Hugging Face's logo

cathrica
/
deep-learning-project

ml-intern
Model card Files
xet
 Community
deep-learning-project
File size: 4,962 Bytes
d8406e4
 
 
 
38955fe
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
d8406e4
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
---
tags:
- ml-intern
---
# Explainable Intrusion Detection System (X-IDS)

**ICCN-INE2 Deep Learning Project β€” Project 5: Explainable IDS**

## Project Overview

This project builds an Intrusion Detection System using deep learning on the NSL-KDD dataset, then applies post-hoc explainability methods (SHAP, LIME) to make decisions interpretable. We evaluate explanation stability and analyze security implications of exposing model explanations.

## Core Research Question

> *Can we make IDS decisions interpretable without compromising detection performance, and are these explanations stable enough to be trusted in security-critical settings?*

## Repository Structure

```
.
β”œβ”€β”€ README.md                          # This file
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ project_plan.md                # Detailed project plan & methodology
β”‚   β”œβ”€β”€ threat_model.md                # Threat model document
β”‚   └── architecture.md                # Model architecture & design choices
β”œβ”€β”€ data/
β”‚   └── preprocess.py                  # Data loading & preprocessing pipeline
β”œβ”€β”€ models/
β”‚   β”œβ”€β”€ mlp_baseline.py                # MLP baseline model
β”‚   β”œβ”€β”€ lstm_model.py                  # LSTM variant
β”‚   └── cnn1d_model.py                 # 1D-CNN variant
β”œβ”€β”€ explainability/
β”‚   β”œβ”€β”€ shap_analysis.py               # SHAP explanations
β”‚   β”œβ”€β”€ lime_analysis.py               # LIME explanations
β”‚   └── stability_eval.py             # Explanation stability evaluation
β”œβ”€β”€ experiments/
β”‚   β”œβ”€β”€ train_baseline.py              # Training script
β”‚   β”œβ”€β”€ run_explainability.py          # Run all XAI methods
β”‚   └── run_stability.py              # Stability evaluation experiments
β”œβ”€β”€ results/                           # Generated results (figures, metrics)
β”œβ”€β”€ requirements.txt                   # Dependencies
└── reproduce.sh                       # One-command reproducibility script
```

## Quick Start

```bash
# Install dependencies
pip install -r requirements.txt

# Reproduce all experiments
bash reproduce.sh

# Or run step by step:
python data/preprocess.py              # Download & preprocess NSL-KDD
python experiments/train_baseline.py   # Train 3 models (MLP, LSTM, CNN)
python explainability/shap_analysis.py # SHAP + LIME analysis
python explainability/stability_eval.py # Stability evaluation
```

## Dataset

**NSL-KDD** (Network Security Laboratory - KDD) β€” an improved version of KDD Cup 99.
- Source: [UNB Canadian Institute for Cybersecurity](https://www.unb.ca/cic/datasets/nsl.html)
- HF Hub: [`Mireu-Lab/NSL-KDD`](https://huggingface.co/datasets/Mireu-Lab/NSL-KDD)
- Train: 151,165 records | Test: 34,394 records
- 41 features (3 categorical + 38 numerical)
- Binary classification: Normal vs Anomaly
- 5-class: Normal, DoS, Probe, R2L, U2R

## Models

| Model | Architecture | Parameters |
|-------|-------------|------------|
| MLP | 41β†’256β†’128β†’64β†’2 with BatchNorm + Dropout | ~50K |
| LSTM | 41-step sequence β†’ 2-layer LSTM(64) β†’ FC(2) | ~35K |
| 1D-CNN | Conv1d(64)→Conv1d(128)→AvgPool→FC(2) | ~45K |

## Explainability Methods

- **SHAP** (SHapley Additive exPlanations): KernelExplainer (model-agnostic)
- **LIME** (Local Interpretable Model-agnostic Explanations): Tabular explainer with perturbation sampling

## Evaluation Metrics

- **Classification**: Precision, Recall, F1-Score (per-class + weighted), PR-AUC, ROC-AUC
- **Explanation Quality**: Faithfulness (feature masking), Sensitivity (SENS_MAX), Stability (PCC across perturbations)

## Reproducibility

- Random seed: 42 (fixed across all experiments)
- Python 3.10+ | PyTorch 2.x | scikit-learn 1.x
- All preprocessing steps documented
- Commands in `reproduce.sh`

## References

1. Tavallaee et al. (2009). *A Detailed Analysis of the KDD CUP 99 Data Set.* IEEE Symposium on CISDA.
2. Lundberg & Lee (2017). *A Unified Approach to Interpreting Model Predictions.* NeurIPS.
3. Ribeiro et al. (2016). *"Why Should I Trust You?": Explaining the Predictions of Any Classifier.* KDD.
4. Huang et al. (2022). *SAFARI: Versatile and Efficient Evaluations for Robustness of Interpretability.* ICCV.

## Author

ICCN-INE2 Student Project

<!-- ml-intern-provenance -->
## Generated by ML Intern

This model repository was generated by [ML Intern](https://github.com/huggingface/ml-intern), an agent for machine learning research and development on the Hugging Face Hub.

- Try ML Intern: https://smolagents-ml-intern.hf.space
- Source code: https://github.com/huggingface/ml-intern

## Usage

```python
from transformers import AutoModelForCausalLM, AutoTokenizer

model_id = 'cathrica/deep-learning-project'
tokenizer = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(model_id)
```

For non-causal architectures, replace `AutoModelForCausalLM` with the appropriate `AutoModel` class.