🛡️ CyberVision IDS (Intrusion Detection System)

Intrusion Detection System (IDS) using Machine Learning

CyberVision IDS is a Python-based Intrusion Detection System with a modern GUI. It analyzes network traffic from CSV or PCAP files using machine learning models to detect anomalies and attacks in real time, generates alerts, visualizes activity, and creates detailed PDF security reports automatically.

Screenshots

📌 Introduction

CyberVision IDS is a Python-based Intrusion Detection System with a modern desktop GUI (PySide6). It analyzes network traffic data (CSV / PCAP) using Machine Learning models to detect malicious, suspicious, or anomalous activities in real time. The system is designed for educational, research, and small-scale security monitoring purposes.

❓ What is an IDS?

An Intrusion Detection System (IDS) monitors network or system activities to identify unauthorized access, attacks, or policy violations.

Types of IDS

Type	Description
Signature-based	Detects known attack patterns
Anomaly-based	Detects unusual behavior (used in CyberVision IDS)
Host-based (HIDS)	Monitors a single system
Network-based (NIDS)	Monitors network traffic

👉 CyberVision IDS is mainly a Network-based + Anomaly-based IDS.

⚙️ How CyberVision IDS Works

1. User uploads network logs (CSV / PCAP)
2. Features are extracted (for PCAP files)
3. Data is preprocessed & normalized
4. Selected ML model is trained
5. System performs real-time detection
6. Alerts & visualizations are generated
7. A PDF security report can be exported

🧠 Machine Learning Models Used

Supervised Models (Require label column)

Model	Purpose
Random Forest	High accuracy, handles complex patterns
Logistic Regression	Fast, interpretable
Naive Bayes	Lightweight, probabilistic

Unsupervised Models (No label required)

Model	Purpose
Isolation Forest	Best for anomaly detection
One-Class SVM	Detects outliers in normal traffic

📂 Supported File Types

• CSV → Pre-extracted network features
• PCAP → Raw packet captures (features extracted automatically)

✨ Features

• 📂 Upload CSV / PCAP network logs
• 🧠 Multiple ML model support
• ⚡ Real-time packet-by-packet detection
• 🚨 Alert system (HIGH severity alerts)
• 📊 Live visualization timeline
• 📈 Accuracy & evaluation metrics
• 📄 Automatic PDF report generation
• 🖥️ Modern GUI (Desktop App)
• 🧵 Background training (no UI freeze)

🧩 GUI Buttons & Their Functions

Button	Function
Upload Network Logs	Load CSV or PCAP files
Train Model	Train selected ML model
Start Detection	Begin real-time detection
Stop Detection	Stop live detection
Generate PDF Report	Export security report

🗂️ Project Folder Structure

CyberVision_IDS/

│
├── main.py # Application entry point
│
├── gui/
│ ├── dashboard.py # Main dashboard window
│ ├── model_panel.py # ML controls & detection logic
│ ├── alert_panel.py # Alert display system
│ └── visualization_panel.py # Live graphs/timeline
│
├── backend/
│ ├── feature_extraction.py # PCAP feature extraction
│ ├── data_processing.py # Preprocessing & scaling
│ ├── ml_models.py # Model training/loading
│ ├── anomaly_detection.py # Detection logic
│ ├── evaluation_metrics.py # Accuracy & confusion matrix
│ └── report_generation.py # PDF report generator
│
├── models/ # Saved ML models (.pkl)
├── reports/ # Generated PDF reports
├── datasets/ # Sample datasets
└── README.md

🛠️ Technologies Used

Technology	Purpose
Python 3.10+	Core language
PySide6 (Qt)	GUI framework
Pandas	Data handling
Scikit-learn	Machine learning
FPDF	PDF report generation
Threading	Background processing

🔧 Installation Process

1️⃣ Clone Repository

git clone https://github.com/SyedShaheerHussain/Intrusion-Detection-System-IDS-using-Machine-Learning-GUI-.git

cd Intrusion Detection System (IDS) using Machine Learning

2️⃣ Install Dependencies

pip install -r requirements.txt

Required Libraries

pandas
scikit-learn
pyside6
fpdf
numpy

▶️ How to Run

python main.py

📊 Working Flow (Step-by-Step)

1. Launch application
2. Upload dataset (CSV / PCAP)
3. Select ML model
4. Click Train Model
5. Click Start Detection
6. Observe alerts & visuals
7. Generate PDF report

📄 PDF Report Contains

• Model used
• Total records analyzed
• Total suspicious alerts
• Accuracy (if supervised)
• Timestamped filename

✅ Advantages

• Beginner-friendly IDS
• Supports multiple ML models
• Real-time visualization
• Automatic reporting
• Modular & extensible code

❌ Disadvantages

• Not production-grade IDS
• Accuracy depends on dataset quality
• Limited PCAP feature extraction
• No live network sniffing (offline only)

🚀 Future Implementations

• 🔴 Live packet sniffing (Scapy)
• 🧠 Deep Learning models (LSTM, Autoencoders)
• 🌐 Web dashboard
• 📡 Email / SMS alerts
• ☁️ Cloud deployment
• 🔐 Role-based authentication

⚠️ Important Notes

Important

This project is for educational & research purposes only Not recommended for real-world enterprise security Use only on authorized networks

📜 Disclaimer

Note

The author is not responsible for misuse of this software. Any illegal or unethical use is strictly prohibited.

⭐ Conclusion

CyberVision IDS demonstrates how Machine Learning + Python GUI can be used to build a functional Intrusion Detection System. It is ideal for students, researchers, and cybersecurity learners who want hands-on IDS experience.

📊 System Architecture & Flowchart

High-Level Architecture

+--------------------+
| User Interface |
| (PySide6 Desktop) |
+---------+----------+
|
v
+--------------------+
| Data Ingestion |
| CSV / PCAP Upload |
+---------+----------+
|
v
+-----------------------------+
| Feature Extraction Module |
| - CSV: Pandas Processing |
| - PCAP: Scapy/Tshark |
+--------------+--------------+
|
v
+-----------------------------+
| Data Preprocessing Layer |
| - Cleaning |
| - Scaling (StandardScaler) |
+--------------+--------------+
|
v
+-----------------------------+
| Machine Learning Engine |
| Supervised / Unsupervised |
+--------------+--------------+
|
v
+-----------------------------+
| Detection Engine |
| Real-time Packet Analysis |
+--------------+--------------+
|
v
+-----------------------------+
| Alerts | Visualization | |
| Reports (PDF) |
+-----------------------------+

Flowchart (Working)

1. User uploads CSV/PCAP
2. Features extracted
3. Data normalized
4. Model trained or loaded
5. Detection starts (real-time)
6. Alerts triggered
7. Results saved
8. PDF report generated

🎓 Final Year Project (FYP) Documentation

Project Title

CyberVision IDS – AI Based Intrusion Detection System

Problem Statement

Traditional IDS systems are rule-based, static and unable to detect modern or unknown attacks. There is a need for an intelligent IDS that can learn attack patterns automatically using machine learning.

Objectives

• Detect malicious network traffic
• Use ML for intelligent detection
• Support real-time monitoring
• Generate detailed reports

Scope

• Academic & research use
• Small to medium networks
• Cybersecurity education

Methodology

• Data Collection
• Feature Extraction
• Preprocessing
• Model Training
• Detection & Evaluation

🧪 Sample Dataset & Testing Guide

Sample CSV Format

src_ip	dst_ip	protocol	packet_size	duration	label
10.0.0.1	10.0.0.5	TCP	1500	0.2	Normal
192.168.1.3	8.8.8.8	UDP	3000	0.9	Attack

Label Encoding

• Normal → 1
• Attack → 0

Testing Steps

1. Upload dataset
2. Select ML model
3. Click Train Model
4. Wait for progress bar
5. Click Start Detection
6. Generate PDF report

🧠 Machine Learning Models – Explanation

1. Random Forest (Supervised)

Idea: Multiple decision trees vote for final output

Math intuition:

• Gini Index / Entropy
• Majority voting

Pros:

• High accuracy
• Handles non-linearity

Cons:

• More memory

2. Logistic Regression (Supervised)

Idea: Probability-based binary classifier

Formula:

P(y=1) = 1 / (1 + e^(-z))

Pros:

• Fast
• Interpretable

Cons:

• Linear boundaries

3. Naive Bayes

Idea: Bayes Theorem with independence assumption

Formula:

P(A|B) = P(B|A)P(A)/P(B)

Pros:

• Fast
• Good for large data

Cons:

• Assumes independence

4. Isolation Forest (Unsupervised)

Idea: Isolate anomalies using random splits

Key Concept: Anomalies are easier to isolate

Pros:

• No labels needed

Cons:

• Needs tuning

5. One-Class SVM

Idea: Learns normal boundary

Pros:

• Good for zero-day attacks

Cons:

• Slow on large datasets

🔮 Future Enhancements

• Deep Learning (LSTM, CNN)
• Live packet sniffing
• Cloud-based IDS
• SIEM integration
• Web dashboard

⭐ Support & Engagement

If you find this repository useful or insightful, please consider:

• ⭐ Starring the repository
• 🔁 Sharing it within your network
• 👤 Following my GitHub profile for future projects and updates

Your support helps drive continued innovation and open-source contributions.

— Syed Shaheer Hussain

⚠️ Disclaimer & Notes

⚠️ Educational Use Only

Note

This project is intended for academic and learning purposes. Do not deploy on production networks without security validation.

📌 Important Notes

Caution

Use labeled data for supervised models Unsupervised models detect unknown attacks Always validate dataset before training

Developed with ❤️ for Cybersecurity Learning By © Syed Shaheer Hussain

✅ End of Documentation