Blatta IDS is a network-based HTTP intrusion detection built with Rust such that it is safer from memory-based exploitation and can handle multithreading better than Python-based IDS. Other features of Blatta IDS are:
- Intelligent detection with Recurrent Neural Network (currently, only LSTM is supported)
- Saving network payload to files for further analysis
- Anomaly-based, hence it does not need malicious samples for training the model
Blatta IDS is developed based on this research of RNN-OD[1] and not to be confused with the other research[2] as they share the same name. Both research employ RNN but they have different ways of processing the input.
- Install Rust and its dependency
- Clone the repository
$ git clone https://github.com/bazz-066/blatta-ids- Configure the path to store the payload data. Replace the value of
pathin thesrc/main.rsfile with the directory name of your own choice. - [Optional] Configure the threshold by changing the
thresholdvalue in thesrc/main.rdfile. - Build the app
$ cd blatta-ids/
$ cargo build- Run the app
$ sudo cargo run <interface_name>- Pratomo, B. (2020). Low-rate attack detection with intelligent fine-grained network analysis (Doctoral dissertation, Cardiff University).
- Pratomo, B. A., Burnap, P., & Theodorakopoulos, G. (2020). Blatta: early exploit detection on network traffic with recurrent neural networks. Security and Communication Networks, 2020.