Hugging Face's logo

Codelord01
/
multiclass_model

Keras
English
intrusion-detection
network-forensics
iot-security
cnn
lstm
multiclass-classification
cybersecurity
Model card Files
xet
Community
Codelord01 commited on
Commit
c1d13e8
·
verified ·
1 Parent(s): 7e73fe5

Create README.md

Browse files
Files changed (1) hide show
  1. README.md +86 -0
README.md ADDED
@@ -0,0 +1,86 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ license: apache-2.0
3
+ language: en
4
+ library_name: keras
5
+ tags:
6
+ - intrusion-detection
7
+ - network-forensics
8
+ - iot-security
9
+ - cnn
10
+ - lstm
11
+ - multiclass-classification
12
+ - cybersecurity
13
+ datasets:
14
+ - CICIoT2023
15
+ ---
16
+
17
+ # Multiclass Network Forensic Intrusion Detection System
18
+
19
+ A hybrid **CNN-LSTM** model for fine-grained, multiclass intrusion detection.
20
+ It serves as a detailed forensic tool to classify network attacks into 25 distinct categories.
21
+
22
+ ## Model Description
23
+ This model acts as a "second-stage" analysis tool. After an initial threat is detected (e.g., by a binary IDS), it identifies the specific nature of the attack.
24
+
25
+ - **Architecture:** `Conv1D -> ... -> LSTM -> Dense -> Dense (Softmax)`
26
+ - **Dataset:** CICIoT2023 curated subset
27
+ - **Performance:** 97% accuracy on the 25-class classification task
28
+
29
+ ## Intended Use
30
+ - **Primary Use:** Identify the type of network attack for forensic analysis.
31
+ - **Input:** `(batch_size, 10, 46)` — 46 normalized network features
32
+ - **Output:** Softmax probabilities over 25 classes; highest probability indicates the predicted class
33
+
34
+ ## How to Use
35
+ ```python
36
+ import tensorflow as tf
37
+ import numpy as np
38
+ from huggingface_hub import hf_hub_download
39
+
40
+ # Download the model
41
+ MODEL_PATH = hf_hub_download("Codelord01/multiclass_model", "multiclass_model.keras")
42
+ model = tf.keras.models.load_model(MODEL_PATH)
43
+ model.summary()
44
+
45
+ # Define class names in the order used during training
46
+ CLASS_NAMES = [
47
+ 'BenignTraffic', 'DDoS-ACK_Fragmentation', 'DDoS-HTTP_Flood', 'DDoS-ICMP_Flood',
48
+ 'DDoS-ICMP_Fragmentation', 'DDoS-PSHACK_Flood', 'DDoS-RSTFINFlood', 'DDoS-SYN_Flood',
49
+ 'DDoS-SlowLoris', 'DDoS-SynonymousIP_Flood', 'DDoS-TCP_Flood', 'DDoS-UDP_Flood',
50
+ 'DDoS-UDP_Fragmentation', 'DNS_Spoofing', 'DoS-HTTP_Flood', 'DoS-SYN_Flood',
51
+ 'DoS-TCP_Flood', 'DoS-UDP_Flood', 'MITM-ArpSpoofing', 'Mirai-greeth_flood',
52
+ 'Mirai-greip_flood', 'Mirai-udpplain', 'OtherAttack', 'Recon-HostDiscovery',
53
+ 'VulnerabilityScan'
54
+ ]
55
+
56
+ # Sample input: 1 sample, 10 timesteps, 46 features
57
+ sample_data = np.random.rand(1, 10, 46).astype(np.float32)
58
+
59
+ # Make a prediction
60
+ prediction_probs = model.predict(sample_data)
61
+ predicted_index = np.argmax(prediction_probs)
62
+ predicted_class = CLASS_NAMES[predicted_index]
63
+ confidence = prediction_probs[predicted_index]
64
+
65
+ print(f"Predicted Attack Type: {predicted_class}")
66
+ print(f"Confidence: {confidence:.4f}")
67
+
68
+ ## Limitations
69
+ - Validated only on CICIoT2023-like traffic
70
+ - Input must be normalized
71
+ - CLASS_NAMES must match training order
72
+
73
+ ## Training Information
74
+ - Optimizer: Adam
75
+ - Loss: Categorical Cross-Entropy
76
+ - 25-class balanced dataset
77
+
78
+
79
+ @mastersthesis{ababio2025multilayered,
80
+ title={A Multi-Layered Hybrid Deep Learning Framework for Cyber-Physical Intrusion Detection in Climate-Monitoring IoT Systems},
81
+ author={Awuni David Ababio},
82
+ year={2025},
83
+ school={Kwame Nkrumah University of Science and Technology}
84
+ }
85
+
86
+