Final YearAdvancedSecurity 20-24 weeks
Intrusion Detection System (IDS) with ML
A network intrusion detection system that captures live network traffic, extracts features, and uses a trained ML model to classify traffic as normal or attack (DoS, DDoS, port scan, brute force).
PythonScapyscikit-learnXGBoostInfluxDBGrafanaDocker
Find GitHub repos & source code →How to build it — step by step
- 1Traffic Capture: Use Scapy for packet capture; extract 80+ features per flow: packet size, flags, inter-arrival time
- 2ML Model: Train on CICIDS2017 dataset; compare Random Forest, XGBoost, and LSTM; XGBoost achieved 99.2% F1
- 3Real-time Pipeline: Process packets in sliding windows; classify flows every 5 seconds; update threat dashboard
- 4Alerting: Severity scoring for detected attacks; send alerts via email/Slack; auto-block via iptables rules
Key features to implement
- ✓Real-time packet analysis and flow classification
- ✓Detection of 6+ attack types
- ✓Live Grafana dashboard with threat heatmap
- ✓Alert escalation system (email, Slack webhook)
- ✓Automatic IP blocking for confirmed attacks
💡 Unique twist to stand out
Add "Explainable AI" using SHAP values — when an intrusion is detected, the system shows which network features triggered the alert (e.g., "unusually high SYN packet rate"), making the decision interpretable to security analysts.
🎓 What you'll learn
Network security, traffic analysis, ML for security, real-time data pipelines, and building production security tools.