0

No products in the cart.

AI-Powered Intrusion Detection System (HIDS)

Home / Portfolio

Description
  • Date: 10/10/2025
  • Categories: Project

 

 

๐Ÿ” Overview

During my cybersecurity internship at DATA SOFTWARE, a Moroccan tech company specialized in IT infrastructure and cybersecurity, I had the opportunity to design, build, and deploy a cutting-edge AI-based Host Intrusion Detection System (HIDS).

Traditional HIDS rely heavily on signature-based detection, which often fails against zero-day attacks and new anomalies. This project aimed to overcome that limitation by leveraging machine learning, specifically Deep Learning Autoencoders with GRU (Gated Recurrent Units), to detect deviations from normal system behavior in real time.

๐Ÿง  Key Objectives

  • Implement an AI-driven HIDS to monitor system logs and detect anomalies.
  • Use deep learning models (Autoencoder + GRU) to learn baseline “normal” behavior.
  • Enable real-time intrusion alerts for anomalous activities (e.g., port scans).
  • Integrate the system into a Defense-in-Depth strategy for layered protection.

๐Ÿ› ๏ธ Development Process

The project followed a structured pipeline:

  1. Log Collection & Preprocessing
    System logs were collected, cleaned, and transformed into a time-series dataset.
  2. Model Architecture
    An Autoencoder with GRU units was trained to learn normal system behavior patterns.
  3. Anomaly Detection
    Any significant deviation in log sequences was flagged as a potential intrusion.
  4. Deployment & Testing
    The system was deployed on a host machine. A simulated Nmap port scan attack was used to validate detection accuracy.

๐Ÿงช Test Scenario: Nmap Port Scan Detection

  • Phase 1: System ran under normal conditions โ€” no alerts.
  • Phase 2: An attacker initiated a port scan using Nmap.
  • Phase 3: The AI-HIDS detected abnormal behavior and triggered an alert in real time.

๐Ÿ” Integration into Defense-in-Depth Strategy

To improve resilience, the AI-HIDS was integrated as part of a broader security architecture, including:

  • Network Firewalls
  • Antivirus Systems
  • Access Control Policies
  • Security Information and Event Management (SIEM)

๐Ÿ“„ Project Report

A detailed report outlining the methodology, architecture, development, test scenarios, and results is available for viewing and download:

๐Ÿ‘‰ Download the Full Project Report (PDF)

๐Ÿง  Key Skills & Technologies Used

  • Python
  • Deep Learning (Autoencoders, GRU)
  • Log Analysis
  • Intrusion Detection Systems (IDS)
  • Cybersecurity
  • Nmap
  • Linux
  • AI for Security