I am currently investigation effectiveness of Intrusion Detection/Prevention Systems that are backed my Machine Learning rather than traditional Signature based detection mechanisms, so that the system learns from anomalies in the network.
I have come across several studies (research papers and forum posts over several years) that look into this in terms of a Mathematical/Statistical point of view to highlight the effectiveness of an AI based IDS. I need to highlight the same from a technical standpoint, using the tools and results to compare the performance of AI based mechanisms.
Through Netresec and Secrepo, I have access to publicly available packet captures of malicious network activities.
I have also looked into AIEngine (https://bitbucket.org/camp0/aiengine) and Stratosphere IPS (https://stratosphereips.org/) to help me with the same. But I have not been able to succeed in this. (It could also be that I have approached them incorrectly. Advise from experience is appreciated)
I would highly appreciate suggestions of IDS/IPS that uses Machine Learning to detect anomalies. What I essentially need is an ML based System to carry out the analysis and compare the results of the same packets against a signature based IDS that are unable to find certain attacks.
Like many other academic papers, I have also had literature from several years of research to show that AI based mechanisms are theoretically better. But I need to prove the real world effectiveness of these models/proposals for which I would require IPS/IDS that employ Machine Learning.
Thanks!
