Hugging Face's logo

Codelord01
/
multiclass_model

Keras
English
intrusion-detection
network-forensics
iot-security
cnn
lstm
multiclass-classification
cybersecurity
Model card Files
xet
Community

Multiclass Network Forensic Intrusion Detection System

A hybrid CNN-LSTM model for fine-grained, multiclass intrusion detection.
It serves as a detailed forensic tool to classify network attacks into 25 distinct categories.

Model Description

This model acts as a "second-stage" analysis tool. After an initial threat is detected (e.g., by a binary IDS), it identifies the specific nature of the attack.

  • Architecture: Conv1D -> ... -> LSTM -> Dense -> Dense (Softmax)
  • Dataset: CICIoT2023 curated subset
  • Performance: 97% accuracy on the 25-class classification task

Intended Use

  • Primary Use: Identify the type of network attack for forensic analysis.
  • Input: (batch_size, 10, 46) โ€” 46 normalized network features
  • Output: Softmax probabilities over 25 classes; highest probability indicates the predicted class

How to Use 

import tensorflow as tf
import numpy as np
from huggingface_hub import hf_hub_download

# Download the model
MODEL_PATH = hf_hub_download("Codelord01/multiclass_model", "multiclass_model.keras")
model = tf.keras.models.load_model(MODEL_PATH)
model.summary()

# Define class names in the order used during training
CLASS_NAMES = [
    'BenignTraffic', 'DDoS-ACK_Fragmentation', 'DDoS-HTTP_Flood', 'DDoS-ICMP_Flood', 
    'DDoS-ICMP_Fragmentation', 'DDoS-PSHACK_Flood', 'DDoS-RSTFINFlood', 'DDoS-SYN_Flood', 
    'DDoS-SlowLoris', 'DDoS-SynonymousIP_Flood', 'DDoS-TCP_Flood', 'DDoS-UDP_Flood',
    'DDoS-UDP_Fragmentation', 'DNS_Spoofing', 'DoS-HTTP_Flood', 'DoS-SYN_Flood', 
    'DoS-TCP_Flood', 'DoS-UDP_Flood', 'MITM-ArpSpoofing', 'Mirai-greeth_flood', 
    'Mirai-greip_flood', 'Mirai-udpplain', 'OtherAttack', 'Recon-HostDiscovery', 
    'VulnerabilityScan'
]

# Sample input: 1 sample, 10 timesteps, 46 features
sample_data = np.random.rand(1, 10, 46).astype(np.float32)

# Make a prediction
prediction_probs = model.predict(sample_data)
predicted_index = np.argmax(prediction_probs)
predicted_class = CLASS_NAMES[predicted_index]
confidence = prediction_probs[predicted_index]

print(f"Predicted Attack Type: {predicted_class}")
print(f"Confidence: {confidence:.4f}")

## Limitations
- Validated only on CICIoT2023-like traffic
- Input must be normalized
- CLASS_NAMES must match training order

## Training Information
- Optimizer: Adam
- Loss: Categorical Cross-Entropy
- 25-class balanced dataset


@mastersthesis{ababio2025multilayered,
  title={A Multi-Layered Hybrid Deep Learning Framework for Cyber-Physical Intrusion Detection in Climate-Monitoring IoT Systems},
  author={Awuni David Ababio},
  year={2025},
  school={Kwame Nkrumah University of Science and Technology}
}
Downloads last month
6
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support