ShieldAI - Network Intrusion Detection System

ShieldAI IDS is a Flask web app using XGBoost to detect 15 network attack types from CICIDS2017 traffic with 99.89% accuracy.

Comment

Inspiration

Cyberattacks are growing in scale and sophistication, yet many organizations still rely on outdated intrusion detection systems. I wanted to build a modern, ML‑powered IDS that can classify diverse attack types quickly and accurately, using real traffic data from the CICIDS2017 dataset.

What it does

  • Upload CICIDS2017 format CSVs of network traffic flows
  • Classify each flow as BENIGN or one of 14 attack types
  • Display results in a filterable table with confidence scores
  • Demo mode allows instant testing with preloaded sample data

How I built it

  • Backend: Python 3.14 + Flask 3.0
  • ML Models: Random Forest (baseline), XGBoost (selected)
  • Preprocessing: scikit‑learn (StandardScaler, LabelEncoder)
  • Data Handling: pandas, numpy
  • Frontend: HTML5, CSS3, Vanilla JavaScript
  • Dataset: CICIDS2017 — 2.83M records, 78 features

Challenges I ran into

  • Handling very large CSV uploads (hundreds of MBs)
  • Ensuring consistent feature columns across datasets
  • Long inference times on full CICIDS2017 files
  • Managing environment dependencies across different laptops

Accomplishments that I m proud of

  • Achieved near‑perfect performance with XGBoost: Accuracy= 99.89% , F1 = 99.88%
  • Built a clean, user‑friendly web interface with demo mode
  • Packaged the project with reproducible setup and clear documentation
  • Detected 15 distinct attack categories with high precision and recall

What I learnt

  • Consistency in preprocessing (scaler + label encoder) is critical
  • Deploying ML models in Flask requires balancing speed vs accuracy
  • Documentation and demo videos are essential for hackathon submissions
  • Large datasets demand careful optimization for usability

What's next for ShieldAI - Network Intrusion Detection System

  • Optimize inference speed with batch processing or lighter models
  • Deploy on cloud platforms for scalability and real‑time detection
  • Add live packet capture and dashboard alerts
  • Extend to other datasets (UNSW‑NB15, TON_IoT) for broader coverage
Share this project:

Updates