A real-time Network Intrusion Detection System (NIDS) built using Python, Scapy, and Machine Learning to detect and visualize malicious network activity.
This project implements an AI-based Intrusion Detection System that captures live network packets, extracts key features, and uses machine learning models to identify suspicious or potentially malicious traffic patterns.
The system provides:
- 🔍 Real-time packet capture and logging
- 🧠 Machine Learning–based intrusion detection
- 📊 Interactive dashboard for data visualization and model metrics
- 💾 Persistent storage of historical and live session data
- 🕵️ Real-Time Packet Capture: Uses
Scapyto monitor network traffic. - 🧠 AI/ML Detection Engine: Detects anomalies using Random Forest, Decision Tree, and Logistic Regression models.
- 📊 Interactive Dashboard: Streamlit-based interface to view live stats and retrain models.
- 💾 Data Persistence: Saves and loads historical packet data for cumulative analysis.
- ⚙️ Configurable Parameters: Adjustable model depth, number of estimators, and algorithm selection.
| Component | Technology |
|---|---|
| Programming | Python 3.9+ |
| Networking | Scapy |
| Data Handling | Pandas, NumPy |
| Machine Learning | Scikit-learn |
| Visualization | Matplotlib, Seaborn |
| Dashboard | Streamlit |
| Storage | CSV Files |
Advanced_Network_Intrusion_Detection/
│
├── nids.py # Core packet capture and feature extraction
├── dashboard.py # Streamlit dashboard and ML logic
├── requirements.txt # Project dependencies
│
├── data/ # Datasets
│ ├── captured_data.csv
│ └── historical_data.csv
│
├── screenshots/
│ ├── dashboard.png
│ ├── live_capture_feature.png
│ ├── captured_data_analytics.png
│ ├── training_data_analytics.png
│ └── live_analytics.png
│
├── models/ # Trained models
│ ├── trained_model.pkl
│ └── scaler.pkl
│
├── LICENSE
└── README.md
git clone https://github.com/<adars-h-agrawal>/advanced-network-intrusion-detection.git
cd advanced-network-intrusion-detectionpip install -r requirements.txt
⚠️ Requires admin/root privileges for sniffing.
sudo python nids.py
⚠️ Requires admin/root privileges for sniffing.
sudo streamlit run dashboard.py- Run
nids.pyto capture live network packets. - The data is stored in
data/captured_data.csvand merged with historical data. - Open the dashboard with
sudo streamlit run dashboard.py. - Choose an ML model (Random Forest / Decision Tree / Logistic Regression).
- View real-time metrics — accuracy, confusion matrix, feature importance.
- Use the sidebar to clear, retrain, or test new data.
📸 Click to view screenshots
| Screenshot | Description |
|---|---|
 |
Streamlit main dashboard with live monitoring |
 |
Real-time packet capture in action |
 |
Statistical overview of captured packets |
 |
Model training data distribution visualization |
 |
Real-time ML performance analytics |
| Visualization | Description |
|---|---|
| 📈 Protocol Distribution | Shows counts of TCP, UDP, ICMP traffic |
| 🧮 Confusion Matrix | Displays model performance |
| 📉 Accuracy Trend | Monitors detection performance over time |
| 🧠 Feature Importance | Highlights key network parameters affecting prediction |
pandas==2.2.2
numpy==1.26.4
matplotlib==3.9.0
seaborn==0.13.2
scikit-learn==1.5.0
streamlit==1.37.0
scapy==2.5.0
-
Algorithms Used:
- Random Forest
- Decision Tree
- Logistic Regression
-
Data Split:
- 80% training
- 20% testing
-
Evaluation Metrics:
- Accuracy Score
- Confusion Matrix
- Classification Report
| Role | Member | Responsibilities |
|---|---|---|
| Network & Data Engineer | Pranshu Singh | Packet capture, feature extraction, and data handling |
| ML & Dashboard Engineer | Adarsh Agrawal | Model design, training, evaluation, visualization, and documentation |
- Integration with Deep Learning for advanced anomaly detection
- Multi-protocol support (ARP, DNS, HTTP)
- Automated threat response and alert notifications
- Integration with external APIs for live security threat feeds
This project is licensed under the MIT License — see the LICENSE file for details.
“Prevention is better than intrusion — stay secure, stay aware.”