Cours 65 - Abdelouadoud Nadir Messaoudi
Aperçu des sections
-
- Teacher : Messaoudi Nadir
- Informatics Department
- Branch: Software Engineering
- Level: M1
- Coefficient : 2
- Credit : 4
- Minimum hours required per week: 1h
- Sessions: Dimanche de 10h00 à 11h00.
- Evaluation: TP 50%, Final Exam 50%.
- Note du CC = 20% Moyenne des tests + 20% Devoir 1 + 20% Devoir 2 + 20% Devoir 3 + 20 % Présence et participation.
-
Welcome to the Course
Welcome to the course on Intelligent Intrusion Detection Systems. This course is designed to introduce you to the intersection of Cyber Security and Artificial Intelligence. We will focus on how modern Deep Learning techniques, specifically Graph Neural Networks (GNN), can help protect information systems against complex cyber attacks.
Course Description
Traditional security measures like firewalls and antiviruses are no longer enough to stop modern threats. This course explores the development of an Intelligent Intrusion Detection System (IDS).
We will start with the basics of network security, move to Deep Learning concepts (CNN, RNN), and finally focus on using Graph Neural Networks to model complex network traffic and detect anomalies in real-time.
Learning Objectives
By the end of this course, you will be able to:
- Understand the fundamental concepts of Network Security and Intrusion Detection.
- Identify the limitations of traditional security systems.
- Explain how Deep Learning models (CNN, RNN) work in cybersecurity.
- Master the concept of Graph Neural Networks (GNN) and why they are better for network data.
- Design a basic architecture for an intelligent IDS.
Prerequisites To follow this course effectively, you should have basic knowledge in:
- Python Programming (Basic syntax and libraries like NumPy).
- Computer Networks (IP addresses, TCP/UDP protocols).
- Basic Machine Learning (Supervised vs Unsupervised learning).
Assessment Method - Quizzes: At the end of each chapter to check your understanding.
- Final Project: Theoretical design of a GNN-based detection system.
-
Course Summary:
Cyber security is crucial in today's digital world. With the acceleration of global digitalization, the frequency and complexity of cyber-attacks have increased significantly.
In this introductory session, we define the main goals of security: Confidentiality, Integrity, and Availability (CIA). We will also look at the different types of threats that target Information Systems, such as data breaches, economic losses, and reputation damage. The objective of this course is to understand why we need automated systems to protect our networks.
-
Course Summary
An Intrusion Detection System (IDS) acts like a digital security guard. Its goal is to identify threats while preserving the performance of the network.
In this section, we differentiate between the two main detection methods:
- Signature-based Detection: This works like an antivirus, comparing network traffic against a database of known attacks. It is fast but cannot detect new, unknown attacks.
- Anomaly-based Detection: This monitors "normal" behavior and triggers an alert if something unusual happens. This is where AI becomes very useful.
-
Course Summary
While traditional firewalls and signature-based IDS are useful, they have significant limits.
- Inability to detect new attacks: If an attack is not in the database (Zero-day attack), the system misses it.
- High False Alarm rate: Traditional systems often flag normal user behavior as malicious, causing "noise" for administrators.
- Complexity: As attacks become more sophisticated, simple rules are no longer enough to stop them. This creates an urgent need for intelligent systems based on Deep Learning.
-
Course Summary
Deep Learning has revolutionized fields like image recognition and natural language processing. In cybersecurity, we use techniques like Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN) to treat intrusion detection as a data classification problem.
Instead of writing manual rules, the Neural Network "learns" features automatically from raw communication data. It tries to mimic the human brain to recognize complex patterns of attacks that a human administrator might miss.
Watch this video to understand how Neural Networks work:
-
Course Summary
This comprehensive course explores the core contribution of our research: applying Graph Neural Networks (GNN) to cybersecurity.
1. The Limits of Traditional Deep Learning
While models like CNNs and RNNs are powerful, they struggle to capture the complex structure of computer networks. They treat data as flat lists or sequences, ignoring the fact that network traffic is naturally structured as a graph (nodes connected by edges).
2. Modeling Networks as Graphs
In this approach, we model the Information System as a graph structure where:
Nodes represent entities (e.g., IP addresses, hosts, protocols).
Edges represent the communication flow or events between them.
3. The Power of GNNs
Unlike traditional methods, GNNs can learn from this structure. They excel at capturing "multi-hop" context information, meaning they analyze not just the immediate connection, but the relationships between neighbors of neighbors. This allows the system to identify complex, sophisticated attack patterns that move laterally through a network.
4. Semi-Supervised Learning Strategy
Finally, we address a common problem in cybersecurity: the lack of labeled attack data. Our proposed system utilizes Semi-Supervised Learning. By leveraging the capabilities of GNNs, the model can learn efficiently from a massive amount of unlabeled network traffic, requiring only a small set of known attack examples to achieve high detection accuracy in real-time.
-
🎯 Objective
The goal of this final project is to synthesize the knowledge acquired throughout the course by designing and implementing a prototype of an Intelligent Intrusion Detection System (IDS) usingGraph Neural Networks (GNN) .You will act as a Security Data Scientist tasked with upgrading an organization's defense mechanism from a traditional signature-based system to an AI-based anomaly detection system. 📝 Instructions Step 1: Dataset Selection & Preparation Choose a public cybersecurity benchmark dataset (e.g., NSL-KDD ,CIC-IDS2017 , orUNSW-NB15 ).Perform data cleaning (remove null values, normalize numerical features). Split your data into Training (80%) and Testing (20%) sets.
Step 2: Graph Construction (Crucial Step) This is the most important part of the project. You must transform standard network logs (tabular data) into a Graph Structure .Define Nodes: What represents a node? (e.g., Source IP, Destination IP, Port).Define Edges: What represents an edge? (e.g., A packet flow, a connection request).Explain your logic: Why did you choose this structure to represent the network topology?
Step 3: Model Architecture Using Python (PyTorch Geometric or similar libraries), design a GNN architecture. Your model must include at least two Graph Convolutional layers .Implement an activation function (e.g., ReLU). Challenge (Optional): Implement aSemi-Supervised approach as discussed in Chapter 3, using only a small portion of labeled attack data.
Step 4: Evaluation Train your model and evaluate it on the Test set. You must report: Accuracy: Overall correctness.Precision & Recall: To ensure you aren't missing attacks (False Negatives).Confusion Matrix: A visual representation of your results.
📦 Deliverables You must upload a single .zip file containing: Project Report (PDF): A 5-10 page document explaining your methodology, your graph construction logic, and an analysis of your results.
Source Code: A Jupyter Notebook (.ipynb) or Python script (.py) containing your implementation. The code must be commented and reproducible.
⚖️ Grading Criteria Data Preprocessing & Graph Construction: 40%Model Implementation (GNN): 30%Result Analysis & Reporting: 20%Code Quality & Comments: 10%
-
Ouvert le : lundi 15 décembre 2025, 00:00À rendre : lundi 22 décembre 2025, 00:00
-