A simple Intrusion Detection System (IDS) using machine learning algorithms, specifically Random Forest, Logistic Regression, and K-Nearest Neighbors. The integration of a heatmap (from Seaborn) and the machine learning models contributes to the threat detection process. Here's how the code works in detecting threats:
Dataset Loading and Preprocessing: The code loads a dataset containing various features related to network traffic, including information about packet sizes, window sizes, and timestamps. The dataset is preprocessed by sorting it based on timestamps and removing unnecessary columns. Machine Learning Model Training:
Three machine learning models are trained on the dataset: Random Forest Classifier (RandomForestClassifier) Logistic Regression (LogisticRegression) K-Nearest Neighbors (KNeighborsClassifier) Model Evaluation:
The models are evaluated using metrics such as accuracy, precision, recall, and F1 score. These metrics provide insights into how well each model is performing. Heatmap Visualization:The confusion matrices of the machine learning models are visualized using heatmaps. Heatmaps are useful for understanding the distribution of true positive, true negative, false positive, and false negative predictions. This visualization helps in assessing how well the models are classifying threats and non-threats.
Combining Predictions:The predictions of the three models are combined to make a final decision. If at least two out of the three models predict a threat, the combined prediction is considered a threat. This is done to potentially improve the overall detection accuracy and reduce false positives or false negatives.
User Feedback:The user is provided with feedback based on the combined predictions. If any of the combined predictions indicate a threat, the system displays "Threat detected!" Otherwise, it displays "The system is safe. No threats and intrusion detected. :)"
Graphical User Interface (GUI): The results, including model performance statements and confusion matrix plots, are displayed in a Tkinter GUI. This makes it user-friendly and accessible for individuals who may not be familiar with programming or machine learning.
The code integrates machine learning models with visualization tools (heatmaps) to create a system capable of detecting threats in network traffic data.