AI-powered Intrusion Detection
Detecting network anomalies with ML models trained on NSL-KDD and CICIDS datasets.
This lab compares supervised and unsupervised approaches for intrusion detection systems (IDS), leveraging classic datasets such as NSL-KDD and CICIDS2017. It focuses on model explainability and operational metrics — such as false positives and recall — to evaluate practical SOC-level detection efficiency.
Tech Stack
- Python · Scikit-learn · XGBoost
- PyTorch Autoencoders for anomaly detection
- Streamlit dashboard for metrics and confusion matrices
Example (Autoencoder anomaly score)
# Compute reconstruction error as anomaly score
recon = model(x_batch)
scores = torch.mean((x_batch - recon)**2, dim=(1,2,3))
Project Highlights
- Feature Engineering: One-hot encoding, normalization, and imbalance handling via SMOTE.
- Model Comparison: Evaluate Random Forest, XGBoost, and Autoencoder-based detectors.
- Visualization: Interactive Streamlit UI for precision-recall curves and confusion matrices.
- Metrics: FPR, Recall, F1, and Area Under Precision-Recall Curve (AUPRC).