A Network Intrusion Detection System (NIDS) is a cybersecurity tool designed to monitor and analyze network traffic for malicious activities or policy violations. It plays a critical role in identifying potential threats in real-time and ensuring the security of systems and data.
- Detects unauthorized access and cyberattacks.
- Helps organizations protect sensitive data and prevent breaches.
- Provides actionable insights to enhance network security.
The UNSW-NB15 dataset is a benchmark dataset for evaluating intrusion detection systems. It contains real-world network traffic data combined with synthetic attack traffic.
- Source: UNSW-NB15 Dataset
- Features: 49 features describing network traffic behavior.
- Records:
- Training set: 175,341 rows.
- Testing set: 82,332 rows.
- Classes:
0: Normal traffic.1: Attack traffic.
- The dataset is well-structured and contains no missing values.
- There are only 4 categorical features that require encoding.
- In the
train_df, there is a higher proportion of attack traffic compared to normal traffic. Conversely, thetest_dfhas more normal traffic than attacks.
- Features like
sbytesandspktsare highly correlated, indicating potential redundancy. - Many features have weak correlations with the target label (
label), suggesting they might contribute less to the classification task.
- The distribution shows the proportion of
NormalandAttacklabels in the dataset.
- A heatmap showcasing relationships between features in the dataset. Strong correlations like those between
sbytesandspktsare visible.
- Perform data preprocessing:
- Encode categorical features.
- Scale numerical features if necessary.
- Train and evaluate machine learning models.
- Fine-tune the best-performing models.
- Present final results and insights.
- UNSW-NB15 Dataset: Link to Dataset