AI-Driven Intrusion Detection System for Real-Time Network Threat Detection
- About
- Features
- Architecture
- Installation
- Usage
- Dataset
- Screenshots
- Project Structure
- Contributing
- Author
IDS with AI is an intelligent Intrusion Detection System that leverages Machine Learning to detect and alert malicious network activities in real-time.
Built with the renowned UNSW-NB15 dataset, this system employs a Random Forest classifier to achieve high-accuracy detection of network intrusions, distinguishing between Normal and Malicious traffic patterns.
| Aspect | Details |
|---|---|
| 🧠 AI Model | Random Forest Classifier |
| 📊 Dataset | UNSW-NB15 (42 features) |
| ⚡ Processing | Real-time packet analysis |
| 🌐 Dashboard | Auto-refreshing web UI |
| 💾 Storage | SQLite database logging |
✅ AI-Powered Detection → Random Forest ML model with ~85-90% accuracy
✅ Real-time Monitoring → Live network packet capture using Scapy
✅ Web Dashboard → Beautiful, responsive UI with auto-refresh
✅ Threat Alerts → Instant visual notifications for malicious activity
✅ Persistent Logging → SQLite database for historical analysis
✅ Binary Classification → Normal (0) vs Malicious (1) detection
✅ Modular Design → Easy to extend with additional models
┌─────────────────────────────────────────────────────────────────────────┐
│ IDS with AI Architecture │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Network │─────▶│ AI Sniffer │─────▶│ SQLite │ │
│ │ Traffic │ │ (Scapy+ML) │ │ Database │ │
│ └──────────────┘ └──────────────┘ └──────┬───────┘ │
│ │ │
│ ▼ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Web │◀─────│ Flask │◀─────│ Detection │ │
│ │ Browser │ │ Server │ │ Logs │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
- Python 3.8 or higher
- Git
- pip (Python package manager)
git clone https://github.com/shamanthwick/IDS-With-AI.git
cd IDS-With-AIpip install -r requirements.txtDownload the UNSW-NB15 training dataset:
- Search for
UNSW_NB15_training-set.csvonline - Place it in the project root folder
python train_model.pyThis generates:
ids_rf_model.pkl→ Trained Random Forest modelids_scaler.pkl→ Feature scaler
python sniffer.pyOpen a new terminal:
python app.pyOpen browser and navigate to:
http://127.0.0.1:5000
| Feature | Description |
|---|---|
| 📊 Live Statistics | Real-time threat counts and totals |
| 📋 Detection Logs | Recent network activity table |
| 🔄 Auto-Refresh | Updates every 3 seconds |
| 🏷️ Status Badges | Color-coded Normal/Malicious indicators |
| 🎨 Dark Theme | Modern, eye-friendly UI |
| Property | Value |
|---|---|
| Name | UNSW-NB15 |
| Type | Network Intrusion Detection |
| Classes | Binary (Normal/Malicious) |
| Features | 42 network traffic features |
| Source | University of New South Wales |
- 🖥️ Fuzzers
- 🔍 Analysis
- 🚪 Backdoors
- 💥 DoS (Denial of Service)
- 🎯 Exploits
- 🔀 Generic
- 📡 Reconnaissance
- 💉 Shellcode
- 🐛 Worms
To enhance the robustness of this IDS, future iterations can incorporate more modern and diverse datasets:
A large-scale dataset created by the Canadian Institute for Cybersecurity (CIC) representing modern network traffic environments.
- Key Features:
- Capture period of 10 days with realistic background traffic.
- Extensive feature set (80+ network flow features).
- Large volume of data (terabytes of raw traffic).
- Types of Attacks: Brute Force, DoS, DDoS, Heartbleed, Botnet, Infiltration, and Web Attacks.
- Why it's Modern: It captures much newer attack vectors and more complex network topologies compared to UNSW-NB15.
A heterogeneous dataset collecting data from Telemetry, Operating Systems, and Network (ToN) sensors in an IoT/IIoT environment.
- Key Features:
- Multi-layered data including Network traffic, IoT telemetry, and OS logs.
- Realistic Industrial IoT (IIoT) environment simulation.
- High-dimensional and diverse feature sets.
- Types of Attacks: DoS, DDoS, Ransomware, Backdoor, Injection, XSS, Scanning, and MitM.
- Why it's Modern: Specifically designed for the IoT era, addressing vulnerabilities in smart devices that traditional datasets like UNSW-NB15 overlook.
A dataset created in a realistic network environment specifically to capture various botnet attack scenarios.
- Key Features:
- High-density Botnet-specific traffic patterns.
- Includes 5% sub-sampled versions for efficient research and training.
- Detailed per-packet and per-flow statistical metrics.
- Types of Attacks: DDoS, DoS, OS Fingerprinting, Service Discovery, Keylogging, and Data Exfiltration.
- Why it's Modern: Provides a much more specialized and deep focus on botnet behaviors, which have evolved significantly since the release of earlier datasets.
┌────────────────────────────────────────────────────┐
│ Model Evaluation Results │
├────────────────────────────────────────────────────┤
│ Metric │ Score │
├───────────────┼────────────────────────────────────┤
│ Accuracy │ ~85-90% │
│ Precision │ ~85% │
│ Recall │ ~85% │
│ F1-Score │ ~85% │
└────────────────────────────────────────────────────┘
*Results may vary based on training data and network conditions
IDS-With-AI/
│
├── 📄 train_model.py # AI model training script
├── 📄 sniffer.py # Network packet sniffer
├── 📄 app.py # Flask web server
├── 📄 requirements.txt # Python dependencies
├── 📄 README.md # Project documentation
│
├── 📁 templates/
│ └── 📄 index.html # Dashboard UI
│
├── 🔧 .gitignore # Git ignore rules
│
└── 📦 Generated Files (not in repo)
├── ids_rf_model.pkl # Trained model
├── ids_scaler.pkl # Feature scaler
└── ids_logs.db # Detection logs
Contributions are welcome! Here's how you can help:
- 🍴 Fork the repository
- 🌿 Create a feature branch (
git checkout -b feature/AmazingFeature) - 💾 Commit your changes (
git commit -m 'Add AmazingFeature') - 🚀 Push to the branch (
git push origin feature/AmazingFeature) - 🔄 Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
| GitHub | @shamanthwick |
| shamantharsingh@gmail.com |
- 🎓 UNSW-NB15 Dataset creators
- 🔧 Scapy developers
- 🤖 Scikit-learn team
- 🌐 Flask community
If you find this project useful, please ⭐ star this repository!