Use the package manager pip to install requirements.txt.
pip install -r requirement.txt- IDS_test.py is the main executable
- result.csv contains the output of the model on Q1_IDS_test.csv
- train.py contains the code for training the model
- Data files in data directory
- Model logic in utils/model.py
- requirements.txt has the libraries needed
# Basic usage: Specify input file (Required)
python IDS_test.py <input_file_path>
# Specify output file (Default "result_test.csv")
python IDS_test.py <input_file_path> -o <output_file_path> --date-col <Name of date column of input file>
# Specify name of date column (Default "DATETIME")
python IDS_test.py <input_file_path> --date-col <Name of date column of input file>- On plotting the feature columns as line plot, we saw that either the frequency of the sensors were disturbed or there were spikes in the data
- We used an event based anomaly detection with two kinds of events: Spikes and Frequency changes. Each event detected will set the state to anomaly for a few timestamps. Any further events will reset this clock.
- To take of care of the spikes, we computed the normal bounds of the feature and predicted an attack for the following few timestamps. Another event would reset the countdown for this.
- To take care of frequency disruption, we use MACD, with custom thresholds and window sizes for each feature.
- Parameter estimation was required for MACD
- For the window size, we computed rolling averages with varying window sizes, and calculated variance for the deviation of overall mean from the window means.
- Plotting the variance vs window size as a graph, the window size is the point where variance stops decreasing appreciably with increase in window size. (Third derivative is zero)
- For the threshold, we simply fix the window size, then observe the range of values mean - rolling mean takes for the normal and attack case, and pick values accordingly.