Neural Network Intrusion Detection
Confusion Matrix: Visualising True vs False Positives
ROC Curve: Measuring Model Performance
The Concept
Traditional Intrusion Detection Systems (IDS) rely on signatures — they look for known attack patterns. However, they fail against zero-day exploits or novel attacks.
This project implements a Neural Network (Multi-Layer Perceptron) capable of anomaly detection. By training on the NSL-KDD dataset, the model learns the mathematical baseline of "normal" network traffic and flags deviations, allowing it to catch attacks it has never seen before.
The Architecture
I utilised the Scikit-Learn MLPClassifier to build a Feed-Forward Neural Network. The data was preprocessed using One-Hot Encoding for categorical features (like protocol type) and Standard Scaling for numerical consistency.
# Neural Network Configuration
mlp = MLPClassifier(
hidden_layer_sizes=(100, 80), # Input -> 100 -> 80 -> Output
max_iter=1000, # High iteration for convergence
random_state=4
)
mlp.fit(x_train_scaled, y_train)
Performance Metrics:
- Accuracy: ~99.5% (Based on Test Set)
- False Positive Rate: Optimised via ROC analysis.
- Preprocessing: Robust handling of categorical network flags using
OneHotEncoder.