Skip to content
/ IDS-System Public

πŸ›‘οΈA machine learning-based Intrusion Detection System that uses the Cowrie honeypot to collect attack data in a Debian VMware setup. Data is stored in MongoDB and analyzed using the AdaBoost algorithm βš™οΈ to detect threats. This project shows how honeypots and ML can enhance cybersecurity.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Aggushub/IDS-System

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
README.md
README.md
Β 
Β 
interceptor-ids-master.zip
interceptor-ids-master.zip
Β 
Β 

Repository files navigation

πŸ›‘οΈ Honeypot-Based Intrusion Detection System

A Machine Learning-powered Intrusion Detection System that leverages the Cowrie honeypot to log and analyze attacker behavior in a controlled environment. Built on Debian with VMware virtualization and MongoDB storage, this project uses the AdaBoost algorithm to detect anomalies and suspicious patterns in cyberattack data.

πŸ“Œ Project Overview

This IDS project is designed to monitor, log, and analyze malicious activity in a simulated network environment. By deploying Cowrie, a medium-interaction SSH and Telnet honeypot, we collect real-world attack data. The data is stored in MongoDB, preprocessed, and then classified using the AdaBoost algorithm to distinguish between benign and malicious behavior.

πŸ”§ Tech Stack

  • Virtualization: VMware Workstation
  • Operating System: Debian (Honeypot hosted)
  • Honeypot: Cowrie
  • Database: MongoDB
  • Programming Languages: Python, Bash
  • Machine Learning: AdaBoost (Scikit-learn)
  • Visualization: Matplotlib, Seaborn, Pandas

πŸ“‚ Project Structure

IDS-System

β”‚
β”œβ”€β”€ interceptor-ids-master #Zip file containing all the files
└── README.md # Project documentation

βš™οΈ Setup Instructions

1. Deploy Honeypot

  • Install and configure Cowrie on a Debian VM using VMware.
  • Ensure logging to MongoDB is correctly set.

2. Set Up MongoDB

sudo service mongod start
mongo

3. Extract and Preprocess Logs

  • Use Python scripts to pull data from MongoDB and preprocess it for training.

4. Train ML Model

python train_adaboost.py

5. Evaluate Results

  • Check classification report and confusion matrix.
  • Visualize the model’s detection capability using provided plots.

πŸ“Š Features

  • βœ… Real-time data capture from honeypot
  • βœ… Automated log extraction and parsing
  • βœ… ML-based anomaly detection
  • βœ… Detailed analytics and visualization
  • βœ… Scalable and modular architecture

πŸš€ Sample Output

  • Classification Accuracy: ~94%
  • Features Used: Command frequency, session duration, IP repetition, input entropy
  • Model Used: AdaBoost with decision stumps

🧠 Learning Outcomes

  • Hands-on experience in cybersecurity and network defense
  • Understanding of honeypots and attacker behavior
  • Applied machine learning for real-world threat detection
  • System integration using multiple technologies

πŸ“¬ Contact

Have questions or want to collaborate?
πŸ“§ Email: joel.amosphilip@example.com

πŸ”— LinkedIn: linkedin.com/in/aghu-a570b9227

About

πŸ›‘οΈA machine learning-based Intrusion Detection System that uses the Cowrie honeypot to collect attack data in a Debian VMware setup. Data is stored in MongoDB and analyzed using the AdaBoost algorithm βš™οΈ to detect threats. This project shows how honeypots and ML can enhance cybersecurity.

Topics

machine-learning cybersecurity cowrie cowrie-ssh cowrie-honeypot

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published