Intrusion Detection System (IDS) Project Requirements

Overview

The Intrusion Detection System (IDS) project aims to provide an efficient and scalable solution for detecting malicious network traffic patterns. It utilizes machine learning models trained on the NSL-KDD dataset and provides a user-friendly interface for visualization and analysis. The system includes a backend for processing data, generating predictions, and creating visual summaries, along with a frontend for user interaction.

---

Functional Requirements

1. Data Processing

• Input:

  • Accept uploaded CSV files containing network traffic data in the NSL-KDD dataset format.

• Preprocessing:

  • Handle missing or incorrect data gracefully.

  • Encode categorical features using one-hot encoding.

  • Scale numerical features using a pre-trained StandardScaler.

2. Machine Learning Model

• Model Details:

  • Load a pre-trained Random Forest model (Random_Forest.joblib) for classification.

• Predictions:

  • Classify network traffic into the following categories: Normal, DoS, Probe, R2L, U2R.

3. Visualization

• Graphical Representation:

  • Display results in a bar graph with:

    • X-axis labeled with traffic categories.

    • Y-axis representing the count of instances.

  • Labels for aggregated categories: “Normal Traffic” and “Malicious Traffic.”

• Summary Report:

  • Provide a numerical summary:

    • Count of normal traffic.

    • Count of all malicious traffic (aggregated).

4. Backend

• APIs:

  • /upload: Accepts file uploads and triggers processing.

  • /process: Processes uploaded data, generates predictions, and creates visual output.

• Error Handling:

  • Return appropriate error messages for:

    • Missing files.

    • Model loading issues.

    • Invalid data format.

5. Frontend

• User Interface:

  • Provide buttons to:

    • Upload files.

    • Trigger data processing.

  • Display the generated graph and summary report.

• Interactivity:

  • Ensure responsive and dynamic updates without reloading the page.

---

Non-Functional Requirements

1. Performance

• Processing Time:

  • Ensure data processing and prediction are completed within 5 seconds for datasets up to 10,000 rows.

2. Scalability

• File Size:

  • Handle CSV files up to 50 MB.

• Concurrent Users:

  • Support up to 100 simultaneous users.

3. Security

• Data Validation:

  • Validate uploaded files to prevent malicious data injections.

• Model Security:

  • Protect model files from unauthorized access.

4. Maintainability

• Code Modularity:

  • Separate concerns into distinct modules for preprocessing, model loading, and visualization.

---

Technical Requirements

1. Backend

• Programming Language: Python 3.9+

• Frameworks: Flask

• Dependencies:

  • pandas

  • numpy

  • matplotlib

  • scikit-learn

  • joblib

2. Frontend

• Framework: Next.js

• Language: TypeScript

• CSS: Tailwind CSS

3. Deployment

• Containerization: Docker

• Orchestration: Kubernetes

• Cloud: AWS (ECS Fargate, S3 for storage)

4. Infrastructure

• Tools: Terraform for IaC

• Storage: Amazon S3 for temporary file storage

---

Deliverables

1. Fully functional IDS application.

2. Dockerized backend and frontend services.

3. Kubernetes deployment manifests.

4. Documentation:

   • User guide.

   • Deployment guide.

   • Developer guide.

---

Future Enhancements

1. Add real-time traffic monitoring.

2. Support additional data formats beyond NSL-KDD.

3. Integrate advanced visualization tools (e.g., D3.js).

4. Extend model to support additional attack categories.

5. Allow users to be able to sign up and save charts and results.

6. Allow users to use common type of network data