| | --- |
| | license: cc-by-nc-4.0 |
| | language: |
| | - en |
| | - de |
| | metrics: |
| | - accuracy |
| | - f1 |
| | - precision |
| | - recall |
| | - roc_auc |
| | tags: |
| | - IDS, |
| | - SecIDS-CNN |
| | - Cybersecurity |
| | - automotive |
| | - pi |
| | - jetson |
| | - CNN |
| | - fast |
| | - small |
| | --- |
| | |
| | # SecIDS-CNN: Advanced Convolutional Neural Network for Intrusion Detection in Cybersecurity and Automotive Applications |
| |
|
| |
|
| | ### Model Description |
| |
|
| | SecIDS-CNN is a high-performance Convolutional Neural Network (CNN) model developed specifically for Intrusion Detection Systems (IDS) in cybersecurity and automotive network applications. Leveraging temporal patterns in network traffic, SecIDS-CNN identifies and classifies malicious activity with high accuracy, designed to meet the real-time security demands of vehicular and automotive networks. This model supports proactive threat mitigation, helping to protect in-vehicle and connected systems against cyber threats that could impact operational safety. |
| |
|
| | - **Developed by:** Keyvan Hardani |
| | - **Model Type:** Convolutional Neural Network (CNN) for Intrusion Detection |
| | - **Languages:** English, German |
| | - **License:** Creative Commons Attribution Non Commercial 4.0 (cc-by-nc-4.0) |
| | - **Finetuned from model:** None |
| |
|
| | ### Model Sources |
| |
|
| | - **Repository:** https://github.com/Keyvanhardani/SecIDS-CNN.git |
| |
|
| | ## Uses |
| |
|
| | ### Direct Use |
| |
|
| | SecIDS-CNN can be directly deployed for real-time intrusion detection within cybersecurity monitoring systems. Its design supports seamless integration into automotive communication networks, enabling anomaly detection within complex, connected vehicular systems. |
| |
|
| | ### Downstream Use |
| |
|
| | Potential applications include broader network monitoring platforms and integrated security systems in automotive and connected vehicle environments. |
| |
|
| | ### Out-of-Scope Use |
| |
|
| | SecIDS-CNN is not suited for non-network data or applications outside the network security and automotive domains. Misuse may include attempts to deploy it in systems without real-time requirements or in unrelated cybersecurity needs. |
| |
|
| | ## Bias, Risks, and Limitations |
| |
|
| | SecIDS-CNN, while highly accurate, may have a minor bias toward benign traffic when optimized for recall, which could lead to rare false negatives. Additionally, its effectiveness depends on access to live network data, essential for real-time intrusion detection. |
| |
|
| | ### Recommendations |
| |
|
| | Users should be aware of the model’s optimal use cases in real-time network environments and its limitations in handling unrelated or non-automotive network types. |
| |
|
| |
|
| | ## How to Get Started with SecIDS-CNN |
| |
|
| | To get started with SecIDS-CNN, you can import the model and use it in your Python project. Follow the steps below: |
| |
|
| | ### Step 1: Install Dependencies |
| |
|
| | Clone the repository and install the necessary dependencies: |
| |
|
| | ```bash |
| | git clone https://github.com/Keyvanhardani/SecIDS-CNN.git |
| | cd SecIDS-CNN |
| | pip install -r requirements.txt |
| | ``` |
| |
|
| | ### Step 2: Import the Model |
| |
|
| | Once dependencies are installed, you can import the model into your Python project: |
| |
|
| | ```python |
| | from secids_cnn import SecIDSModel |
| | ``` |
| |
|
| | ### Step 3: Load and Use the Model |
| |
|
| | To evaluate SecIDS-CNN’s real-time detection on sample network traffic data: |
| |
|
| | ```python |
| | # Initialize the model |
| | model = SecIDSModel() |
| | |
| | # Load your network traffic data (example) |
| | data = load_network_data('path/to/your/data.csv') |
| | |
| | # Make predictions |
| | predictions = model.predict(data) |
| | |
| | # Output results |
| | print("Intrusion Detection Results:", predictions) |
| | ``` |
| |
|
| | This setup allows you to test SecIDS-CNN on provided sample data or integrate it into larger projects for real-time intrusion detection. |
| |
|
| | ## Training Details |
| |
|
| | ### Training Data |
| |
|
| | The dataset for SecIDS-CNN consists of labeled network traffic, distinguishing between benign and malicious activity. It includes data from general network and automotive sources, with features capturing packet flows, timing, and network behavior. |
| |
|
| | ### Training Procedure |
| |
|
| | The model’s training pipeline encompasses data preprocessing, feature extraction, and training on temporal network data patterns. |
| |
|
| | #### Training Hyperparameters |
| |
|
| | - **Precision Type:** FP32 |
| | - **Batch Size:** 32 |
| | - **Epochs:** 50 |
| |
|
| | ### Compute Requirements |
| |
|
| | SecIDS-CNN was trained on a multi-GPU setup, with optimizations for real-time performance in security-critical applications. |
| |
|
| | ## Evaluation |
| |
|
| | ### Testing Data and Metrics |
| |
|
| | #### Testing Data |
| |
|
| | The model was evaluated on a balanced set of benign and malicious network traffic records, sourced from both general cybersecurity and automotive domains. |
| |
|
| | #### Metrics |
| |
|
| | SecIDS-CNN’s evaluation included accuracy, precision, recall, F1-score, ROC curve, and AUC, chosen for their relevance to classification performance in security applications. |
| |
|
| | ### Results |
| |
|
| | - **Accuracy:** 97.72% |
| | - **Precision:** 97.74% |
| | - **Recall:** 97.72% |
| | - **F1-Score:** 0.9772 |
| |
|
| | SecIDS-CNN demonstrated high reliability, achieving almost 98% accuracy in intrusion detection and benign traffic classification. |
| |
|
| | ## Model Examination |
| |
|
| | Feature importance was analyzed using SHAP (SHapley Additive exPlanations) to gain insight into feature contributions. This interpretability measure supports transparency and offers guidance for refining the model for intrusion detection. |
| |
|
| | - **Top Features:** Packet_Length_Mean, Flow_Duration |
| | - **Least Impactful Features:** Bwd_Packet_Length_Mean, Idle_Mean |
| | |
| | ## Environmental Impact |
| | |
| | The estimated carbon footprint for training SecIDS-CNN was calculated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute). |
| | |
| | - **Hardware:** Multi-GPU setup (NVIDIA RTX 4070, RTX 4090Ti) |
| | - **Training Duration:** |
| | |
| | Batch Size: 32 |
| | Epochs: 50 |
| | Training Duration: ~72 hours on RTX 4090Ti |
| | Emissions: ~15 kg CO₂ |
| | |
| | ## Technical Specifications |
| | |
| | ### Model Architecture |
| | |
| | SecIDS-CNN utilizes a multi-layer convolutional architecture, optimized for high-throughput analysis of network traffic data, with an emphasis on capturing time-based patterns. |
| | |
| | ### Compute Infrastructure |
| | |
| | - **Software:** TensorFlow, Python, Keras |
| | |
| | ### Supported Hardware |
| | |
| | This model is lightweight and versatile for inference across a wide range of hardware, including: |
| | |
| | - **CPUs**: Compatible with standard CPUs, allowing easy deployment on nearly any system. |
| | - **GPUs**: Optimized for all GPUs (primarily used for training), but also enables faster inference if needed. |
| | - **Microcontrollers and Edge Devices**: With a small model size (~700 KB), it supports microprocessors and edge devices, such as Raspberry Pi, NVIDIA Jetson Nano, and other embedded systems. |
| | |
| | This compatibility ensures flexibility for various applications in automotive and cybersecurity environments. |
| | |
| | ## Citation |
| | |
| | **BibTeX:** |
| | |
| | ```bibtex |
| | @misc{secids-cnn, |
| | author = {Keyvan Hardani}, |
| | title = {SecIDS-CNN: Advanced Convolutional Neural Network for Intrusion Detection}, |
| | year = {2023}, |
| | note = {Available under CC BY-NC 4.0} |
| | } |
| | @misc {keyvan_hardani_2024, |
| | author = { {Keyvan Hardani} }, |
| | title = { SecIDS-CNN (Revision 5daf4a4) }, |
| | year = 2024, |
| | url = { https://huggingface.co/Keyven/SecIDS-CNN }, |
| | doi = { 10.57967/hf/3351 }, |
| | publisher = { Hugging Face } |
| | } |
