Course: SENG 346 – Artificial Neural Networks
Institution: OSTIM Technical University
Semester: Fall 2025
Project Type: Course Final Project
This project implements an Artificial Neural Network (ANN) for intrusion detection using the NSL-KDD dataset. The goal is to classify network traffic as either normal or malicious based on extracted features.
Intrusion Detection Systems are a critical component of modern network security. By applying machine learning techniques, especially neural networks, this project demonstrates how automated systems can detect abnormal network behavior effectively.
The NSL-KDD dataset is an improved version of the KDD Cup 1999 dataset. It was created to address redundancy and bias issues present in the original dataset.
Key characteristics:
- Network connection records
- 41 input features
- One target class label
- Binary classification: Normal vs Attack
The dataset used in this project includes:
- KDDTrain+.arff for training
- KDDTest+.arff for testing
Both datasets were converted to CSV format during preprocessing.
Before training the model, the following preprocessing steps were applied:
- Conversion of ARFF files to CSV format
- Encoding of categorical features
- Feature normalization
- Label conversion to binary format
- Splitting data into training and validation sets
These steps ensure the model receives clean and consistent input data.
An Artificial Neural Network was designed for binary classification with the following structure:
- Input layer corresponding to the number of input features
- Multiple hidden layers with nonlinear activation functions
- Output layer with a sigmoid activation function
The model was trained using:
- Adam optimizer
- Binary cross-entropy loss function
- Early stopping to reduce overfitting
Figure 2 in the report illustrates the ANN architecture used in this project.
The ANN was trained on the NSL-KDD training dataset and validated during training. Validation monitoring was used to observe learning behavior and prevent overfitting.
Training accuracy was high, while testing accuracy was lower, indicating realistic generalization behavior when applied to unseen data.
The model performance was evaluated using:
- Accuracy
- Precision
- Recall
- F1-score
- Confusion Matrix
These metrics provide a comprehensive view of the model’s classification performance, especially for imbalanced datasets.
The ANN achieved strong performance on the training dataset and reasonable performance on the test dataset. The difference between training and testing results highlights the complexity of intrusion detection tasks and the importance of generalization.
Detailed results, figures, and analysis are included in the final report.
- Class imbalance in attack categories
- Limited interpretability of ANN models
- Performance depends on feature quality and preprocessing
Possible enhancements include:
- Multi-class attack classification
- Feature selection and dimensionality reduction
- Comparison with other machine learning models
- Use of deep learning architectures such as CNNs or LSTMs
ANN_Intrusion_Detection/
- data/ Dataset files
- notebooks/ Jupyter notebooks
- models/ Trained model files
- figures/ Result plots and diagrams
- README.md Project documentation
SENG 346 Course Project Team
OSTIM Technical University