SH119

Problem Statement: With the rapid growth of internet services, cybersecurity threats like piracy and intrusions have become more sophisticated. Traditional Intrusion Detection Systems (IDS) face challenges with high dimensional data, low accuracy, and lack of interpretability. Machine learning models, while effective, are often complex and hard to trust in critical security environments. There is a need for an efficient, accurate, and interpretable IDS to handle various attacks and improve reliability and usability. Existing Models: Traditional IDS methods like signature-based systems (e.g., Snort, Suricata) detect known attacks but fail against new threats. Anomaly-based systems flag unusual behaviour but often result in high false positives. While machine learning models (e.g., SVM, Decision Trees) improve detection, they can be slow and lack Interpretability,Accuracy and Reduced Dimentionality. Solution for the Proposed Existing Model: To overcome the drawbacks of traditional IDS methods, the proposed system combines advanced machine learning with dimensionality reduction and explainability. Principal Component Analysis (PCA) is used to reduce data complexity and improve processing speed. A Random Forest classifier is employed for its high accuracy and robustness in detecting various types of attacks. To address the lack of interpretability, Explainable AI techniques like SHAP and LIME are integrated, providing clear insights into model decisions. Tech Stack used: Machine Learning (Random Forest, Principal Component Analysis), Explainable AI (XAI), SHAP, LIME, Python, Flask, Scikit-learn, CSS3, Vanilla Javascript. Model Outcomes: The proposed Intrusion Detection System was evaluated using the NSL-KDD, detecting 23 distinct attack types grouped into four major categories: Denial of Service (DoS), Probe, Remote to Local (R2L), User to Root (U2R), along with Normal traffic. The system achieved a detection accuracy of 99.47%, demonstrating high effectiveness in identifying both known and novel attacks. • Total Attack Types Detected: 23 • Overall Accuracy: 99.47% • Training Time: 71.2 seconds • Testing Time: 0.5 seconds Detected Attack Types: • DoS: back, land, neptune • Probe: ipsweep, nmap • R2L: ftp_write, guess_passwd, imap, multihop • U2R: buffer_overflow, loadmodule • Normal: normal