This project aims to create a custom Network Intrusion Detection System (NIDS) that can detect various types of network attacks, such as Denial of Service (DoS), port scanning, and unauthorized access, by analyzing network traffic data. The system uses a machine learning model trained on a dataset of labeled network traffic to identify suspicious patterns.
- Clone the repository and navigate to the project directory.
- Create a virtual environment:
python -m venv venv
bash Copy code .\venv\Scripts\activate
bash Copy code pip install -r requirements.txt
powershell Copy code Set-ExecutionPolicy -ExecutionPolicy RemoteSigned powershell Copy code Unblock-File V:\Github\Custom_NIDS_with_ML.\venv\Scripts\Activate.ps1 powershell Copy code Invoke-Command -ScriptBlock {V:\Github\Custom_NIDS_with_ML.\venv\Scripts\activate} powershell Copy code V:\Github\Custom_NIDS_with_ML.\venv\Scripts\activate.bat Add a database CSV file to your project.
To get started, you'll need to download the dataset and place it in a data/ folder within your project directory. Follow these steps:
Download the NSL-KDD dataset from the Kaggle website. Extract the downloaded zip file to a folder named data within your project directory. Rename the dataset file to NSL-KDD.csv for simplicity.
Download the CICIDS2017 dataset from the Canadian Institute for Cybersecurity website. Extract the downloaded zip file to a folder named data within your project directory. Rename the dataset file to CICIDS2017.csv for simplicity. Once you've downloaded and placed the dataset in the data/ folder, you can modify the load_data function to load the dataset correctly.
Details about the machine learning model, including the training process and evaluation metrics, will be documented here.
Any known limitations or potential future improvements can be noted in this section.
Note: VS Code needs to run in admin mode for some features to function correctly.
scapy requires access to network interfaces, which might require administrative privileges. Ensure no other process is using the network interface that could interfere with packet capture.
You can use tools like nmap to generate traffic for testing your NIDS. For example, in a separate terminal window, you can run: nmap -sS <your_local_ip> This will simulate a SYN scan, and your NIDS should detect it as a potential intrusion.