A network intrusion detection system using Chain of Thought, knowledge graphs and GraphSAGE
Project description
CoT-KG Network Intrusion Detection using Knowledge Graph and GraphSAGE
This project implements a network intrusion detection system using Chain of Thought (CoT), knowledge graphs and GraphSAGE model on the CICIDS2017 dataset. The Chain of Thought approach is used to enhance the knowledge graph construction and improve the interpretability of the detection process.
Key Features
- Chain of Thought (CoT) enhanced knowledge graph construction
- GraphSAGE-based network intrusion detection
- Interpretable AI techniques for explaining detection results
- Integration of domain knowledge with machine learning
Data Download and Preparation
The CICIDS2017 dataset is used in this project. Follow these steps to download and prepare the data:
-
- Clone this repository:
git clone <https://github.com/chen/CoTKG-Network-intrusion-detection.git>
cd CoTKG-Network-Intrusion-Detection
-
- Install the required dependencies:
pip install -r requirements.txt
-
- Run the data download script:
python src/download_data.py
This script will:
-
Download the MachineLearningCSV.zip file from the CICIDS2017 dataset
-
Check the integrity of the downloaded file
-
Extract the contents to the
data/raw/directory
Note: The download might take some time as the file is about 224MB.
- After running the script, the data will be available in the
data/raw/MachineLearningCVE/directory.
Installation
To install the required dependencies, run:
pip install -r requirements.txt
Usage
After preparing the data, you can run the main script to train and evaluate the model:
python src/main.py
This script will:
- Load and preprocess the data
- Perform feature engineering
- Construct the knowledge graph
- Train the GraphSAGE model
- Evaluate the model
- Generate explanations for the predictions
Note
The raw data files are large and are not included in the git repository. They will be downloaded when you run the download_data.py script. If you need to share the project, others can use the same script to download the data.
Author
Chen Xingqiang Hanghzou Turing AI Co.,Ltd. Email: chen.xingqiang@iechor.com
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- CICIDS2017 dataset: https://www.unb.ca/cic/datasets/ids-2017.html
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cotkg_network_intrusion_detection-0.1.0.tar.gz.
File metadata
- Download URL: cotkg_network_intrusion_detection-0.1.0.tar.gz
- Upload date:
- Size: 13.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cd8f2c515037e7b8416853f03242fd93f84d8fc74b883a4fe864607af6024d9d
|
|
| MD5 |
691283864f9248f3480c728fd468a396
|
|
| BLAKE2b-256 |
484bfd8a2802bee7c25f255b8d85d6cf5ef3e5467e1ab35472e12d059c7bb022
|
File details
Details for the file cotkg_network_intrusion_detection-0.1.0-py3-none-any.whl.
File metadata
- Download URL: cotkg_network_intrusion_detection-0.1.0-py3-none-any.whl
- Upload date:
- Size: 3.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
70b28670d7f258345569adc649de5ba62ecf422010a7ea316d01b7bc41e9685f
|
|
| MD5 |
f3b9b574a26344341425e2812490db95
|
|
| BLAKE2b-256 |
16199aeeceee8385855d32e168419767dd675626a0a84c31dc7df03d69655cca
|
