# AutoAI Pipeline for Network Intrusion Detection System (NIDS)

This notebook demonstrates how IBM AutoAI is used to build a robust machine learning model to detect various network intrusions such as DoS, Probe, R2L, and U2R.

## Dataset Overview
We use a labeled dataset (`Train_data.csv`) containing network traffic records. Each record has several features representing connection metadata and a label in the `class` column.

Example attacks:
- **DoS** (Denial of Service)
- **Probe** (Surveillance)
- **R2L** (Remote to Local)
- **U2R** (User to Root)
- **Normal** traffic

In [None]:
import pandas as pd

# Load the dataset
df = pd.read_csv('Train_data.csv')
df.head()

## IBM Cloud AutoAI Setup
1. Go to IBM Cloud > Watson Studio > AutoAI.
2. Upload `Train_data.csv`
3. Set `class` as the target column.
4. Select `Multiclass Classification`.
5. Leave Time Series **disabled**.
6. Start the AutoAI experiment.
7. Evaluate pipelines and choose the best model.

## Model Deployment Info
- Region: `au-syd`
- Deployment Type: Online
- Deployment ID: `<your-deployment-id>`
- AutoAI selects and deploys the best pipeline.

## Test the Deployed Model

In [None]:
import requests

API_KEY = "Os8Fxo5yxnt6TB0zzt_HAs0ZhKF5sf1Oo_rCinsZPFg8"
token_response = requests.post(
    'https://iam.cloud.ibm.com/identity/token',
    data={"apikey": API_KEY, "grant_type": 'urn:ibm:params:oauth:grant-type:apikey'}
)
mltoken = token_response.json()["access_token"]

payload_scoring = {
    "input_data": [
        {
            "fields": ["duration", "src_bytes", "dst_bytes", "count", "srv_count"],  # adjust fields based on your dataset
            "values": [[12, 300, 2500, 5, 10]]
        }
    ]
}

response_scoring = requests.post(
    'https://private.au-syd.ml.cloud.ibm.com/ml/v4/deployments/<your-deployment-id>/predictions?version=2021-05-01',
    json=payload_scoring,
    headers={'Authorization': 'Bearer ' + mltoken}
)

print(response_scoring.json())

## Conclusion
The AutoAI-generated model can successfully classify different network intrusion types. With real-time integration, it can be used to detect attacks in communication networks and raise early alerts for system administrators.