Evaluation of anomaly detection in imbalanced authentication logs.
-
Create a conda virtual environment
conda create --name imbalance-anomaly python=3.6 -
Activate the environment
conda activate imbalance-anomaly
-
Clone this repository
git clone https://github.com/studiawan/imbalance-anomaly.git -
Go to the project directory. The rest of the instructions run in this directory
cd imbalance-anomaly -
In
setup.pyfile, changetensorflow-gputotensorflowif you do not run on a GPU -
Install this package in the activated virtual environment
pip install -e .
-
Copy the datasets from
imbalance-anomaly-gtrepository to directoryimbalance-anomaly/datasets. It is assumed that the directory of both repository are located in~/Git. Please change according to your own directory structurecp ~/Git/imbalance-anomaly-gt/datasets/casper-rw/log.all.pickle ~/Git/imbalance-anomaly/datasets/casper-rw/log.all.picklecp ~/Git/imbalance-anomaly-gt/datasets/dfrws-2009/log.all.pickle ~/Git/imbalance-anomaly/datasets/dfrws-2009/log.all.picklecp ~/Git/imbalance-anomaly-gt/datasets/honeynet-challenge7/log.all.pickle ~/Git/imbalance-anomaly/datasets/honeynet-challenge7/log.all.pickle -
Extract the Glove pre-trained embedding
tar -xzvf glove/glove6B.50d.tar.gz --directory glove/
-
Run experiments for all methods from Keras library. Type dataset name and method name after the script. The supported datasets are
casper-rw,dfrws-2009, andhoneynet-challenge7. The supported methods arelstmandcnn.Command:
python imbalance_anomaly/experiment/experiment_keras.py dataset_name method_nameExample:
python imbalance_anomaly/experiment/experiment_keras.py casper-rw lstm -
The experimental results are located in
imbalance_anomaly/datasets/$DATASET_NAME$/where$DATASET_NAME$is one of the datasets:casper-rw,dfrws-2009, andhoneynet-challenge7. The file name format for experimental results is$METHOD_NAME$.evaluation.csv. -
Pretty print the csv file of experimental results
column -s, -t datasets/$DATASET_NAME$/$METHOD_NAME$.evaluation.csv