Live AI-IDS is a machine learning-based network intrusion detection system that captures and analyzes network traffic in real-time to detect potential attacks.
- Real-time Network Traffic Analysis: Captures and processes network packets as they occur
- Deep Learning-based Detection: Uses a Deep Concatenated CNN architecture for accurate attack classification
- Multi-platform Support: Works on macOS (including Apple Silicon) and Linux/Windows with CUDA support
- Customizable Training: Train on your own network traffic to detect specific attack patterns
- Detailed Alerts: Provides comprehensive information about detected threats
- Python 3.8+
- PyTorch 1.13.0+
- Scapy 2.4.5+
- For GPU acceleration:
- NVIDIA GPU with CUDA support, or
- Apple Silicon Mac (M1/M2/M3) for MPS acceleration
-
Clone the repository:
git clone https://github.com/yourusername/live-ai-ids.git cd live-ai-ids -
Install dependencies:
pip install -r requirements.txt
Note for GPU users:
- For NVIDIA GPUs, install the appropriate CUDA-enabled PyTorch version:
# Example for CUDA 11.7 pip install torch==1.13.0+cu117 -f https://download.pytorch.org/whl/cu117/torch_stable.html - For Apple Silicon Macs, ensure you have PyTorch 2.0.0+ for optimal MPS support:
pip install torch>=2.0.0
- For NVIDIA GPUs, install the appropriate CUDA-enabled PyTorch version:
To train a model on your network traffic:
python train_model.py --duration 300 --save-dataThis will:
- Capture 5 minutes of normal network traffic
- Extract features from the captured packets
- Train a model on this data
- Save the model to
models/final_model.pt
--duration SECONDS: Duration to capture benign traffic (default: 300)--attack-duration SECONDS: Duration to capture attack traffic (default: 0)--interface INTERFACE: Network interface to capture from--save-data: Save captured data to CSV files--load-data FILE: Load data from a CSV file instead of capturing--epochs N: Number of training epochs--batch-size N: Batch size for training--learning-rate RATE: Learning rate for training
To start real-time intrusion detection:
python live_ids.pyThis will:
- Load the trained model
- Start capturing network traffic
- Analyze packets in real-time
- Alert when potential attacks are detected
To run basic tests to verify system functionality:
python test_system.pyThe system automatically detects and uses available GPU acceleration:
- On systems with NVIDIA GPUs, CUDA will be used if available
- On Apple Silicon Macs, Metal Performance Shaders (MPS) will be used if available
- If no GPU acceleration is available, the system will fall back to CPU
You can see which device is being used in the console output when training or running detection.
live_ids.py: Main script for real-time detectiontrain_model.py: Script for training a new modeltest_system.py: Script for testing system componentssrc/: Source code modulesdata_processor.py: Packet capture and feature extractionmodel.py: Neural network architecturetrainer.py: Model training functionalitydetector.py: Real-time detection engineutils.py: Utility functions
models/: Saved models and related filesdata/: Training dataresults/: Training results and logs
This project is licensed under the MIT License - see the LICENSE file for details.