---
license: cc-by-nc-4.0
language:
- en
- de
metrics:
- accuracy
- f1
- precision
- recall
- roc_auc
tags:
- IDS,
- SecIDS-CNN
- Cybersecurity
- automotive
- pi
- jetson
- CNN
- fast
- small
---

# SecIDS-CNN: Advanced Convolutional Neural Network for Intrusion Detection in Cybersecurity and Automotive Applications


### Model Description

SecIDS-CNN is a high-performance Convolutional Neural Network (CNN) model developed specifically for Intrusion Detection Systems (IDS) in cybersecurity and automotive network applications. Leveraging temporal patterns in network traffic, SecIDS-CNN identifies and classifies malicious activity with high accuracy, designed to meet the real-time security demands of vehicular and automotive networks. This model supports proactive threat mitigation, helping to protect in-vehicle and connected systems against cyber threats that could impact operational safety.

- **Developed by:** Keyvan Hardani
- **Model Type:** Convolutional Neural Network (CNN) for Intrusion Detection
- **Languages:** English, German
- **License:** Creative Commons Attribution Non Commercial 4.0 (cc-by-nc-4.0)
- **Finetuned from model:** None

### Model Sources

- **Repository:** https://github.com/Keyvanhardani/SecIDS-CNN.git

## Uses

### Direct Use

SecIDS-CNN can be directly deployed for real-time intrusion detection within cybersecurity monitoring systems. Its design supports seamless integration into automotive communication networks, enabling anomaly detection within complex, connected vehicular systems.

### Downstream Use

Potential applications include broader network monitoring platforms and integrated security systems in automotive and connected vehicle environments.

### Out-of-Scope Use

SecIDS-CNN is not suited for non-network data or applications outside the network security and automotive domains. Misuse may include attempts to deploy it in systems without real-time requirements or in unrelated cybersecurity needs.

## Bias, Risks, and Limitations

SecIDS-CNN, while highly accurate, may have a minor bias toward benign traffic when optimized for recall, which could lead to rare false negatives. Additionally, its effectiveness depends on access to live network data, essential for real-time intrusion detection.

### Recommendations

Users should be aware of the model’s optimal use cases in real-time network environments and its limitations in handling unrelated or non-automotive network types.


## How to Get Started with SecIDS-CNN

To get started with SecIDS-CNN, you can import the model and use it in your Python project. Follow the steps below:

### Step 1: Install Dependencies

Clone the repository and install the necessary dependencies:

```bash
git clone https://github.com/Keyvanhardani/SecIDS-CNN.git
cd SecIDS-CNN
pip install -r requirements.txt
```

### Step 2: Import the Model

Once dependencies are installed, you can import the model into your Python project:

```python
from secids_cnn import SecIDSModel
```

### Step 3: Load and Use the Model

To evaluate SecIDS-CNN’s real-time detection on sample network traffic data:

```python
# Initialize the model
model = SecIDSModel()

# Load your network traffic data (example)
data = load_network_data('path/to/your/data.csv')

# Make predictions
predictions = model.predict(data)

# Output results
print("Intrusion Detection Results:", predictions)
```

This setup allows you to test SecIDS-CNN on provided sample data or integrate it into larger projects for real-time intrusion detection.

## Training Details

### Training Data

The dataset for SecIDS-CNN consists of labeled network traffic, distinguishing between benign and malicious activity. It includes data from general network and automotive sources, with features capturing packet flows, timing, and network behavior.

### Training Procedure

The model’s training pipeline encompasses data preprocessing, feature extraction, and training on temporal network data patterns.

#### Training Hyperparameters

- **Precision Type:** FP32
- **Batch Size:** 32
- **Epochs:** 50

### Compute Requirements

SecIDS-CNN was trained on a multi-GPU setup, with optimizations for real-time performance in security-critical applications.

## Evaluation

### Testing Data and Metrics

#### Testing Data

The model was evaluated on a balanced set of benign and malicious network traffic records, sourced from both general cybersecurity and automotive domains.

#### Metrics

SecIDS-CNN’s evaluation included accuracy, precision, recall, F1-score, ROC curve, and AUC, chosen for their relevance to classification performance in security applications.

### Results

- **Accuracy:** 97.72%
- **Precision:** 97.74%
- **Recall:** 97.72%
- **F1-Score:** 0.9772

SecIDS-CNN demonstrated high reliability, achieving almost 98% accuracy in intrusion detection and benign traffic classification.

## Model Examination

Feature importance was analyzed using SHAP (SHapley Additive exPlanations) to gain insight into feature contributions. This interpretability measure supports transparency and offers guidance for refining the model for intrusion detection.

- **Top Features:** Packet_Length_Mean, Flow_Duration
- **Least Impactful Features:** Bwd_Packet_Length_Mean, Idle_Mean

## Environmental Impact

The estimated carbon footprint for training SecIDS-CNN was calculated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute).

- **Hardware:** Multi-GPU setup (NVIDIA RTX 4070, RTX 4090Ti)
- **Training Duration:** 

  Batch Size: 32
  Epochs: 50
  Training Duration: ~72 hours on RTX 4090Ti
  Emissions: ~15 kg CO₂

## Technical Specifications

### Model Architecture

SecIDS-CNN utilizes a multi-layer convolutional architecture, optimized for high-throughput analysis of network traffic data, with an emphasis on capturing time-based patterns.

### Compute Infrastructure

- **Software:** TensorFlow, Python, Keras

### Supported Hardware

This model is lightweight and versatile for inference across a wide range of hardware, including:

- **CPUs**: Compatible with standard CPUs, allowing easy deployment on nearly any system.
- **GPUs**: Optimized for all GPUs (primarily used for training), but also enables faster inference if needed.
- **Microcontrollers and Edge Devices**: With a small model size (~700 KB), it supports microprocessors and edge devices, such as Raspberry Pi, NVIDIA Jetson Nano, and other embedded systems.

This compatibility ensures flexibility for various applications in automotive and cybersecurity environments.

## Citation

**BibTeX:**

```bibtex
@misc{secids-cnn,
  author = {Keyvan Hardani},
  title = {SecIDS-CNN: Advanced Convolutional Neural Network for Intrusion Detection},
  year = {2023},
  note = {Available under CC BY-NC 4.0}
}
@misc {keyvan_hardani_2024,
	author       = { {Keyvan Hardani} },
	title        = { SecIDS-CNN (Revision 5daf4a4) },
	year         = 2024,
	url          = { https://huggingface.co/Keyven/SecIDS-CNN },
	doi          = { 10.57967/hf/3351 },
	publisher    = { Hugging Face }
}