Code for IDS-ML: intrusion detection system development using machine learning algorithms (Decision tree, random forest, extra trees, XGBoost, stacking, k-means, Bayesian optimization..)

IoT networks have become an increasingly valuable target of malicious attacks due to the increased amount of valuable user data they contain. In response, network intrusion detection systems have been developed to detect suspicious network activity. UNSW-NB15 is an IoT-based network traffic data set with different categories for normal activities and malicious attack behaviors. UNSW-NB15 botnet datasets with IoT sensors' data are used to obtain results that show that the proposed features have the potential characteristics of identifying and classifying normal and malicious activity. Role of ML algorithms is for developing a network forensic system based on network flow identifiers and features that can track suspicious activities of botnets is possible. The ML model metrics using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks.

This is a five-step framework for the development of intrusion detection systems (IDS) using machine learning (ML) considering model realization, and performance evaluation.

The continuing increase of Internet of Things (IoT) based networks have increased the need for Computer networks intrusion detection systems (IDSs). Over the last few years, IDSs for IoT networks have been increasing reliant on machine learning (ML) techniques, algorithms, and models as traditional cybersecurity approaches become less viable for IoT. IDSs that have developed and implemented using machine learning approaches are effective, and accurate in detecting networks attacks with high-performance capabilities. However, the acceptability and trust of these systems may have been hindered due to many of the ML implementations being ‘black boxes’ where human interpretability, transparency, explainability, and logic in prediction outputs is significantly unavailable. The UNSW-NB15 is an IoT-based network traffic data set with classifying normal activities and malicious attack behaviors. Using this dataset, three ML classifiers: Decision Trees, Multi-Layer Perceptrons, and XGBoost, were trained. The ML classifiers and corresponding algorithm for developing a network forensic system based on network flow identifiers and features that can track suspicious activities of botnets proved to be very high-performing based on model performance accuracies. Thereafter, established Explainable AI (XAI) techniques using Scikit-Learn, LIME, ELI5, and SHAP libraries allowed for visualizations of the decision-making frameworks for the three classifiers to increase explainability in classification prediction. The results determined XAI is both feasible and viable as cybersecurity experts and professionals have much to gain with the implementation of traditional ML systems paired with Explainable AI (XAI) techniques.

IoT networks have become an increasingly valuable target of malicious attacks due to the increased amount of valuable user data they contain. In response, network intrusion detection systems have been developed to detect suspicious network activity. UNSW-NB15 is an IoT-based network traffic data set with different categories for normal activities and malicious attack behaviors. UNSW-NB15 botnet datasets with IoT sensors' data are used to obtain results that show that the proposed features have the potential characteristics of identifying and classifying normal and malicious activity. Role of ML algorithms is for developing a network forensic system based on network flow identifiers and features that can track suspicious activities of botnets is possible. The ML model metrics using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks.

Network Intrusion Detection System on CSE-CIC-IDS2018 using ML classifiers and DNN ( ANN , CNN , RNN ) | Hyper-parameter Optimization { learning rate, epochs, network architectures, regularisation } | Adversarial Attacks - Label flip , Adversarial samples , KNN (defence)

The application of using ML in intrusion detection has mostly been limited to research work and showing results on the formally used kdd99 dataset. In this project I have developed a simple mechanism for realtime intrusion detection using java pcap4j library and python to implement the detection. This code is able to detect intrusion with 97% of accuracy using K nearest Neighbours algorithm.

As society and technology develop, more and more of our time is spent online, from shopping to socialising, working to banking. Ensuring our safety from malicious actors trying to capitalise on this digitisation is becoming ever more important. One such system that was developed to defend against attacks is a Network Intrusion Detection System (NIDS), a common tool used to detect intrusion attempts. Early adaptions used pre-configured signature detection to recognise attacks. Those early models evolved to use machine learning based anomaly detection to monitor real-time network activity and autonomously recognise intrusion attempts. Worryingly, the relatively new field of adversarial machine learning has been shown to be extremely effective in creating adversarial attacks that can easily bypass the NIDS. Adversary-aware feature selection, adversarial training and ensemble method were all used to increase the adversarial attack detection rate of the ML classifiers in the NIDS. Adversary-aware feature selection was the most effective, increasing the accuracy of three of the four classifiers from 0 for some adversarial attacks, to 0.98 for all adversarial attacks. In this work we build Hydra2, a tool to let users prototype an attack in a sand-box environment that has the ability of detecting adversarial attacks. The users can then quantify the results by adversarially attacking their prototype NIDS.

This project is an Intrusion Detection System (IDS) using machine learning (ML) and deep learning (DL) to detect network intrusions. It leverages the CICIDS2018 dataset to classify traffic as normal or malicious. Key features include data preprocessing, model training, hyperparameter tuning, and Docker containerization for scalable deployment.

Project based on SVM and Random Forest to detect Intrusion on network traffic

An Intrusion Detection System (IDS) using Machine Learning (ML) analisys to identify malicious patterns on inside and outside network packages

This repository consists of the code necessary to develop the Bachelor's Degree Final Project in Telecom Engineering at UPM. It uses Federated Learning techniques to train and test ML model of an Intrusion Detection System (IDS) to detect ciberattacks in a cross-silo configuration

Advanced Network Intrusion Detection System (NIDS) - ML-based cybersecurity project using Python with real-time packet analysis, anomaly detection, and web-based monitoring dashboard

ML-based Intrusion Detection System for IoT Networks using ML, CNN, and Transformer models. Modular pipeline with preprocessing, training, evaluation, and performance benchmarking on CICIDS2017, BoT-IoT, and TON-IoT datasets

Multi-Tiered Hybrid Intrusion Detection System for Internet of Vehicles

No description available

Federated Learning (FL) system for network intrusion detection using XGBoost. A privacy-preserving federated learning framework using Flower, PyTorch, and Hydra, with CI/CD automation for seamless ML deployment.

This repository contains the source code for the Bachelor's project "Implementation of Intrusion Detection Systems Using eBPF and Machine Learning: A Comparative Analysis of Different ML Approaches".

Vigilix is a real-time intrusion detection dashboard using Prometheus, Grafana. It monitors system metrics, detects anomalies with ML, and visualizes threats for improved infrastructure security. Includes CI/CD for automated deployment.

The "Intrusion-Detection-System-Using-ML" repository by SudoAnirudh features a machine learning-based Network Intrusion Detection System with a Flask web interface. It includes components such as machine learning models, datasets, and static files for detecting network intrusions.

No description available

Proposed a multi-level IDS with seven ensemble machine learning algorithms that are running parallely (level 1) and a deep learning algorithm - Forward Feedback ANN (level 2) which would help to overcome the problems of the existing IDS and optimally detect intrusion in any network.

Undergrad paper on Anomaly-based Network Intrusion Detection Systems using ML

Project implements an Intrusion Detection System (IDS) using traditional and machine learning techniques. It provides real-time monitoring, signature-based detection, and anomaly detection with ML models. Key technologies include SharpPcap, PacketDotNet, and ML.NET.

Network Intrusion and Detection System (NIDS) monitors network traffic in real time to detect malicious activities. It uses signature-based detection and ML-based anomaly detection (NSL-KDD dataset) with a Python-powered web interface for analysis and alerts.

This project was developed as part of the PI – 4th Year Engineering Program at Esprit School of Engineering (Academic Year 2025–2026). 6G Smart City Intrusion Detection System using ML on mMTC, URLLC, eMBB & TON_IoT datasets.

CyberSentinelML is a machine learning-based intrusion detection system (IDS) designed to detect and classify malicious network attacks in real-time. Using advanced ML models, it analyzes network traffic patterns to identify threats such as DDoS, port scanning, malware communication, and unauthorized access attempts.

A system called an network intrusion detection system (NIDS) observes network traffic for malicious transactions on the website. It detects different types of attacks on the network such as DOS, Probe, R2L and U2R

No description available

The intrusion detection system using ml is a security based project designed to detect unauthorised access and malicious activities within a network