NIDShield is a Network Intrusion Detection System (NIDS) leveraging machine learning techniques. This system enhances traditional intrusion detection by dynamically learning from network traffic patterns. By integrating machine learning algorithms, NIDShield can adapt and identify both known and previously unknown threats.
- Machine learning-based threat detection
- Interactive web interface for monitoring and analysis
- Classification of connection attempts as normal or specific attack types
- Email alerts for detected threats with severity levels
- Historical analysis tracking and visualization
- Support for multiple file formats (.df, .json)
- Detailed traffic classification analysis
- Attack pattern visualization and reporting
- Backend: Python, Flask
- Frontend: HTML5, CSS3, JavaScript
- Machine Learning:
- Gradient Boosting Classifier (Primary Model)
- Support for other algorithms:
- Gaussian Naive Bayes (GNB)
- Decision Tree
- Random Forest
- Support Vector Machine (SVM)
- Logistic Regression
- Data Processing: Pandas, NumPy
- Visualization: Plotly
- Clone the repository:
git clone https://github.com/yourusername/NIDShield.git
cd NIDShield- Install required dependencies:
pip install -r requirements.txt- Configure email settings in
Frontend/app.py:
SMTP_SERVER = "smtp.gmail.com"
SMTP_PORT = 587
SMTP_USERNAME = "your-email@gmail.com"
SMTP_PASSWORD = "your-app-password"
ADMIN_EMAIL = "admin-email@domain.com"- Start the Flask application:
cd Frontend
python app.py-
Access the web interface at
http://localhost:3000 -
Upload network traffic data files (.df or .json format)
-
View real-time analysis results including:
- Total traffic analyzed
- Detection status
- Attack type classification
- Traffic distribution
- Historical analysis
NIDShield uses the KDD Cup 1999 dataset, a widely used benchmark dataset for network intrusion detection research. The dataset contains connection records labeled as either normal or specific attack types, including features such as:
- Duration
- Protocol type
- Service
- Flag
- Source/Destination bytes
- Network status indicators
- Traffic statistics
-
DOS (Denial of Service)
- Attempts to overwhelm system resources
- High-volume traffic patterns
-
Probe
- Network scanning and surveillance
- Information gathering attempts
-
R2L (Remote to Local)
- Unauthorized access attempts
- Credential exploitation
-
U2R (User to Root)
- Privilege escalation attempts
- System compromise attempts
- Real-time email notifications for detected threats
- Severity classification (HIGH, MEDIUM, LOW)
- Detailed attack information and timestamps
- Attack pattern analysis and reporting
- Secure file upload handling
- Input validation and sanitization
- Error handling and logging
- Session management
- Protected API endpoints
NIDShield/
├── Frontend/
│ ├── app.py # Flask application
│ ├── static/ # CSS and JavaScript files
│ ├── templates/ # HTML templates
│ ├── DF/ # Data file storage
│ └── logs/ # Analysis history
├── ML-Model/
│ └── GB # Trained Gradient Boosting model
├── requirements.txt # Project dependencies
└── README.md # Project documentation
Contributions are welcome! Please feel free to submit pull requests, report bugs, and suggest features.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- KDD Cup 1999 dataset providers
- Machine learning community
- Open source contributors
Your Name - akhilsam.v@gmail.com Project Link: https://github.com/akhilsamvarghese/NIDShield