| --- |
| license: cc-by-nc-4.0 |
| language: |
| - en |
| - de |
| metrics: |
| - accuracy |
| - f1 |
| - precision |
| - recall |
| - roc_auc |
| tags: |
| - IDS, |
| - SecIDS-CNN |
| - Cybersecurity |
| - automotive |
| - pi |
| - jetson |
| - CNN |
| - fast |
| - small |
| --- |
| |
| # SecIDS-CNN: Advanced Convolutional Neural Network for Intrusion Detection in Cybersecurity and Automotive Applications |
|
|
|
|
| ### Model Description |
|
|
| SecIDS-CNN is a high-performance Convolutional Neural Network (CNN) model developed specifically for Intrusion Detection Systems (IDS) in cybersecurity and automotive network applications. Leveraging temporal patterns in network traffic, SecIDS-CNN identifies and classifies malicious activity with high accuracy, designed to meet the real-time security demands of vehicular and automotive networks. This model supports proactive threat mitigation, helping to protect in-vehicle and connected systems against cyber threats that could impact operational safety. |
|
|
| - **Developed by:** Keyvan Hardani |
| - **Model Type:** Convolutional Neural Network (CNN) for Intrusion Detection |
| - **Languages:** English, German |
| - **License:** Creative Commons Attribution Non Commercial 4.0 (cc-by-nc-4.0) |
| - **Finetuned from model:** None |
|
|
| ### Model Sources |
|
|
| - **Repository:** https://github.com/Keyvanhardani/SecIDS-CNN.git |
|
|
| ## Uses |
|
|
| ### Direct Use |
|
|
| SecIDS-CNN can be directly deployed for real-time intrusion detection within cybersecurity monitoring systems. Its design supports seamless integration into automotive communication networks, enabling anomaly detection within complex, connected vehicular systems. |
|
|
| ### Downstream Use |
|
|
| Potential applications include broader network monitoring platforms and integrated security systems in automotive and connected vehicle environments. |
|
|
| ### Out-of-Scope Use |
|
|
| SecIDS-CNN is not suited for non-network data or applications outside the network security and automotive domains. Misuse may include attempts to deploy it in systems without real-time requirements or in unrelated cybersecurity needs. |
|
|
| ## Bias, Risks, and Limitations |
|
|
| SecIDS-CNN, while highly accurate, may have a minor bias toward benign traffic when optimized for recall, which could lead to rare false negatives. Additionally, its effectiveness depends on access to live network data, essential for real-time intrusion detection. |
|
|
| ### Recommendations |
|
|
| Users should be aware of the model’s optimal use cases in real-time network environments and its limitations in handling unrelated or non-automotive network types. |
|
|
|
|
| ## How to Get Started with SecIDS-CNN |
|
|
| To get started with SecIDS-CNN, you can import the model and use it in your Python project. Follow the steps below: |
|
|
| ### Step 1: Install Dependencies |
|
|
| Clone the repository and install the necessary dependencies: |
|
|
| ```bash |
| git clone https://github.com/Keyvanhardani/SecIDS-CNN.git |
| cd SecIDS-CNN |
| pip install -r requirements.txt |
| ``` |
|
|
| ### Step 2: Import the Model |
|
|
| Once dependencies are installed, you can import the model into your Python project: |
|
|
| ```python |
| from secids_cnn import SecIDSModel |
| ``` |
|
|
| ### Step 3: Load and Use the Model |
|
|
| To evaluate SecIDS-CNN’s real-time detection on sample network traffic data: |
|
|
| ```python |
| # Initialize the model |
| model = SecIDSModel() |
| |
| # Load your network traffic data (example) |
| data = load_network_data('path/to/your/data.csv') |
| |
| # Make predictions |
| predictions = model.predict(data) |
| |
| # Output results |
| print("Intrusion Detection Results:", predictions) |
| ``` |
|
|
| This setup allows you to test SecIDS-CNN on provided sample data or integrate it into larger projects for real-time intrusion detection. |
|
|
| ## Training Details |
|
|
| ### Training Data |
|
|
| The dataset for SecIDS-CNN consists of labeled network traffic, distinguishing between benign and malicious activity. It includes data from general network and automotive sources, with features capturing packet flows, timing, and network behavior. |
|
|
| ### Training Procedure |
|
|
| The model’s training pipeline encompasses data preprocessing, feature extraction, and training on temporal network data patterns. |
|
|
| #### Training Hyperparameters |
|
|
| - **Precision Type:** FP32 |
| - **Batch Size:** 32 |
| - **Epochs:** 50 |
|
|
| ### Compute Requirements |
|
|
| SecIDS-CNN was trained on a multi-GPU setup, with optimizations for real-time performance in security-critical applications. |
|
|
| ## Evaluation |
|
|
| ### Testing Data and Metrics |
|
|
| #### Testing Data |
|
|
| The model was evaluated on a balanced set of benign and malicious network traffic records, sourced from both general cybersecurity and automotive domains. |
|
|
| #### Metrics |
|
|
| SecIDS-CNN’s evaluation included accuracy, precision, recall, F1-score, ROC curve, and AUC, chosen for their relevance to classification performance in security applications. |
|
|
| ### Results |
|
|
| - **Accuracy:** 97.72% |
| - **Precision:** 97.74% |
| - **Recall:** 97.72% |
| - **F1-Score:** 0.9772 |
|
|
| SecIDS-CNN demonstrated high reliability, achieving almost 98% accuracy in intrusion detection and benign traffic classification. |
|
|
| ## Model Examination |
|
|
| Feature importance was analyzed using SHAP (SHapley Additive exPlanations) to gain insight into feature contributions. This interpretability measure supports transparency and offers guidance for refining the model for intrusion detection. |
|
|
| - **Top Features:** Packet_Length_Mean, Flow_Duration |
| - **Least Impactful Features:** Bwd_Packet_Length_Mean, Idle_Mean |
| |
| ## Environmental Impact |
| |
| The estimated carbon footprint for training SecIDS-CNN was calculated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute). |
| |
| - **Hardware:** Multi-GPU setup (NVIDIA RTX 4070, RTX 4090Ti) |
| - **Training Duration:** |
| |
| Batch Size: 32 |
| Epochs: 50 |
| Training Duration: ~72 hours on RTX 4090Ti |
| Emissions: ~15 kg CO₂ |
| |
| ## Technical Specifications |
| |
| ### Model Architecture |
| |
| SecIDS-CNN utilizes a multi-layer convolutional architecture, optimized for high-throughput analysis of network traffic data, with an emphasis on capturing time-based patterns. |
| |
| ### Compute Infrastructure |
| |
| - **Software:** TensorFlow, Python, Keras |
| |
| ### Supported Hardware |
| |
| This model is lightweight and versatile for inference across a wide range of hardware, including: |
| |
| - **CPUs**: Compatible with standard CPUs, allowing easy deployment on nearly any system. |
| - **GPUs**: Optimized for all GPUs (primarily used for training), but also enables faster inference if needed. |
| - **Microcontrollers and Edge Devices**: With a small model size (~700 KB), it supports microprocessors and edge devices, such as Raspberry Pi, NVIDIA Jetson Nano, and other embedded systems. |
| |
| This compatibility ensures flexibility for various applications in automotive and cybersecurity environments. |
| |
| ## Citation |
| |
| **BibTeX:** |
| |
| ```bibtex |
| @misc{secids-cnn, |
| author = {Keyvan Hardani}, |
| title = {SecIDS-CNN: Advanced Convolutional Neural Network for Intrusion Detection}, |
| year = {2023}, |
| note = {Available under CC BY-NC 4.0} |
| } |
| @misc {keyvan_hardani_2024, |
| author = { {Keyvan Hardani} }, |
| title = { SecIDS-CNN (Revision 5daf4a4) }, |
| year = 2024, |
| url = { https://huggingface.co/Keyven/SecIDS-CNN }, |
| doi = { 10.57967/hf/3351 }, |
| publisher = { Hugging Face } |
| } |
