MACHINE LEARNING / IDS / NSL-KDD

Neural Network Intrusion Detection

Confusion Matrix Output

Confusion Matrix: Visualizing True vs False Positives

ROC Curve Output

ROC Curve: Measuring Model Performance

The Concept

Traditional Intrusion Detection Systems (IDS) rely on signatures—they look for known attack patterns. However, they fail against zero-day exploits or novel attacks.


This project implements a Neural Network (Multi-Layer Perceptron) capable of "Anomaly Detection." By training on the NSL-KDD dataset, the model learns the mathematical baseline of "normal" network traffic and flags deviations, allowing it to catch attacks it has never seen before.

The Architecture

I utilized the Scikit-Learn MLPClassifier to build a Feed-Forward Neural Network. The data was preprocessed using One-Hot Encoding for categorical features (like protocol type) and Standard Scaling for numerical consistency.

# Neural Network Configuration 
mlp = MLPClassifier(
    hidden_layer_sizes=(100, 80),  # Input -> 100 Neurons -> 80 Neurons -> Output
    max_iter=1000,                 # High iteration for convergence
    random_state=4
)

mlp.fit(x_train_scaled, y_train)

Performance Metrics:

  • Accuracy: ~99.5% (Based on Test Set)
  • False Positive Rate: Optimized via ROC analysis.
  • Preprocessing: Robust handling of categorical network flags using OneHotEncoder.

Interested in the source code?


View Code on GitHub