This network intrusion detection system uses least hardware that is required to run a simple and effective NIDS. I have used a raspberry pi pico wh, zero w, ssd1306 oled and 1602 lcd displays for this project. This project uses a Neural Network Classifier model trained on the CIC IDS 2017 dataset and is trained on the Edge Impulse platform. I will provide the links and references to the trained model of my Edge Impulse profile below in the setup guide. [NOTE: This project is in contineous improvement and development, you might get some problems if you dont have the minimum hardware that i have used.

To install this clalssifier on the raspberry pi pico WH you have to download this as Arduino Library in the Deployment tab. Then follow the github repository, link at the bottom of this readme fille.

About: This project utilizes minimal hardware setup for the development of a network intrusion detection system. For the model I have used a Neural Network Classifier trained on the Edge Impulse platform using the CIC-IDS-2017 dataset. It has a total of 9+ features for classification.

Hardware: Raspberry pi zero W, Raspberry pi pico WH, SSD1306 OLED display, 1602 LCD display. This is the least hardware that you can use to develop a lightweight simple yet effective NIDS.

You can use it for a real-world implementation, testing and prototyping a functional NIDS on a raspberry pi development board. For this project I have used python3-scapy for the network packet sniffing as well as dissecting the packets instead. If you have a 64-bit system you can use tensorflow-lite but as I have a 32-bit raspberry pi zero w I didn't.

Working: For the packets sniffing and dissection this project uses a python script involving the use of scapy. Once the zero w board starts the capturing process it then sends the data to the pico wh connected via a USB cable (you can use UART RX/TX). The pico wh has been configured in Arduino IDE which is running the classifier. The pico wh is having two displays configured. The ssd1306 OLED displays the criticality and the source IP of the attack and the second display 1602 LCD displays the warnings as well as the attack type and last scanned attack. The pico then also sends back the data after classification to the zero w which displays the attack type in the CLI.

GitHub Project link: https://github.com/PS-003R32/armata-nids YouTube video link: https://youtu.be/zJ92Vnly6WM