Goals:

1.) Better understand the features we are looking for in network data sets, specifically from the SWaT data set

2.) Continue work on the honeypot server and get a website running on the server that will be enticing to attackers

3.) Continue looking into simple methods to attack the server to obtain data and better understand the process of an IoT or network attack

4.) Think about ways to apply HMMs to the data sets we have obtained, and how we can use those to train a machine learning model

5.) Start thinking about the sort of things to present in the midterm

Monday: Presented our weekly update, then met with Coach, Aziz, and Ali, where goals for different milestones were reiterated. Worked more on the honeypot before deciding that data sets would be the better option going forward. Looked more into the different tools used to attack networks, tried to decide which type of attack to try carrying out on the server we have set up.

Tuesday: Attempted to analyze the SWaT data set in order to extract features. Unfortunately, there was very little we could take away from it. Looked into other data sets: IoTPOT and the Kyoto honeypot data sets. Emailed a consultant regarding access to the IoTPOT data, and managed to get access to the Kyoto data set. Started to play with the Kyoto data trying to figure out how the identified features correlate with attacks (using MATLAB). Briefly attempted to implement multi-variable response in R.

Wednesday: Worked with DDoS set in Matlab, developed model using packet rate to determine whether the system is being attacked, which produced a sequence of states that was 98% accurate to the actual observed sequence of states. Attempted to use Kyoto data set in Matlab, but didn't find a way to implement multiple features at once into a Hidden Markov Model.

Thursday: Worked on presentation for Monday's group discussion, met with Coach, Aziz, and Ali to go over the presentation. Selected more features to create HMMs with to predict states (using the DDoS data set). Researched more features of different types of attacks (DDoS, MitM, BotNet, etc.).

Friday: Fixed up the presentation according to suggestions from yesterday's meeting. Updated website with additional research sources and datasets gathered over the past week. Identified more features of the DDoS dataset which indicate various attacks, and spent a majority of the day playing with the data in Matlab.