Machine learning-powered Intrusion Detection System (IDS) that classifies network traffic and detects cyber threats such as DDoS attacks, Botnets, Brute Force attacks, Port Scans, and Web Attacks with 99.83% accuracy using the CIC-IDS2017 dataset.
Machine learning-powered Intrusion Detection System (IDS) that classifies network traffic and detects cyber threats such as DDoS attacks, Botnets, Brute Force attacks, Port Scans, and Web Attacks with 99.83% accuracy using the CIC-IDS2017 dataset.
Modern organizations face increasing cybersecurity threats from malicious network activities such as DDoS attacks, brute force attempts, botnets, and web-based attacks. Traditional signature-based security systems struggle to detect evolving attack patterns and generate actionable insights in real time. Organizations require intelligent systems capable of automatically classifying network traffic, detecting anomalies, and providing immediate threat visibility.
Developed an AI-powered Intrusion Detection System that leverages machine learning to classify network traffic and identify malicious behavior. The system uses a Random Forest Classifier trained on the CIC-IDS2017 dataset and provides a real-time monitoring dashboard, threat alert management, network analytics, and database-backed logging for security operations. FastAPI powers the backend while Plotly delivers interactive visualizations for security analysts.
1. Raw network traffic data is collected from the CIC-IDS2017 dataset. 2. Data preprocessing cleans and merges network traffic records. 3. Feature engineering transforms attack labels and network attributes. 4. Random Forest model is trained on balanced datasets. 5. Trained model artifacts are saved using Joblib. 6. FastAPI serves prediction and monitoring endpoints. 7. Network traffic batches are classified in real time. 8. Threat severity is assigned based on attack type. 9. Alerts and logs are stored in MySQL/SQLite databases. 10. Plotly dashboards visualize threat distributions, system health, and network activity metrics.
Challenge 1: Highly imbalanced cybersecurity datasets. Solution: Applied downsampling and balancing techniques to ensure fair model training across attack categories. Challenge 2: Handling large-scale network traffic data. Solution: Built a preprocessing pipeline to clean, merge, and optimize CIC-IDS2017 traffic records. Challenge 3: Accurate classification of multiple attack types. Solution: Trained and fine-tuned a Random Forest model with feature engineering and label optimization. Challenge 4: Presenting security insights in an understandable format. Solution: Developed an interactive Plotly dashboard with visual threat analytics and health monitoring. Challenge 5: Centralized threat management and tracking. Solution: Designed a relational database architecture using SQLAlchemy ORM for alerts, logs, metrics, and traffic records.
• Overall Model Accuracy: 99.83% • DDoS Detection F1-Score: 99.93% • Brute Force Detection F1-Score: 99.93% • Port Scan Detection F1-Score: 99.92% • Botnet Detection F1-Score: 95.56% • Web Attack Detection F1-Score: 98.19% • Real-time threat classification and alert generation • Automated security event logging • Interactive security monitoring dashboard • Database-driven threat analytics and reporting
Let's discuss how we can leverage these technologies and methods to build scalable systems for your engineering needs.
