Network Intrusion Detection System

This project is a Network Intrusion Detection System (NIDS) that uses machine learning algorithms to detect various types of network intrusions. The system is built using Flask for the web interface and scikit-learn for the machine learning models. It classifies network traffic into Normal or one of several attack categories (DOS, PROBE, R2L, U2R).

Features

• Machine Learning Models: Uses a pre-trained model (saved in models/model.pkl) to classify network traffic.
• Web Interface: A user-friendly web interface (built with Flask and HTML/CSS) to input network features and view predictions.
• Email Alerts: Automatically sends email alerts when an intrusion (non-Normal traffic) is detected.
• API Endpoint: Provides a /results endpoint for programmatic access to predictions via JSON.

Project Structure

• app.py: The main Flask application file. Contains the web server logic, routing, and prediction handling.
• models/: Directory containing the trained machine learning model (model.pkl).
• NSL_Dataset/: Directory containing the training and testing datasets (Train.txt, Test.txt) used for model development.
• static/: Directory containing static files like CSS (style.css, home_styles.css).
• templates/: Directory containing HTML templates (home.html, index.html) for the web interface.
• corrm.csv: Correlation matrix CSV file, likely used during data analysis.
• num_summary.csv: Numerical summary CSV file of the dataset.
• pandas_profiling.html: HTML report generated by pandas profiling, offering a detailed analysis of the dataset.
• Copy_of_Network_Intrusion_Detection_System.ipynb: Jupyter Notebook containing the data exploration, preprocessing, model training, and evaluation steps.
• requirements.txt: List of Python dependencies required to run the project.

Installation

1. Clone the repository:

   git clone https://github.com/SudoAnirudh/Intrusion-Detection-System-Using-ML.git
   cd Intrusion-Detection-System-Using-ML

2. Create a virtual environment (optional but recommended):

   python -m venv venv
   source venv/bin/activate  # On Windows use `venv\Scripts\activate`

3. Install the required packages:

   pip install -r requirements.txt

   Note: Ensure you have scikit-learn==0.22.1 installed as the model was pickled with this version.

Usage

1. Configure Email Settings (Optional): Open app.py and update the EMAIL_ADDRESS and EMAIL_PASSWORD variables if you want to enable email alerts. You will also need to update the recipient list in the predict and results functions.

2. Run the Flask application:

   python app.py

3. Access the Web Interface: Open your web browser and go to http://127.0.0.1:5000/.

   • Click on "Launch" or navigate to /ids to access the detection form.
   • Fill in the network parameters (e.g., connection count, service rates).
   • Click "Predict" to see if the traffic is Normal or an Attack.

4. API Usage: You can send a POST request to http://127.0.0.1:5000/results with a JSON body containing the feature values.

Model Information

The model attempts to classify traffic into the following categories:

• Normal: Normal network traffic.
• DOS: Denial of Service attack.
• PROBE: Probing or surveillance activity.
• R2L: Remote to Local attack (unauthorized access from a remote machine).
• U2R: User to Root attack (unauthorized access to local superuser privileges).

Contributing

Contributions are welcome! Please open an issue or submit a pull request for any improvements or bug fixes.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Acknowledgements

Thanks to vicky60629 for the base of this project.