AI-POWERED INTRUSION DETECTION SYSTEM FOR LOCAL AREA NETWORKS (LANS)

CHAPTER ONE

INTRODUCTION

1.1       INTRODUCTION

The rapid expansion of computer networks and the emergence of complex applications have significantly increased the attack surface for malicious actors. These advancements have enabled cyber attackers to develop sophisticated methods to exploit vulnerabilities across different network layers, particularly within Local Area Networks (LANs). In recent years, there has been a noticeable surge in cyberattacks targeting computer systems and LAN-based services, making cybersecurity a critical concern for both local and global organizations. As a result, effective intrusion detection systems (IDS) have become essential in safeguarding sensitive digital infrastructures.

LANs, which serve as the backbone of communication in environments such as military bases, financial institutions, academic institutions, and airports, are especially vulnerable to intrusion threats due to their closed yet critical nature. Although encryption mechanisms provide a foundational level of security (Markus et al., 2019), stealthy and unknown threats continue to bypass traditional security layers, causing service disruptions and data breaches.

Intrusion detection systems can generally be categorized into two main types based on their detection methodologies: anomaly-based detection and signature-based detection. Anomaly detection relies on the construction of a baseline model that defines “normal” network behavior. Any deviation from this predefined model is flagged as a potential intrusion. The major challenge with this method lies in accurately defining what constitutes “normal” behavior, as excessive sensitivity may lead to false alarms.

On the other hand, signature-based detection operates by comparing observed behavior with a database of known attack patterns. This method is effective against previously identified threats but fails when faced with zero-day or novel attacks. Therefore, constant updates and maintenance of a knowledge base are required for this technique to remain effective (Z.H. Wu, 2019).

Artificial intelligence (AI) science, known as "machine learning," focuses on how to classify and forecast algorithms using data or prior knowledge (Yang et al, 2018). Numerous scholars have utilized machine learning approaches to network IDS and obtained successful detection results as a result of the advancement of ML technology (Dilara & Yildirim, 2022).

The most significant component of the procedure is defining the analysis goals, because the data and models necessary to analyse different intrusion detection (ID) situations will differ. The approach, which is based on a machine learning algorithm, is mostly employed in abnormal IDS. In the prior research, several machine learning based algorithms were improved with novel algorithms and introduced a better defence system (Handa et al, 2019).

Traditional machine learning methods suffer from a lack of labelled training datasets and rely mostly on human-retrieved attributes, making them difficult to use on big platforms (Aleesa et al, 2020). Artificial neural networks, or ANNs, were principally used to construct the cutting-edge machine learning paradigm known as "deep learning," which outperforms other traditional ML approaches. Deep learning algorithms can learn through an unsupervised, semisupervised, or supervised manner (Osken et al, 2019). They gain advantage from the use of hierarchical levels, which, rather than relying on manual characteristics, are intended to recognize appropriate high-level attributes from raw input data. (Aldweesh et al, 2020; Vinayakumar et al, 2019). Deep learning algorithms have lately been applied successfully in a variety of fields. Furthermore, DL has gained a lot of attention in the context of intrusion detection, and the prior studies include various forms of Deep Learning method-based anomaly detection models to handle different types of intrusions and security threats.

This project focuses on designing and implementing an AI-powered intrusion detection system specifically tailored for LAN networks. The proposed system aims to monitor network traffic in real-time and intelligently flag suspicious activities, thereby enhancing the overall security infrastructure of an organization.

1.2       STATEMENT OF THE PROBLEM

Despite the availability of conventional intrusion detection systems, LANs remain highly susceptible to various forms of cyber-attacks due to limitations such as high false positive rates, inability to detect zero-day attacks, and lack of real-time response. Moreover, most existing IDS are static in nature and cannot adapt to new forms of attacks. These drawbacks compromise the security of sensitive information and affect the integrity and availability of services within a LAN environment.

The need to develop a more intelligent, adaptive, and efficient intrusion detection system is imperative. Hence, the problem this study seeks to address is the design and implementation of an AI-powered intrusion detection system capable of accurately detecting and classifying malicious activities on LAN networks in real-time.

1.3       AIM AND OBJECTIVES OF THE STUDY

Aim

The main aim of this study is to develop an AI-powered intrusion detection system for LAN networks.

Objectives

1. To collect and preprocess relevant LAN traffic datasets suitable for training and evaluating intrusion detection models.
2. To implement and compare multiple machine learning algorithms for detecting network intrusions.
3. To evaluate the performance of the developed models.
4. To deploy a prototype of the AI-powered IDS

1.4       SCOPE OF THE STUDY

This study focuses on the development of an AI-powered intrusion detection system specifically for Local Area Networks. It will consider commonly occurring attack types such as DoS, probing, remote-to-local (R2L), and user-to-root (U2R) intrusions. The study will utilize network traffic datasets (such as KDDCup99 or NSL-KDD) extracted from kaggle (an online data science platform for machine learning datasets ) for training and testing the AI model. The system will be evaluated in a simulated LAN environment, and the results will be analyzed to determine its effectiveness.

1.5       METHODOLOGY

1.4.1    Objective 1: To collect and preprocess relevant LAN traffic datasets suitable for training and evaluating intrusion detection models

• Dataset Selection: Obtain benchmark datasets (e.g., NSL-KDD, CICIDS2017) which include both normal and malicious LAN traffic.
• Preprocessing:
• Remove redundant features.
• Normalize numerical features.
• Encode categorical variables.
• Handle missing values.
• Label Encoding: Classify network traffic into "Normal" and various types of "Attack" (e.g., DoS, Probe, R2L).

1.4.2    Objective 2: To implement and compare multiple machine learning algorithms for detecting network intrusions

• Model Selection: Choose ML models like Random Forest, SVM, and Deep Neural Networks.
• Training: Split the preprocessed dataset into training and test sets.
• Model Building: Use scikit-learn, TensorFlow, or PyTorch for model implementation.
• Hyperparameter Tuning: Use grid search or random search to optimize model parameters.

1.4.3    Objective 3: To evaluate the performance of the developed models

• Metrics: Use classification metrics such as:
• Accuracy
• Precision
• Recall
• F1-Score
• Confusion Matrix
• Cross-Validation: Perform k-fold cross-validation to ensure model robustness.
• Model Comparison: Rank models based on performance metrics and computational efficiency.

1.4.4    Objective 4: To deploy a prototype of the AI-powered IDS

• Implementation: Integrate the best-performing model into a lightweight application.
• Real-Time Testing: Deploy the IDS in a testbed LAN environment using packet sniffing tools (e.g., Wireshark or Scapy).
• Alert System: Configure the system to raise alerts or log anomalies when intrusions are detected.

1.6       SIGNIFICANCE OF THE STUDY

This study holds significant importance in the field of network security, particularly for LAN-based infrastructures. The implementation of an AI-powered IDS is expected to:

• Enhance the security posture of LAN environments.
• Reduce false alarms and improve detection accuracy.
• Provide real-time monitoring and alert mechanisms.
• Serve as a valuable tool for IT professionals and network administrators.

Furthermore, the findings and outcomes of this research may serve as a foundation for future developments in AI-based cybersecurity applications.

1.7       DEFINITION OF TERMS

• Intrusion Detection System (IDS): A security system designed to monitor network traffic and detect unauthorized or malicious activity.
• Artificial Intelligence (AI): The simulation of human intelligence processes by machines, particularly computer systems.
• Machine Learning (ML): A subset of AI that involves training algorithms to learn from data and make predictions.
• Local Area Network (LAN): A network that connects computers within a limited area such as a home, school, or office.
• Anomaly Detection: The identification of rare or unusual patterns that do not conform to expected behavior.
• False Positive: A false alarm where benign activity is incorrectly identified as malicious.
• Real-Time Monitoring: The process of observing and analyzing data as it is generated or received, without delay.

Buyers has the right to create dispute within seven (7) days of purchase for 100% refund request when you experience issue with the file received. 

Dispute can only be created when you receive a corrupt file, a wrong file or irregularities in the table of contents and content of the file you received. 

ProjectShelve.com shall either provide the appropriate file within 48hrs or send refund excluding your bank transaction charges. Term and Conditions are applied.

Buyers are expected to confirm that the material you are paying for is available on our website ProjectShelve.com and you have selected the right material, you have also gone through the preliminary pages and it interests you before payment. DO NOT MAKE BANK PAYMENT IF YOUR TOPIC IS NOT ON THE WEBSITE.

In case of payment for a material not available on ProjectShelve.com, the management of ProjectShelve.com has the right to keep your money until you send a topic that is available on our website within 48 hours.

You cannot change topic after receiving material of the topic you ordered and paid for.