A modular system for real-time intrusion detection on local area networks

Resistance to cyber-attacks is critical for local networks, which are responsible for the smooth operation of many processes such as data sharing, communication, data storage and application access. In this study, a modular system is proposed to detect attacks that may occur in local networks. The proposed model is designed to detect local network attacks using two different methods. The first method aims to detect Spanning Tree Protocol (STP) Root Bridge, MAC Flood, Man in the Middle (MiTM) and Rogue DHCP attacks that are common in local area networks. The Layer 2 Discovery (L2D) application has been developed to detect these attacks in real time, which can lead to major service interruptions and data breaches in local networks. In addition, the developed application offers brand-independent security configurations to network administrators with GPT- 4o support. The another module of the proposed method, a feature selection and machine learning based method is presented for the detection of Distributed Denial of Service (DDoS) attacks occurring in local networks. In the proposed method, the most effective features in the CIC-DDoS2019 dataset are iteratively ranked with the default parameters of the Information Gain Attribute (IGA) algorithm and the Light Gradient Boosting Machine (LGBM) algorithm. A median filter is applied to the best selected features, and then new features are created with time series. The newly obtained data set was classified with the default parameters of the K-NN, RF, 1D-CNN, MLP and LGBM classifiers and the classifier with the highest accuracy result was selected. As a result of the process, the best hyper-parameters of the LGBM classifier that gave the highest result were determined with 10-K cross validation. As a result, the proposed method achieved 95.98 % accuracy and 96 % F1 Score value on the 13-class CIC-DDoS2019 dataset. In the last step of the study, classes consisting of similar characteristics in the dataset were combined and the CIC_DDoS2019 dataset was reduced to 12 classes. The proposed method was applied to the 12-class CIC_DDoS2019 dataset and achieved an accuracy 99.14 % and 99 % F1 Score. In addition to the detection capability of DDoS attacks, the study brings a new perspective to intrusion detection studies with the detection of real-time STP Root Bridge, MAC Flood, Man in the Middle (MiTM) and Rogue DHCP attacks.