Learning-Based Intrusion Detection and Prevention System (LIDPS)
Learning-Based Intrusion Detection and Prevention System (LIDPS)
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
Learning-Based Intrusion Detection and
Prevention System (LIDPS)
M V V Gopala Krishna Murthy1; D Lahari2; Ch Lakshmi Pujitha 3;
P Lakshmi Pranamya4; T Harsha Tri Lakshmi5; S Sai Durga Lavanya6
1
Assistant Professor; 2,3,4,5,6 B.Tech. Student
1,2,3,4,5,6
Department of CSE, Sri Vasavi Engineering College(A), Pedatadepalli, Tadepalligudem – 534101
Publication Date: 2025/05/07
Abstract; The increasing number of cyber threats and security breaches has necessitated the development of intelligent,
automated, and proactive cybersecurity mechanisms. This project focuses on designing and implementing an Intrusion
Detection and Prevention System (IDPS) that leverages Machine Learning (ML) techniques to detect and prevent network
intrusions in real-time. The system continuously monitors incoming network traffic, extracts meaningful features, and
classifies it as normal or malicious using a trained Random Forest algorithm, ensuring high detection accuracy and minimal
false positives. If an attack is detected, the system automatically blocks the attacker's IP address, preventing further
malicious activity and enhancing network security. The backend is developed using Flask, while MySQL is utilized for
storing attack logs, detected intrusions, and blocked IPs, ensuring an efficient and well-structured database management
system. The user-friendly dashboard, designed with an intuitive UI, enables real-time monitoring and management of
intrusion events, providing detailed logs and analytics to help security administrators analyze attack patterns and refine
network defenses. The system is trained using 17 critical network features, allowing it to differentiate between normal and
anomalous traffic with high precision. It is designed to function efficiently in large-scale network environments, making it
suitable for organizations, enterprises, and cloud-based infrastructures that require robust cybersecurity measures.
Additionally, the integration of automated response mechanisms ensures that threats are mitigated instantly without manual
intervention, significantly reducing the risk of security breaches. The implementation of machine learning algorithms such
as Support Vector Machine (SVM), Random Forest enhances the system’s ability to adapt to evolving cyber threats. This
IDPS system not only provides real-time threat prevention but also contributes to cybersecurity intelligence by offering
insights into intrusion trends, attacker behavior, and potential vulnerabilities in the network. With cyberattacks becoming
increasingly sophisticated, the need for such an advanced intrusion prevention mechanism is more crucial than ever. This
project represents a highly scalable, efficient, and reliable approach to proactive network defense, providing organizations
with a powerful security solution to safeguard their digital assets from emerging cyber threat.
Keywords: Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Network Security, Machine Learning, Cyber Threat
Detection, IP Blocking, Flask Web Application, Real-Time Monitoring, Automated Response, Anomaly Detection, Email
Notification, MySQL Database.
How to Cite: M V V Gopala Krishna Murthy; D Lahari; Ch Lakshmi Pujitha ; P Lakshmi Pranamya; T Harsha Tri Lakshmi;
S Sai Durga Lavanya (2025). Learning-Based Intrusion Detection and Prevention System (LIDPS). International Journal of
Innovative Science and Research Technology, 10(4), 2562-2571. https://doi.org/10.38124/ijisrt/25apr945
I. INTRODUCTION can lead to data breaches, financial loss, and reputational
damage.
In today's hyper-connected digital world, where
technology is an integral part of our daily lives, ensuring Traditional security systems often operate based on
cybersecurity has become more critical than ever before. The predefined rules and signatures to detect threats. While these
rapid growth of the internet and the increasing dependence on systems are effective against known attacks, they struggle to
network-based applications have brought about numerous identify new or evolving threats that do not match predefined
benefits. However, they have also opened the door to a wide patterns. This limitation creates a pressing need for more
range of cyber threats and malicious activities. Organizations intelligent, adaptive, and automated security solutions that
and individuals alike are now more vulnerable to various can analyze network traffic in real-time, detect anomalies,
forms of intrusions, such as denial-of-service attacks, and take swift action to mitigate threats before they escalate.
unauthorized access, phishing, and malware infections, which
IJISRT25APR945 www.ijisrt.com 2562
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
To address this challenge, our project introduces a accuracy—an approach that has inspired components of our
Machine Learning-based Intrusion Detection and Prevention model design.
System (IDPS), designed to monitor network traffic, identify
suspicious behaviors, and proactively block malicious IP A. Iftikhar et al. (2018) [2] carried out a performance
addresses. Our system is developed as a Flask-based web comparison among Support Vector Machine (SVM), Random
application that leverages a trained machine learning model Forest (RF), and Extreme Learning Machine (ELM) for
to analyze real-time data using 17 essential features. Once intrusion detection purposes. Their comprehensive analysis
abnormal activity is detected, the system automatically logs revealed that Random Forest delivered better overall
the event into a MySQL database and updates a list of blocked accuracy and detection rates when handling large-scale
IPs to prevent further damage. Additionally, it sends intrusion datasets. This comparative study helped establish a
immediate email alerts to notify administrators of the threat, baseline for our project when selecting suitable models for
ensuring quick awareness and response. our detection pipeline.
The IDPS not only aims to improve detection accuracy Jitti Annie Abraham and V. R. Bindu (2021) [3]
through intelligent algorithms but also simplifies the process presented a detailed review of both machine learning and
of incident handling by automating the entire workflow— deep learning approaches for intrusion detection and
from detection to prevention and notification. This prevention. Their work highlighted the strengths and
automation reduces human intervention, enhances limitations of various learning models and stressed the need
operational efficiency, and minimizes the potential for human for hybrid systems that can adapt to modern network threats.
error in critical security operations. Their observations validated the importance of our focus on
machine learning-based IDPS as a practical and lightweight
This research paper explores the system architecture, solution.
methodologies, and machine learning techniques employed in
our IDPS. It highlights how combining classification models Sibi Amaran et al. (2022) [4] explored the application of
with robust data preprocessing and feature scaling can machine learning algorithms in Wireless Sensor Networks
significantly boost the detection rate of intrusions. (WSNs) for surveillance purposes. Their proposed model,
Furthermore, the paper discusses the importance of optimized for energy efficiency and detection accuracy,
transparent, real-time threat tracking and the role of serves as an ideal reference for integrating intelligent security
automated prevention mechanisms in strengthening an systems in constrained environments. Their work reinforces
organization’s cybersecurity posture. the versatility and potential of machine learning in various
domains of intrusion detection.
Through the development and deployment of this IDPS,
we aim to provide an accessible, efficient, and scalable Ajmeera Kiran et al. (2023) [5] developed an IDPS
solution to contemporary cybersecurity challenges. By using machine learning algorithms, focusing on real-time
incorporating real-time analytics and automatic IP blocking, monitoring and detection. Their research emphasized the
our system not only detects intrusions but also ensures active implementation of classification techniques for fast and
protection against future attacks—offering peace of mind to accurate identification of threats. Their system design
users and promoting a safer digital environment. inspired several elements in our project, such as the real-time
analysis engine and automated response mechanisms.
II. LITERATURE REVIEW
V. Ebenezer et al. (2023) [6] introduced an Intrusion
In the ever-evolving landscape of cybersecurity, Detection and Prevention System focused on malware
examining previous research acts as the bedrock for detection using supervised machine learning models. They
innovation. Understanding earlier approaches, technologies, demonstrated how integrating prevention with detection can
and techniques enables researchers to build more efficient and lead to proactive defense systems. This approach aligns
secure systems. In this study, we have carefully explored closely with our project's core objective of not only detecting
several research papers that provide valuable insights into the but also auto-blocking malicious IPs.
development of Intrusion Detection and Prevention Systems
(IDPS) using various machine learning techniques. Each of Mona Esmaeili et al. (2024) [7] discussed the role of
these works has contributed uniquely to the advancement of machine learning in enhancing IoT security. Their system
cybersecurity, laying the foundation for our proposed system. leveraged data analytics and classification models to detect
anomalous behavior in IoT networks. Their findings support
M. Belouch et al. (2017) [1] proposed a two-stage our project’s goal of applying scalable and intelligent security
classifier approach using the REPTree algorithm to improve solutions in both traditional and modern network
the accuracy of intrusion detection. Their system utilized environments.
network traffic features to detect abnormal behavior in real-
time, showcasing the importance of combining efficient Each of these studies brings forward critical
algorithms with effective data preprocessing. Their research advancements in the field of intrusion detection and
emphasizes the role of decision tree-based classifiers in prevention. They collectively emphasize the importance of
reducing false positives and improving classification using data-driven models, real-time analytics, and automated
responses for stronger network security. Drawing inspiration
IJISRT25APR945 www.ijisrt.com 2563
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
from these works, our proposed IDPS integrates real-time System Architecture
detection, IP blocking, email alerting, and web-based To overcome the limitations of traditional manual
monitoring to offer a comprehensive and user-friendly methods and static detection systems, our Intrusion Detection
cybersecurity solution. and Prevention System (IDPS) introduces a dynamic and
automated architecture that enhances security, accuracy, and
III. PROPOSED SYSTEM responsiveness. The system architecture (see Fig-1) is
composed of several integral modules working in tandem to
Problem Statement detect, analyze, and respond to potential network intrusions
In today’s increasingly connected world, the rise in in real-time.
cyber threats has exposed the limitations of traditional
security methods that often rely on manual monitoring and At the center of the architecture is the App Module,
reactive responses. These outdated approaches are time- which orchestrates the overall system operations. This
consuming, prone to human error, and inadequate for module integrates a Machine Learning Model for detecting
detecting modern, complex intrusions that can cause anomalies, a Standard Scaler for normalizing incoming data,
significant damage. To address this challenge, our project and a MySQL database that stores vital logs and blocked IPs.
proposes a Machine Learning-based Intrusion Detection and The Email Handler Module is responsible for sending
Prevention System (IDPS) that automates the detection and immediate alerts to the system administrator when suspicious
blocking of malicious activities in real time. Unlike activity is detected. The IP Manager Module handles IP
conventional systems, our IDPS not only identifies threats address verification, blocking, and retrieving lists of blocked
with high accuracy but also instantly blocks malicious IP sources. Meanwhile, the Logger Module ensures detailed
addresses, sends real-time alerts, and logs detailed IP logging of all detected intrusions for analysis and auditing.
information such as location, user agent, and ISP for further
analysis. This automated and intelligent solution enhances The architecture emphasizes modularity, allowing each
security, reduces the risk of human oversight, and provides a component to operate independently while communicating
scalable defense mechanism that adapts to evolving cyber- through a centralized backend application. This design
attack patterns, ensuring robust protection for modern ensures scalability, security, and efficiency in handling large
networks. volumes of network traffic.
Fig 1 Proposed System Architecture
Our application comprises core components and their from data collection to threat prevention. It captures the
interactions to detect and mitigate threats effectively. The sequence of processes including real-time traffic analysis,
Class Diagram (see Fig-2) highlights key classes such as App, ML-based intrusion prediction, decision-making, and
EmailHandler, IPManager, and Logger, detailing their corresponding actions such as blocking IPs or allowing
attributes and methods. This structure provides a blueprint of access. This diagram ensures a clear understanding of the
how system entities collaborate to execute tasks like runtime behavior and helps visualize the logic behind every
monitoring, blocking, logging, and alerting.Additionally, the detection and response mechanism.
Activity Diagram (see Fig-3) outlines the flow of operations
IJISRT25APR945 www.ijisrt.com 2564
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
Fig 2 UML CLASS Diagram
IJISRT25APR945 www.ijisrt.com 2565
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
Fig 3 Activity Diagram
IJISRT25APR945 www.ijisrt.com 2566
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
IV. METHODOLOGY This model is trained on the NSL-KDD dataset using
supervised learning techniques, leveraging 17 numerical and
This section provides a comprehensive overview of the categorical features (encoded via protocol_type, service, and
architecture and functional workflow behind the flag encoders). The prediction process is seamlessly
implementation of our Flask-based Intrusion Detection and integrated into the Flask /dashboard route for real-time web-
Prevention System (IDPS). The methodology integrates based interaction.
Machine Learning for threat detection, real-time logging,
auto-blocking mechanisms, and administrator notification via prediction = model.predict([features_scaled])[0]
email—all of which work together to ensure a proactive
defense against cyber intrusions. The system is trained on 17 Attack Logging Module
key features from the KDD dataset and is built using Python, Whenever an intrusion is detected (prediction == 1), the
Flask, MySQL, and scikit-learn. system logs the associated IP address and feature data into the
attacks1 table within the idps_db MySQL database. This log
Data Monitoring and Feature Preparation includes:
Incoming network traffic is continuously monitored and
converted into feature vectors. For simulation, the system The attacking IP
randomly generates 16 numerical features to mimic real- The feature vector (saved as a string)
world data. One feature is dynamically adjusted to simulate The email used by the system (for traceability)
either normal or attack-like behavior. These vectors are then
processed through a StandardScaler, which was saved during This module provides a historical audit trail for future
the training phase, ensuring that the format and scale match analysis and threat intelligence.
what the model expects. This step ensures consistency and The use case diagram (Fig-4) that explains this
prepares the data for accurate real-time prediction. workflow is as follows:
features_scaled = scaler.transform([features])[0] query = "INSERT INTO attacks1 (ip_address, features,
email) VALUES (%s, %s, %s)"
Intrusion Detection Model
The heart of the system lies in a pre-trained ML model The Use Case Diagram (see Fig-4) outlines the primary
(idps_model.pkl) which takes the scaled features and outputs interactions between the administrator and the IDPS system.
a binary prediction: It captures core functionalities such as monitoring traffic,
detecting intrusions, blocking malicious IPs, logging attack
0 for normal traffic data, and sending alert notifications, providing a clear view
1 for intrusion of the system’s intended behavior.
Fig 4 UML USE CASE Diagram
IJISRT25APR945 www.ijisrt.com 2567
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
Auto IP Blocking Mechanism securely through Gmail’s SMTP service with TLS
A core feature of the IDPS is its ability to automatically encryption.
block any IP address associated with a detected attack. When
an IP is flagged, it is added to the blocked_ips1 table along send_email_notification(ip)
with:
Admin Dashboard
IP address The /dashboard route provides a live web interface
Timestamp of the block where the administrator can view current detection results,
The source email including:
Before inserting, the system checks to ensure that the IP Simulated IPs and traffic
hasn’t already been blocked. This logic is crucial to prevent Real-time alerts (Attack Detected & Blocked / Normal
redundant actions and database bloat. Traffic)
A table of all currently blocked IPs
if not is_ip_blocked(ip):
Additionally, the /blocked_ips route renders a complete
cursor.execute("INSERT INTO blocked_ips1 (...) list of blocked IP addresses with timestamps, offering full
VALUES (...)") transparency and control over the system's actions.
Email Notification System V. RESULTS AND DISCUSSION
The system includes an SMTP-based email alert
mechanism. When an attack is detected and an IP is blocked, Captured in this image is the homepage of the IDPS
an alert email is sent to the administrator with the IP address application, where the system initiates monitoring of network
and timestamp. This ensures administrators remain informed traffic and user interactions (see Fig-5). It forms the
in real-time, allowing for quick human inspection or manual foundation for the real-time detection and prevention of
override if needed. The email is composed using the malicious activities.
MIMEMultipart and MIMEText libraries, and delivered
Fig 5 Homepage of IDPS Application
Here, we showcase the live dashboard of the IDPS, which dynamically simulates traffic patterns and displays the system’s
detection results (see Fig-6). This interface illustrates how the system intelligently distinguishes between normal and suspicious
traffic, marking detected threats with appropriate alerts and immediately responding through preventive measures like IP blocking
and logging.
IJISRT25APR945 www.ijisrt.com 2568
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
Fig 6 IDPS Live Dashboard
The interface shown below (Fig-7) highlights the Blocked IPs page, where all suspicious IP addresses identified by the system
are automatically added. Each entry is timestamped, providing administrators with an audit trail and allowing for detailed review
and incident analysis.
Fig 7 Blocked IPs Overview
IJISRT25APR945 www.ijisrt.com 2569
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
When an intrusion is detected, the system triggers an automatic alert mechanism. As shown in Fig-8, an email notification is
sent to the system administrator, containing vital information like the blocked IP address and the timestamp. This instant alert ensures
quick awareness and enhances the overall responsiveness of the security team.
Fig 8 Email Alert Notification
VI. CONCLUSION ACKNOWLEDGEMENT
Our Intrusion Detection and Prevention System (IDPS) We extend our heartfelt gratitude to Dr. Jaya Kumari,
stands as a robust and intelligent solution to the evolving Head of the Department of Computer Science and
landscape of cybersecurity threats. Leveraging machine Engineering, Sri Vasavi Engineering College, for her constant
learning algorithms and real-time analytics, the system support, valuable insights, and encouragement throughout
effectively identifies malicious activities, blocks this project. Her expert guidance was instrumental in shaping
unauthorized IP addresses, and notifies administrators the direction of our work. We also sincerely thank our faculty
instantly through automated alerts. The user-friendly and mentors who provided technical assistance and
interface ensures seamless interaction, while the backend motivation during every phase of development. Their
handles complex threat detection processes with accuracy and contributions have been crucial in turning our project into a
speed. By integrating live attack monitoring, automatic IP successful and fulfilling endeavor.
blocking, and email notifications, the system offers a
proactive defense mechanism against network intrusions, REFERENCES
making it a valuable asset for maintaining secure digital
environments. [1]. M. Belouch , S. El Hadaj , M. Idhammad,"A Two-
Stage Classifier Approach Using REPTree Algorithm
Looking ahead, the future prospects of our IDPS system for Network Intrusion Detection",2017.
are both exciting and impactful. Plans include incorporating [2]. A. Iftikhar, M. Basheri, M. Javed Iqbal, A. Raheem,
geo-IP tracking to visualize attack origins, enhancing ''Performance Comparison of Support Vector
detection models using deep learning for higher accuracy, and Machine, Random Forest, and Extreme Learning
introducing a centralized admin panel for managing threat Machine for Intrusion Detection'',2018.
reports, IP whitelisting, and incident response. These [3]. Jitti Annie Abraham,V. R. Bindu,''Intrusion Detection
additions will further elevate the system’s ability to adapt, and Prevention in Networks Using Machine Learning
respond, and protect against sophisticated cyber threats, and Deep Learning Approaches: A Review'',2021.
marking a significant step toward a smarter and more secure [4]. Sibi Amaran, Ramalingam Madhan Mohan, Rethnaraj
cyberspace. Jebakumar,” Optimal Machine Learning Based
IJISRT25APR945 www.ijisrt.com 2570
Volume 10, Issue 4, April – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25apr945
Intrusion Detection System in Wireless Sensor
Networks for Surveillance Applications”,2022.
[5]. Ajmeera Kiran; S. Wilson Prakash; B Anand Kumar;
Likhitha; Tammana Sameeratmaja; Ungarala Satya
Surya Ram Charan ,“ Intrusion Detection System
Using Machine Learning”,2023.
[6]. V. Ebenezer; Rosebel Devassy; G. Jaspher W.
Kathrine,” Intrusion Detection and Prevention System
to Analyse and Prevent Malware using Machine
Learning”,2023.
[7]. Mona Esmaeili, Morteza Rahimi, Hadise Pishdast,
Dorsa Farahmandazad, Matin Khajavi, Hadi Jabbari
Saray ,“ Machine Learning-Assisted Intrusion
Detection for Enhancing Internet of Things Security"
,2024.
