An artificial intelligence-based system for detecting network intrusions by analyzing network traffic patterns.
This project implements a machine learning-based network intrusion detection system that can:
- Generate synthetic network traffic data for training
- Train and evaluate machine learning models
- Visualize network traffic patterns
- Detect intrusions in real-time by capturing and analyzing network packets
- Data Generation: Creates synthetic datasets containing both normal and attack traffic patterns
- Multiple Attack Types: Simulates various attack types including DoS, port scanning, brute force, injection, and man-in-the-middle
- ML-based Detection: Uses machine learning algorithms to classify traffic as normal or malicious
- Real-time Analysis: Captures and analyzes live network traffic
- Visualizations: Provides visual analysis of network traffic patterns and model performance
Intrusion_detection_system/
│
├── data/ # Directory for datasets and visualizations
│ └── visualizations/ # Visualizations of the data
│
├── logs/ # Log files for the detection system
│
├── models/ # Trained machine learning models
│ └── evaluation/ # Model evaluation results
│
├── src/ # Source code
│ ├── generate_dataset.py # Script to generate synthetic training data
│ ├── train_model.py # Script to train and evaluate the ML model
│ ├── detect_intrusions.py # Script to detect intrusions in real-time
│ └── visualize_data.py # Script to visualize data and results
│
├── main.py # Main script to run the system
└── requirements.txt # Required Python packages
- Clone the repository:
git clone https://github.com/yourusername/Intrusion_detection_system.git
cd Intrusion_detection_system- Install dependencies:
pip install -r requirements.txtGenerate a dataset with normal and attack traffic:
python main.py --generateCustomize the number of samples:
python main.py --generate --normal-samples 10000 --attack-samples 2500Create visualizations of the dataset:
python main.py --visualizeTrain an intrusion detection model on the dataset:
python main.py --trainChoose a specific model type:
python main.py --train --model-type random_forestDetect intrusions in real-time network traffic:
python main.py --detect --interface eth0 --count 1000Generate data, create visualizations, and train the model:
python main.py --fullThe synthetic dataset includes the following features:
- timestamp: Time when the traffic was recorded
- protocol: Network protocol (TCP, UDP, HTTP, HTTPS, etc.)
- src_ip: Source IP address
- src_port: Source port number
- dst_ip: Destination IP address
- dst_port: Destination port number
- packet_size: Size of the packet in bytes
- packet_count: Number of packets in the flow
- byte_count: Total bytes transferred in the flow
- flow_duration: Duration of the flow in seconds
- flow_rate: Rate of data transfer (bytes/second)
- ttl: Time-to-live value in the IP header
- flags: TCP flags (for TCP traffic)
- error_rate: Rate of errors in the flow
- inter_arrival_time: Time between consecutive packets
- is_attack: Target variable (0 for normal, 1 for attack)
- attack_type: Type of attack (for attack traffic)
The models are evaluated using:
- Accuracy
- Precision & Recall
- F1-Score
- Confusion Matrix
- ROC Curve
- Precision-Recall Curve
- Denial of Service (DoS): High-volume traffic aimed at overwhelming services
- Port Scanning: Probing ports to find vulnerabilities
- Brute Force: Attempting to crack passwords through repeated attempts
- Injection Attacks: SQL, command, or other injection techniques
- Man-in-the-Middle (MITM): Intercepting legitimate traffic
- Add more attack types to the synthetic data generator
- Implement additional machine learning algorithms
- Integrate with network security tools
- Develop a web interface for monitoring
- Add alerts and notifications for detected intrusions
This project is licensed under the MIT License - see the LICENSE file for details.
- Inspiration from the KDD Cup 1999 and NSL-KDD datasets
- Based on machine learning techniques for network security