IoT networks have become an increasingly valuable target of malicious attacks due to the increased amount of valuable user data they contain. In response, network intrusion detection systems have been developed to detect suspicious network activity. UNSW-NB15 is an IoT-based network traffic data set with different categories for normal activities and malicious attack behaviors. UNSW-NB15 botnet datasets with IoT sensors' data are used to obtain results that show that the proposed features have the potential characteristics of identifying and classifying normal and malicious activity. Role of ML algorithms is for developing a network forensic system based on network flow identifiers and features that can track suspicious activities of botnets is possible. The ML model metrics using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks.

The continuing increase of Internet of Things (IoT) based networks have increased the need for Computer networks intrusion detection systems (IDSs). Over the last few years, IDSs for IoT networks have been increasing reliant on machine learning (ML) techniques, algorithms, and models as traditional cybersecurity approaches become less viable for IoT. IDSs that have developed and implemented using machine learning approaches are effective, and accurate in detecting networks attacks with high-performance capabilities. However, the acceptability and trust of these systems may have been hindered due to many of the ML implementations being ‘black boxes’ where human interpretability, transparency, explainability, and logic in prediction outputs is significantly unavailable. The UNSW-NB15 is an IoT-based network traffic data set with classifying normal activities and malicious attack behaviors. Using this dataset, three ML classifiers: Decision Trees, Multi-Layer Perceptrons, and XGBoost, were trained. The ML classifiers and corresponding algorithm for developing a network forensic system based on network flow identifiers and features that can track suspicious activities of botnets proved to be very high-performing based on model performance accuracies. Thereafter, established Explainable AI (XAI) techniques using Scikit-Learn, LIME, ELI5, and SHAP libraries allowed for visualizations of the decision-making frameworks for the three classifiers to increase explainability in classification prediction. The results determined XAI is both feasible and viable as cybersecurity experts and professionals have much to gain with the implementation of traditional ML systems paired with Explainable AI (XAI) techniques.

IoT networks have become an increasingly valuable target of malicious attacks due to the increased amount of valuable user data they contain. In response, network intrusion detection systems have been developed to detect suspicious network activity. UNSW-NB15 is an IoT-based network traffic data set with different categories for normal activities and malicious attack behaviors. UNSW-NB15 botnet datasets with IoT sensors' data are used to obtain results that show that the proposed features have the potential characteristics of identifying and classifying normal and malicious activity. Role of ML algorithms is for developing a network forensic system based on network flow identifiers and features that can track suspicious activities of botnets is possible. The ML model metrics using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks.

As society and technology develop, more and more of our time is spent online, from shopping to socialising, working to banking. Ensuring our safety from malicious actors trying to capitalise on this digitisation is becoming ever more important. One such system that was developed to defend against attacks is a Network Intrusion Detection System (NIDS), a common tool used to detect intrusion attempts. Early adaptions used pre-configured signature detection to recognise attacks. Those early models evolved to use machine learning based anomaly detection to monitor real-time network activity and autonomously recognise intrusion attempts. Worryingly, the relatively new field of adversarial machine learning has been shown to be extremely effective in creating adversarial attacks that can easily bypass the NIDS. Adversary-aware feature selection, adversarial training and ensemble method were all used to increase the adversarial attack detection rate of the ML classifiers in the NIDS. Adversary-aware feature selection was the most effective, increasing the accuracy of three of the four classifiers from 0 for some adversarial attacks, to 0.98 for all adversarial attacks. In this work we build Hydra2, a tool to let users prototype an attack in a sand-box environment that has the ability of detecting adversarial attacks. The users can then quantify the results by adversarially attacking their prototype NIDS.

This project is an Intrusion Detection System (IDS) using machine learning (ML) and deep learning (DL) to detect network intrusions. It leverages the CICIDS2018 dataset to classify traffic as normal or malicious. Key features include data preprocessing, model training, hyperparameter tuning, and Docker containerization for scalable deployment.

ML-based Intrusion Detection System for IoT Networks using ML, CNN, and Transformer models. Modular pipeline with preprocessing, training, evaluation, and performance benchmarking on CICIDS2017, BoT-IoT, and TON-IoT datasets

Proposed a multi-level IDS with seven ensemble machine learning algorithms that are running parallely (level 1) and a deep learning algorithm - Forward Feedback ANN (level 2) which would help to overcome the problems of the existing IDS and optimally detect intrusion in any network.

The "Intrusion-Detection-System-Using-ML" repository by SudoAnirudh features a machine learning-based Network Intrusion Detection System with a Flask web interface. It includes components such as machine learning models, datasets, and static files for detecting network intrusions.

CyberSentinelML is a machine learning-based intrusion detection system (IDS) designed to detect and classify malicious network attacks in real-time. Using advanced ML models, it analyzes network traffic patterns to identify threats such as DDoS, port scanning, malware communication, and unauthorized access attempts.

Network Intrusion Detection System using an Ensemble of Standard ML Models

This project aims to develop network-based intrusion detection system using ML models. We use data plane programming to collect features and deploy our ML model in the data plane insteaded of control plane.

ML-based Network Intrusion Detection System using Python. Trains Random Forest and Deep Learning models on CICIDS2017, then performs real-time packet capture and threat detection with Scapy. Modular, ready for research, demos, or portfolio use.

A modular and adaptive Network Intrusion Detection System using Deep Q-Learning and Actor-Critic reinforcement learning, integrated with traditional ML models. Designed to detect complex attacks like SQL injection and DDoS..

A comparative study of ML-based Intrusion Detection Systems for 5G security. This project evaluates models including CNN, BiLSTM, Random Forest and Hybrid approaches using the CIC-IDS-2017 dataset to determine their effectiveness in identifying network attacks.

AI-powered Network Intrusion Detection System achieving 99.1% validation accuracy using a 10-model ML ensemble (XGBoost, LSTM, GNN, Autoencoder) with explainable AI (SHAP), real-time threat detection, SOC-style dashboard, automated response, and secure Azure CI/CD deployment.

The ML-Based Intrusion Detection System implements a two-stage architecture where the first stage distinguishes between normal and attack traffic using supervised machine learning models, and the second stage classifies the type of attack using Neural Networks. This layered approach improves detection accuracy and analysis of threats.

Developed a Network Intrusion Detection System (NIDS) using the NUSW-NB-15 dataset for binary and multi-class classification. 2. Performed EDA, feature engineering, and feature selection using the ANOVA F-statistic approach. 3. Implemented and optimized multiple ML models, improving prediction speed and accuracy

Machine Learning–Based Intrusion Detection System for Software-Defined Networks (SDN) using the InSDN dataset. This project evaluates multiple supervised ML models and ensemble techniques to detect SDN-specific cyberattacks, achieving high accuracy and robust generalization through careful preprocessing, feature selection, and model comparison.

AI-Based Intrusion Detection System using ML to classify network traffic. Features FastAPI backend for model inference, Streamlit frontend for CSV uploads and visualization, and CICFlowMeter for PCAP to CSV conversion. Built for FYP 2025 in Software Engineering.

The Log-based Intrusion Detection System (IDS) is a cloud-based security solution that detects potential cyber threats using machine learning. It analyzes network traffic logs stored in AWS, processes them using AWS Lambda, classifies them with an ML model hosted on AWS SageMaker, and visualizes the results through a web dashboard.

This project implements a Real-Time Intrusion Detection System (IDS) powered by Machine Learning. It captures live network traffic, preprocesses it into features, and uses a trained ML model to detect whether packets are Normal or Malicious. The IDS provides real-time alerts in the console and also logs them into a file for further analysis.

No description available

This notebook aims to reproduce the results of the paper "Study on Decision Tree and KNN Algorithm for Intrusion Detection System" published in the International Journal of Engineering Research & Technology in May 2020.

No description available

Network Intrusion Detection System using ML model trained on NSL-KDD dataset.

Network Intrusion Detection System using Random Forest ML model and Flask web interface.

Network intrusion detection system using ML models on CIC-IDS 2017 dataset for anomaly classification.

ML-based Network Intrusion Detection System for detecting cyber attacks using data analytics and predictive modeling.

ML-Powered Network Intrusion Detection System Real-time threat detection using a 3-model ensemble — Isolation Forest · Random Forest · Autoencoder

ML-based Intrusion Detection System - Real-time network threat detection using machine learning models trained on NSL-KDD and CIC-IDS datasets