π‘οΈ Raspberry Pi Real-Time Machine Learning Intrusion Detection System (IDS)
A full end-to-end IDS project that runs on a Raspberry Pi using live packet capture, flow-based feature extraction, a trained machine-learning model, and a Flask web dashboard for real-time alert visualization.
This project is designed for:
βοΈ Cybersecurity research βοΈ College assignments βοΈ Placement portfolios βοΈ Real-world networking demos
π Key Features
πΉ Real-time packet capture using tcpdump πΉ Flow extraction using Scapy πΉ Machine Learning trained on CICIDS2017 dataset πΉ One-click Flask web dashboard πΉ Alerts stored in SQLite πΉ Optional auto-blocking IPs via iptables πΉ Lightweight, edge-friendly design
ποΈ System Architecture
Raspberry Pi (Edge Device β AI IDS)
Raw Packets β Flow Features β ML Model β Suspicious? β Send JSON Alert
Laptop / Server
Receive Alerts β SQLite Database β Live Dashboard UI
βββββββββββββββββββββββββββ βββββββββββββββββββββββββββ β Raspberry Pi IDS β HTTP POST JSON β Flask Server β β β tcpdump ββββββββββββββββββΊβ /alert API endpoint β β β scapy flow features β β SQLite storage β β β ML inference β β /dashboard live UI β βββββββββββββββββββββββββββ βββββββββββββββββββββββββββ
π Project Structure RaspberryPi-IDS/ β ββ src/ β ββ app.py # Flask backend + REST β ββ pi_ids_agent.py # Raspberry Pi IDS agent β ββ train_model_cicids.py# Model training script β ββ models/ β ββ ids_rf.joblib # Trained ML model β ββ dataset/ β ββ sample_flows.csv (Large dataset not included) β ββ scripts/ β ββ block_ip.sh # Optional firewall blocking β ββ docs/ # Screenshots + diagrams β ββ dashboard.png β ββ architecture.png β ββ pi_terminal.png β ββ requirements.txt ββ README.md
π Installation & Setup 1οΈβ£ Clone the repository git clone https://github.com/Aash55/RaspberryPi-IDS.git cd RaspberryPi-IDS
2οΈβ£ Create virtual environment (Laptop / Server) Windows python -m venv venv venv\Scripts\activate
Linux/Mac python3 -m venv venv source venv/bin/activate
3οΈβ£ Install dependencies pip install -r requirements.txt
π Run the Flask Alert Server (Laptop) python src/app.py
You should see:
Running on http://127.0.0.1:5000
Now open:
π Dashboard β http://127.0.0.1:5000/dashboard
π Alerts JSON β http://127.0.0.1:5000/alerts
π Run IDS Agent on Raspberry Pi 1οΈβ£ Copy ML model scp models/ids_rf.joblib pi@:/home/pi/
2οΈβ£ Copy IDS agent scp src/pi_ids_agent.py pi@:/home/pi/
3οΈβ£ Run IDS sudo python3 pi_ids_agent.py
It will:
βοΈ Capture packets βοΈ Extract flows βοΈ Run ML inference βοΈ POST alerts
π¦ Alert JSON Format
Example alert sent from Raspberry Pi:
{ "ts": "2025-12-02 15:03:21", "src": "192.168.46.12", "dst": "8.8.8.8", "sport": 52311, "dport": 443, "proto": 6, "predicted_class": "suspicious", "packet_count": 99, "total_bytes": 12345 }
π§ Machine Learning Model Dataset
π‘ CICIDS2017 β Cleaned & Preprocessed Version
Contains:
Normal traffic
DoS / DDoS
Port scan
Botnet traffic
Brute force
Web attacks
Selected Features
Light, edge-friendly features used both in training + runtime:
Flow Duration Total Fwd Packets Total Length of Fwd Packets Packet Length Mean Flow Bytes/s Flow Packets/s
These work well for anomaly detection on small hardware.
Algorithm
βοΈ RandomForestClassifier
200 trees
max depth 15
class_weight="balanced"
low inference cost
robust to noise
Training Script
Located at:
src/train_model_cicids.py
Outputs:
models/ids_rf.joblib
π₯ Optional: Auto IP Blocking
Only in controlled networks
sudo iptables -I INPUT -s -j DROP
Script:
scripts/block_ip.sh
It protects from:
βοΈ Port Scans βοΈ DoS / Flooding βοΈ Suspicious high-volume flows
π Cybersecurity Ethics
π¨ Do not use on networks you do not own π¨ Do not inspect personal user traffic π¨ Never deploy auto-block on public networks π¨ Use only for research, education, demo
This project is educational, not a commercial IPS/IDS.
π§ Why This Is Placement-Ready
β IoT Edge π°οΈ β Cybersecurity π β Machine Learning π€ β Networking (TCP/IP) π β Web development (Flask + JS UI) π₯οΈ β Real-time data pipeline β‘ β SQLite data persistence ποΈ
This shows you can build complete systems, not just simple scripts.
π Future Enhancements
πΉ Train with more classes β multi-class IDS πΉ Add Suricata/Snort rule engine πΉ Grafana / Kibana dashboards πΉ TensorFlow Lite edge inference πΉ JWT authentication for dashboard πΉ TimescaleDB for time-series alerts
π License
MIT License β Free for research and education.
β Support & Contributions
Enjoy this project? πΉ Star β the repository πΉ Open issues πΉ Suggest improvements πΉ Fork and submit PRs
π Credits
Developed by ASH55(M.Tech Student) with learning support from Angela Yu, CIC Lab, and helpful tools like Scapy, Flask & RandomForest ML.
π¬ Contact
If you need help:
Open an issue
DM on GitHub
Ask via discussions
Security + AI + IoT = Your Superpower π Build systems, not just code.
β If this helped, please drop a star π