RMK ENGINEERING COLLEGE

(Affiliated to Anna University, Chennai/Approved by AICTE, New Delhi/Accredited

by NAAC with A+ Grade/ An ISO 21001:2018 Certified Institution/All the Eligible
UG Programs are Accredited by NBA, New Delhi)
(AN AUTONOMOUS INSTITUTION)
R.S.M. Nagar, Kavaraipettai – 601206
Department of Information Technology

Team Name – 404 Error!

Title - Intrusion Detection System using ML

College – Velammal Engineering College

Team Members – Prasaad G, Rajakumar B

List of Content
• Abstract
• Introduction
• Literature Survey
• Problem Statement
• Proposed work
• Methodology
• Results and Discussions
• Conclusion
• References

3/17/2025 Research-X 2
Abstract
I n tod a y 's d igita l la n d sc a p e, c y b er th re a ts a re ev ol v i n g r a p i d l y , ma kin g tr a d ition a l in tr u sion
d e tec tion meth od s in su ffi c ien t. A n In tr u si on D ete c ti on S y ste m ( I D S ) u si n g Ma c h i n e Lea rn in g
( M L) en h a n c es n etw or k sec u r i ty b y a u toma ti c a l l y d ete c ti n g a n om a lies a n d m a lic iou s
a c tiv ities i n rea l-time. U n li ke r u l e -b a sed I D S , ML-d r i v e n sy ste ms l ea rn from h istori c a l d a ta ,
e n a b lin g th em to i d en tify n ov el a tta c k p a tte rn s a n d re d u c e f a l se p ositiv es.

T h i s p rojec t f oc u ses on im p lem e n ti n g a n ID S u si n g ma c h i n e l e a rn i n g a lgor ith ms to c la ssify

n e tw or k tr a ffi c a s n orm a l or ma l i c i ou s. Wi resh a r k i s u se d f or rea l -ti m e p a c ket c a p tu re, w h ile
p rep roc essin g tec h n i q u es su c h a s f e a tu re ex tr a c ti on a n d n orma l i za tion imp rov e d etec tion
a c c u r a c y.

T h e mod el is tr a in ed u sin g d a ta se ts l i ke N S L-K D D or C IC -ID S 2 0 1 7 , l ev er a gin g a lgor ith m s

su c h a s Ra n d om Forest, D ec isi on Tre e , or N e u r a l N e tw or ks f or i n tr u sion c la ssifi c a tion . By
i n tegr a tin g rea l-tim e m on itor in g a n d ML-b a se d a n a l y ti c s, th i s I D S c a n en h a n c e n etw or k
d e fen se mec h a n ism s a ga in st ev ol v i n g c y b e r a tta c ks.

3/17/2025 Research-X 3
Introduction

Cybe r threats are bec omi ng i nc reasi ngl y sophi sti cate d, maki ng tradi ti onal rule-based Intrusion
Detec ti on Systems (IDS) le ss eff ec ti ve. The se systems struggle wi th high false positives and
fail to detec t ne w attac k patterns.

Mac hi ne Learni ng (ML) e nhanc es IDS by anal yzing network traffi c , i dentifying anomalies, and
dete cti ng i ntrusi ons i n real -ti me. Unl i ke stati c rule -based methods, ML models continuously
learn, i mprovi ng ac curacy and adaptabi l i ty.

Thi s proje ct deve l ops an ML-powered IDS usi ng Wireshark for re al -time pac ket capture and
datase ts l i ke NSL-KDD for trai ni ng. By l eve ragi ng al gori thms such as Random Forest and
Neural Ne tworks, the syste m effi ci e ntly de te cts thre ats l i ke DoS attacks, brute-forc e
attempts, and mal ware i nfec ti ons, provi di ng a scal abl e and automated cybersecurity solution.

3/17/2025 Research-X 4
Literature Survey

Rese arc h on Mac hi ne Learni ng (ML)-based Intrusi on Detec tion Systems (IDS) has shown
signi fi cant i mprovements ove r tradi ti onal rul e-based methods.
Traditi onal IDS (e.g., Snort, Suri cata) re ly on si gnature s, maki ng the m ineff ec tive against zero -
day attacks.

ML-based IDS enhances de te cti on by le arni ng from traffi c patterns, reduc ing false positives.
Datase ts l i ke NSL-KDD and CIC-IDS2017 provide more real isti c attac k sc enarios.
Algori thms such as Random Forest, Dec i si on Tree s, and Neural Networks improve acc uracy,
with De ep Learni ng off e ri ng be tte r re sul ts but re qui ri ng more resourc es.

Real -ti me IDS usi ng Wireshark and ML mode ls e nhance s proac ti ve cyber threat detection.
Whi l e ML-powered IDS outperforms tradi ti onal methods, chal l e nge s like false positives and
hi gh c omputati onal c osts remai n.

3/17/2025 Research-X 5
Problem Statement

Traditi onal Intrusi on Detec tion Syste ms (IDS) rel y on rul e-base d tec hniques that struggle to
dete ct new and e vol vi ng c yber threats, l e adi ng to hi gh fal se positive rates and delayed
response ti mes. The se syste ms re qui re c onstant manual updates, making them ineffi cient in
handl i ng zero -day attacks and large-sc al e network traffi c.

Thi s proje ct ai ms to devel op a Machi ne Le arni ng (ML)-base d IDS that can analyze network
traffi c , detec t anomal i e s, and cl assi fy i ntrusi ons i n real -ti me. By l eve raging Wireshark for data
c ol l ecti on and ML al gori thms suc h as Random Fore st and Neural Networks, the system
enhance s ac c urac y, adaptabil i ty, and automati on, provi di ng a more sc alable and proac tive
c ybersec uri ty sol uti on.

3/17/2025 Research-X 6
Proposed Work
Thi s proje ct ai ms to devel op a Machine Learni ng ( ML )-based Intrusion Detection System
( IDS) for re al -ti me anomal y detec ti on i n network traffi c .

Data Coll ection

• Use Wi reshark to c apture real -ti me network pac kets.
• Uti l i ze be nchmark datasets l i ke NSL-KDD or CIC-IDS2017 for model training.

Data Preprocessi ng
• Fe ature se le cti on, normal i zati on, and handl i ng mi ssi ng val ues.
• Conve rt raw packet data i nto a structured format for ML proc essi ng.

Machine Learni ng Model Developm ent

• Trai n and test mode ls usi ng Random Forest, Dec i si on Tree s, and Neural Networks.
• Compare pe rformance metri c s li ke acc urac y, prec i si on, recal l, and F1-sc ore.

Real-Ti me Detecti on and Evaluation

• Depl oy the trai ne d model for l i ve i ntrusi on dete cti on.
• Conti nuousl y update the mode l wi th new attac k patterns for i mproved acc urac y..
3/17/2025 Research-X 7
Methodology

[Link] Coll e cti on – Capture ne twork traffi c usi ng Wi reshark and datasets like NSL-KDD.

[Link] proc essing – Sel ec t fe ature s, normal i ze data, and handl e mi ssi ng values.

[Link] Trai ni ng – Train Random Forest, De ci si on Tre e, and Neural Ne tworks on labeled data.

[Link] on De tecti on – Appl y the mode l to re al -ti me traffi c for attac k c lassifi cation.

5.E val uati on – Assess ac c urac y, prec i si on, and re cal l to opti mize performanc e.

[Link] oyment & Updates – Impl ement li ve moni toring and update models for evolving threats.

Thi s approach ensure s e ffi ci ent, adapti ve, and re al -ti me threat detec tion.

3/17/2025 Research-X 8
Results and Discussions
Re sul t

Model Pe rformance
• Random Forest ac hi eved ~98% ac curac y wi th low fal se positi ve s.
• Neural Ne tworks i mproved c ompl ex attac k de te cti on but ne eded more resourc es.

Attac k Detec ti on
• E ff ec ti vel y detec ted DoS, brute -force , and mal ware attacks.
• Some fal se posi ti ves oc curre d for rare threats.

Real -Ti me Impl ementati on

• Suc ce ssful l y proc essed li ve ne twork traffi c, de tec ti ng anomali e s i n real-time.

Di sc ussi on

• Stre ngths: Adapti ve , automate d, and more acc urate than rule -based IDS.
• Chal l enges: Ne eds more training data for rare attac ks, fal se posi ti ves need reduction.
• Future Work: Improve feature sel ec tion and i ntegrate de ep le arni ng.
3/17/2025 Research-X 9
Conclusion

Thi s proje ct demonstrate s that Machi ne Le arni ng (ML)-base d Intrusion Detection Systems (IDS)
signi fi cantl y i mprove network se curi ty by de te cti ng c yber threats i n real time. The proposed
syste m, trai ned on NSL-KDD and l i ve Wi reshark data, e ff ec ti vel y ide ntifi es various attac ks with
hi gh ac c urac y.

Key Takeaways:

• ML model s l i ke Random Forest and Ne ural Networks outperform traditional IDS in detec ting
thre ats.
• Real -ti me i mpl ementati on enhances proac ti ve sec uri ty measure s.
• Chal l enges l i ke fal se posi ti ves c an be addre ssed wi th be tte r feature selec tion and
c ontinuous le arni ng.

Overal l , ML-base d IDS off e rs a scalabl e, adapti ve , and effi ci e nt cybersec urity solution, paving
the way for future advance me nts wi th de ep l earni ng and automated threat intelligence.

3/17/2025 Research-X 10
References

[Link] fo, S. J., e t al . (2000). "Cost-based model i ng for fraud and i ntrusion detec tion." DISCEX,
IE E E .

[Link] l aee , M., e t al . (2009). "Anal ysi s of the KDD CUP 99 datase t." CISDA, IEEE.

[Link], N., & Sl ay, J. (2016). "CICIDS2017: Benc hmark datase t for IDS." ICCWS.

[Link] í a-Te odoro, P., et al . (2009). "Anomal y-based IDS: Tec hni que s & c hallenges." Computers
& Sec uri ty, E lsevi er.

[Link], K., & Mel l , P. (2007). "Guide to i ntrusi on dete cti on systems." NIST SP 800-94.

[Link], X., e t al . (2016). "A survey on ense mbl e l earni ng." Frontie rs of Computer Scienc e,
Spri nge r.

4/26/2024 Research-X 11