the test cases mentioned above passed successfully. No defects encountered.

61
 CHAPTER 6
RESULTS

HOME PAGE:

In above screen click on ‘Upload NSL KDD Dataset’ button and upload dataset

In above screen I am uploading ‘intrusion_dataset.txt’ file, after uploading dataset will get below

62
Now click on ‘Pre-process Dataset’ button to clean dataset to remove string values from dataset and
to convert attack names to numeric values

After pre-processing all string values removed and convert string attack names to numeric values such
as normal signature contains id 0 and anomaly attack contains signature id 1.
Now click on ‘Generate Training Model’ to split train and test data to generate model for prediction
using SVM and ANN

63
In above screen we can see dataset contains total 1244 records and 995 used for training and 249 used
for testing. Now click on ‘Run SVM Algorithm’ to generate SVM model and calculate its model
accuracy

In above screen we can see with SVM we got 84.73% accuracy, now click on ‘Run ANN Algorithm’
to calculate ANN accuracy

64
In above screen we got 96.88% accuracy, now we will click on ‘Upload Test Data & Detect Attack’
button to upload test data and to predict whether test data is normal or contains attack. All test data
has no class either 0 or 1 and application will predict and give us result. See below some records from
test data

In above test data we don’t have either ‘0’ or ‘1’ and application will detect and give us result

65
In above screen I am uploading ‘test_data’ file which contains test record, after prediction will get
below results

In above screen for each test data we got predicted results as ‘Normal Signatures’ or ‘infected’ record
for each test record. Now click on ‘Accuracy Graph’ button to see SVM and ANN accuracy
comparison in graph format

66
From above graph we can see ANN got better accuracy compare to SVM, in above graph x-axis
contains algorithm name and y-axis represents accuracy of that algorithms

67
 CHAPTER 7

CONCLUSION & FUTURE WORK

In this paper, we have presented different machine learning models using different machine learning
algorithms and different feature selection methods to find a best model. The analysis of the result shows
that the model built using ANN and wrapper feature selection outperformed all other models in
classifying network traffic correctly with detection rate of 94.02%. We believe that these findings will
contribute to research further in the domain of building a detection system that can detect known attacks
as well as novel attacks. The intrusion detection system exist today can only detect known attacks.
Detecting new attacks or zero day attack still remains a research topic due to the high false positive rate
of the existing systems.

Future Work

Research further in the domain of building a detection system that can detect known attacks as well as
novel attacks. The intrusion detection system exist today can only detect known attacks. Detecting new
attacks or zero day attack still remains a research topic due to the high false positive rateof the existing
systems.

68
 REFERENCES

• [1] H. Song, M. J. Lynch, and J. K. Cochran, “A macro-social exploratory analysis of the rate of
interstate cyber-victimization,” American Journal of Criminal Justice, vol. 41, no. 3, pp. 583–601,
2016.

• [2] P. Alaei and F. Noorbehbahani, “Incremental anomaly-based intrusion detection system using
limited labeled data,” in Web Research (ICWR), 2017 3th International Conference on, 2017, pp. 178–
184.

• [3] M. Saber, S. Chadli, M. Emharraf, and I. El Farissi, “Modeling and implementation approach to
evaluate the intrusion detection system,” in International Conference on Networked Systems, 2015,
pp. 513–517.

• [4] M. Tavallaee, N. Stakhanova, and A. A. Ghorbani, “Toward credible evaluation of anomaly-based

intrusion-detection methods,” IEEE Transactions on Systems, Man, and Cybernetics, Part C
(Applications and Reviews), vol. 40, no. 5, pp. 516–524, 2010.

• [5] A. S. Ashoor and S. Gore, “Importance of intrusion detection system (IDS),” International Journal
of Scientific and Engineering Research, vol. 2, no. 1, pp. 1–4, 2011.

• [6] M. Zamani and M. Movahedi, “Machine learning techniques for intrusion detection,” arXiv
preprint arXiv:1312.2177, 2013.

• [7] N. Chakraborty, “Intrusion detection system and intrusion prevention system: A comparative
study,” International Journal of Computing and Business Research (IJCBR) ISSN (Online), pp. 2229–
6166, 2013.

70