Update README.md
Browse files
README.md
CHANGED
|
@@ -0,0 +1,15 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# Mistral based NIDS
|
| 2 |
+
|
| 3 |
+
This repository contains an implementation of a Network Intrusion Detection System (NIDS) based on the Mistral Large Language Model (LLM). The system is designed to detect and classify network attacks using natural language processing techniques.
|
| 4 |
+
|
| 5 |
+
## Overview
|
| 6 |
+
- **LLM**:
|
| 7 |
+
- The NIDS is built using the Mistral LLM, a powerful language model that enables the system to understand and analyze network traffic logs.
|
| 8 |
+
- Another LLM, Llama2, was fine-tuned and the performance of the two were compared. The link to my implementation of Llama2-based can be found [here](https://huggingface.co/caffeinatedcherrychic/Llama2-based-NIDS).
|
| 9 |
+
- **Dataset**: The system is trained and evaluated on the CIDDS dataset, which includes various types of network attacks such as DoS, PortScan, Brute Force, and PingScan.
|
| 10 |
+
- **Training**: The LLM is fine-tuned on the CIDDS dataset after it was pre-processed using the [NTFA tool](https://github.com/KayvanKarim/ntfa) to learn the patterns and characteristics of different network attacks.
|
| 11 |
+
- **Inference**: The trained model is used to classify network traffic logs in real-time, identifying potential attacks and generating alerts.
|
| 12 |
+
|
| 13 |
+
## Results
|
| 14 |
+
The mistral-based NIDS achieves a higher detection rate with lower false positives, demonstrating the effectiveness of using LLMs for network intrusion detection. With access to computational resources for longer periods, It's performance could further be improved.
|
| 15 |
+
|