{"id":28380913,"url":"https://github.com/wizardoftrap/network-anomaly-detection","last_synced_at":"2025-07-14T23:08:48.265Z","repository":{"id":289282989,"uuid":"970734194","full_name":"wizardoftrap/Network-Anomaly-Detection","owner":"wizardoftrap","description":"This project presents a machine learning pipeline for Network Anomaly Detection, leveraging the power of Random Forests to identify malicious activities in network traffic. The system is trained on the refined NSL-KDD dataset and can perform both binary and multi-class classification of network intrusions.","archived":false,"fork":false,"pushed_at":"2025-04-22T13:18:21.000Z","size":152,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-25T01:44:02.235Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wizardoftrap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-22T13:06:33.000Z","updated_at":"2025-05-25T12:11:45.000Z","dependencies_parsed_at":"2025-04-22T14:26:18.649Z","dependency_job_id":"83b1a837-4ffd-4df8-a12c-571e75bbd379","html_url":"https://github.com/wizardoftrap/Network-Anomaly-Detection","commit_stats":null,"previous_names":["wizardoftrap/network-anomaly-detection"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/wizardoftrap/Network-Anomaly-Detection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wizardoftrap%2FNetwork-Anomaly-Detection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wizardoftrap%2FNetwork-Anomaly-Detection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wizardoftrap%2FNetwork-Anomaly-Detection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wizardoftrap%2FNetwork-Anomaly-Detection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wizardoftrap","download_url":"https://codeload.github.com/wizardoftrap/Network-Anomaly-Detection/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wizardoftrap%2FNetwork-Anomaly-Detection/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265365699,"owners_count":23753379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-30T03:30:21.558Z","updated_at":"2025-07-14T23:08:48.241Z","avatar_url":"https://github.com/wizardoftrap.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Network Anomaly Detection using Random Forests\n\n## 📌 Project Overview\n\nThis project presents a machine learning pipeline for **Network Anomaly Detection**, leveraging the power of **Random Forests** to identify malicious activities in network traffic. The system is trained on the refined **NSL-KDD** dataset and can perform both **binary** and **multi-class classification** of network intrusions.\n\nThe goal is to develop a model that not only flags anomalous behavior but also **categorizes specific attack types**, offering actionable insights for cybersecurity operations.\n\n---\n\n## 🧠 Problem Statement\n\nTraditional security systems often fail to adapt to evolving threats. Anomaly detection provides a **data-driven approach** that learns normal network behavior and flags deviations, potentially catching zero-day attacks or subtle intrusions. However, accurate detection in high-dimensional data spaces remains a challenge.\n\nThis project addresses that challenge by:\n- Applying a robust ensemble algorithm (Random Forest)\n- Utilizing a curated dataset (NSL-KDD)\n- Enhancing detection granularity through **multi-class labeling**\n\n---\n\n## 🔍 Dataset: NSL-KDD\n\nThe **NSL-KDD** dataset is a cleaned and balanced version of the KDD Cup 1999 dataset. It removes redundant instances and resolves class imbalance issues, making it ideal for evaluating anomaly detection models.\n\n- **Data Composition:**\n  - Normal Traffic\n  - Malicious Activities categorized into four primary attack classes:\n    - **DoS** (Denial of Service): `neptune`, `smurf`, etc.\n    - **Probe** (Reconnaissance): `satan`, `ipsweep`, etc.\n    - **Privilege Escalation**: `buffer_overflow`, etc.\n    - **Access Attacks**: `guess_passwd`, etc.\n\n---\n\n## 🧪 Approach\n\n### 1. **Preprocessing**\n- Feature encoding (categorical to numerical)\n- Normalization and feature scaling\n- Label transformation for binary and multi-class tasks\n\n### 2. **Modeling with Random Forest**\n- **Bootstrapping**: Training multiple trees on random data samples\n- **Feature Randomization**: Enhancing diversity and generalization\n- **Voting Mechanism**:\n  - **Binary**: Normal vs Attack\n  - **Multi-class**: DoS, Probe, Privilege Escalation, Access\n\n### 3. **Evaluation Metrics**\n- Accuracy\n- Precision, Recall, F1-Score\n- Confusion Matrix\n\n---\n\n## 🛠️ Tech Stack\n\n| Component      | Tool/Library         |\n|----------------|----------------------|\n| Language       | Python 3.x           |\n| ML Model       | Random Forest (scikit-learn) |\n| Data Handling  | Pandas, NumPy        |\n| Visualization  | Matplotlib, Seaborn  |\n| Dataset Source | NSL-KDD              |\n\n---\n\n## 📊 Results\n\n- Robust detection of anomalies under both binary and multi-class settings.\n- Reduced overfitting and improved generalization using Random Forests.\n- Ability to distinguish among attack categories, not just binary anomaly detection.\u003cbr\u003e\n**Validation Set Evaluation:** \u003cbr\u003e\n-Accuracy: 0.9950\u003cbr\u003e\n-Precision: 0.9949\u003cbr\u003e\n-Recall: 0.9950\u003cbr\u003e\n-F1-Score: 0.9949\u003cbr\u003e\n![Confusion Matrix for Validation set](validation.png)\u003cbr\u003e\n**Test Set Evaluation:** \u003cbr\u003e\n-Accuracy: 0.9949\u003cbr\u003e\n-Precision: 0.9947\u003cbr\u003e\n-Recall: 0.9949\u003cbr\u003e\n-F1-Score: 0.9947\u003cbr\u003e\n![Confusion Matrix for Test set](test.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwizardoftrap%2Fnetwork-anomaly-detection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwizardoftrap%2Fnetwork-anomaly-detection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwizardoftrap%2Fnetwork-anomaly-detection/lists"}