Machine learning intrusion detection system prototype for security research and controlled lab environments.
FortiSense is an end-to-end intrusion detection pipeline that evaluates multiple machine learning models on a KDD-style dataset and exposes a simple real-time inference interface. The project connects offline analysis to live classification to make model behaviour observable beyond static metrics.
Intrusion detection work often stops at offline evaluation. FortiSense exists to extend that workflow into a live IDS context, making model trade-offs, false positives, and operational limitations visible in practice.
- Exploratory data analysis of network traffic features
- Classical machine learning training and evaluation
- Neural network baseline modelling
- Unified model comparison using standard metrics
- Real-time intrusion detection inference
fortisense/
├── src/
│ ├── fortisense_master.py
│ ├── fortisense_eda.py
│ ├── fortisense_ml.py
│ ├── fortisense_nn.py
│ ├── fortisense_compare.py
│ ├── fortisense_server.py
│ └── fortisense_client.py
│
├── data/ # Datasets (ignored)
├── models/ # Trained artefacts and metrics (ignored)
├── README.md
└── .gitignore
Run the interactive orchestrator:
python src/fortisense_master.pyThe menu allows you to:
- Run exploratory analysis
- Train machine learning models
- Compare evaluation results
- Start the IDS server
In a second terminal, start the client:
python src/fortisense_client.pyModels are evaluated using:
- Accuracy
- Precision
- Recall
- F1-score
F1-score is used as the primary comparison metric due to class imbalance.
The real-time IDS uses pickle and a minimal TCP protocol. This design is intentionally unsafe and intended only for isolated lab environments.
Prototype research project.
MIT