A Final Project Report On

NETWORK INTRUSION DETECTION SYSTEM (NIDS)

Submitted in the Partial Fulfillment of the

Requirements for the Degree of Bachelor of Software Engineering Awarded by
Pokhara University

Submitted By:
Dhiren Adhikari (21185153)
Jiniyas Shah (21185158)
Niraj Parajuli (21185165)

School of Engineering
Faculty of Science and Technology
POKHARA UNIVERSITY

Supervisor:
Er. Paras Devkota Designation – Teaching Assistant

April, 2025
COPYRIGHT

The author has granted authorization to the Pokhara University Central Library and Library of
School of Engineering to grant unrestricted access to this report for inspection. Furthermore,
the author has agreed to the potential for extensive reproduction of this report for educational
purposes by either the supervisors or, in their absence, by the program coordinator wherein the
project was done. It is understood that proper acknowledgment will be accorded to both the
author of the report and the School of Engineering, Pokhara University in any utilization of the
report's contents. Unauthorized copying, publication, or any other form of exploitation of this
report for financial gain without explicit consent from the School of Engineering, Pokhara Uni-
versity and the author is strictly prohibited. Requests seeking permission to replicate or employ
any segment of the report's content should be directed to:

Program Coordinator
School of Engineering
Pokhara University

i
STUDENT'S DECLARATION

We hereby declare that this project work entitled Network Intrusion Detection System (NIDS)
is based on our original work. All concepts, data, code, and any other work from external
sources have been properly cited and referenced in accordance with the guidelines provided by
School of Engineering, Pokhara University.

We owe all the liabilities relating to the authenticity and originality of this project work and
project report.
1. Dhiren Adhikari (21185153) ……………………………..
2. Jiniyas Shah (21185158) ……………………………..
3. Niraj Parajuli (21185165) ……………………………..

Date: ……………………….

ii
SUPERVISOR'S RECOMMENDATION

This is to certify that this project report entitled Network Intrusion Detection System (NIDS)
prepared and submitted by the below listed team of students in partial fulfillment of the re-
quirements of the degree of Bachelor of Software Engineering awarded by Pokhara University,
has been prepared and completed under my supervision.

I hereby recommend the same for acceptance by the School of Engineering, Pokhara Univer-
sity.
1. Dhiren Ahikari (21185153)
2. Jinyas Shah (21185158)
3. Niraj Parajuli (21185165)

…………………………..
Er. Paras Devkota
School of Engineering
Pokhara University

Date: ……………………….

iii
School of Engineering
POKHARA UNIVERSITY
EXTERNAL EXAMINER’S RECOMMENDATION

The undersigned certified that they have evaluated this project report entitled Network Intru-
sion Detection System (NIDS) submitted by Dhiren Adhikari, Jiniyas Shah and Niraj Parajuli
and their oral presentation for partial fulfillment of the degree of Bachelor of Software Engi-
neering and recommended to the School of Engineering, Pokhara University for acceptance of
this project work/report.

…………………………….
Er. Paras Devkota
School of Engineering
Pokhara University

Date: ……………………….

iv
ACKNOWLEDGEMENT

Any type of project could never have been completed without the cooperation and inspiration
of other individuals and organizations, but it is difficult to acknowledge the intellectual debt
with a few ceremonial words in a brief space. However, we would like to express our sincere
gratitude to the Department of Software Engineering, School of Engineering, Pokhara Uni-
versity for providing us with the opportunity to work conducting research and acquire new
knowledge. We would like to acknowledge our project supervisor Er. Paras Devkota for his
continuous support, motivation, and guidance throughout the project. His constant feedback
and suggestions throughout the development of this project helped us to face and tackle the
challenges. We are grateful to all our teachers for their suggestions and inspirational lectures
that helped a lot during our project development to transform our ideas into a real application.
We are overwhelmed in all humbleness and gratefulness to acknowledge our depth to all
those who have helped us to put up these ideas, well above the level of simplicity and into
something concrete. We would like to thank everyone who is involved in the project directly
or indirectly. Any omission in this short acknowledgement doesn’t mean a lack of gratitude.
Sincerely,
Dhiren Adhikari (21185153)
Jinyas Shah (21185158)
Niraj Parajuli (21185165)

v
ABSTRACT

The increasing number of cyber threats and vulnerabilities in networked systems has created
a growing need for proactive security measures. This project focuses on designing and imple-
menting a rule-based Network Intrusion Detection System (NIDS) that can monitor, detect,
and alert suspicious activities within a network. The system captures HTTP/HTTPS requests
and analyzes them through a rule-based filtering engine built in C++. Based on predefined
threat signatures, the system blocks or forwards requests, enhancing server-side protection. A
real-time dashboard offers live visualization of detected intrusions, providing users with in-
stant alerts and actionable insights. The solution emphasizes flexibility, openness, and ease of
integration, making it ideal for developers and system administrators seeking improved web
application security.

Keywords – NIDS, Cybersecurity, C++ filtering, HTTP/HTTPS analysis, Real-time monitor-

ing

vi
TABLE OF CONTENTS

COPYRIGHT .............................................................................................................................. i

STUDENT'S DECLARATION .................................................................................................ii

SUPERVISOR'S RECOMMENDATION ............................................................................... iii

EXTERNAL EXAMINER’S RECOMMENDATION ............................................................ iv

ACKNOWLEDGEMENT ......................................................................................................... v

ABSTRACT.............................................................................................................................. vi

TABLE OF CONTENTS .........................................................................................................vii

ABBREVIATIONS .................................................................................................................. ix

CHAPTER 1: ............................................................................................................................. 1

INTRODUCTION ..................................................................................................................... 1

1.1 Background ...................................................................................................................... 1

1.2 Problem Statement ........................................................................................................... 1

1.3 Objectives ......................................................................................................................... 2

1.4 Significance of Project ..................................................................................................... 2

1.5 Application ....................................................................................................................... 3

CHAPTER 2: ............................................................................................................................. 4

LITERATURE REVIEW .......................................................................................................... 4

2.1 Overview of Intrusion Detection System (IDS) ............................................................... 4

2.2 Detection Techniques: Signature-Based vs. Anomaly-Based .......................................... 4

2.3 Related Task............................................................................................................... 5

CHAPTER 3: ............................................................................................................................. 6

METHODOLOGY .................................................................................................................... 6

3.1 System Development........................................................................................................ 6

3.1.1 Rule-based Engine Filtering ...................................................................................... 6

3.1.2 SDLC Phases ............................................................................................................. 6

vii
3.2 Tools and Techniques....................................................................................................... 7

3.2.1 D.N.S. Layer .............................................................................................................. 7

3.2.2 MITM Proxy & Interceptor ....................................................................................... 7

3.2.3 Packet Inspection Engine........................................................................................... 7

3.2.4 Web Dashboard (Frontend) ....................................................................................... 7

3.2.5 Backend & Storage .................................................................................................... 7

3.3 System Architecture and Workflow ................................................................................. 8

3.3.1 Block Diagram .............................................................................................................. 8

3.3.2 Flow Chart ................................................................................................................. 9

3.4 Technology Stack Used .................................................................................................. 10

3.5 Agile Methodology ........................................................................................................ 10

3.6 UML Diagrams .............................................................................................................. 11

3.6.1 Use Case Diagram ................................................................................................... 11

3.6.2 System Sequential Diagram..................................................................................... 13

3.6.3 ER Diagram ............................................................................................................. 15

CHAPTER 4 ............................................................................................................................ 18

RESULT AND EVALUATION .............................................................................................. 18

4.1 Result ....................................................................................................................... 18

4.2 Evaluation ................................................................................................................ 18

4.3 Future Scope................................................................................................................... 19

CHAPTER 5 ............................................................................................................................ 20

CONCLUSION AND FUTURE WORKS .............................................................................. 20

5.1 Conclusion...................................................................................................................... 20

5.2 Limitations ..................................................................................................................... 21

5.3 Future works................................................................................................................... 21

CHAPTER 6 ............................................................................................................................ 22

REFERENCE ........................................................................................................................... 22
viii
ABBREVIATIONS

NIDS Network Intrusion Detection System

MITM Man-In-The-Middle

HTTP Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure

IP Internet Protocol

URL Uniform Resource Locator

API Application Programming Interface

GUI Graphical User Interface

PK Primary Key

FK Foreign Key

JS JavaScript

PWA Progressive Web Application

ER Entity-Relationship

DNS Domain Name System

ix
CHAPTER 1:
INTRODUCTION
1.1 Background
We have developed a Network Intrusion Detection System (NIDS) that aims to enhance
the security of web servers by detecting and responding to malicious activities in real time.
With the increasing complexity and frequency of cyberattacks, traditional security
measures like firewalls are no longer sufficient to protect systems from advanced threats.
Our system is designed to bridge this gap by analyzing HTTP/HTTPS traffic and identify-
ing patterns that indicate intrusion attempts. It incorporates a powerful rule-based filtering
engine written in C++ that allows for deep packet inspection and intelligent threat detec-
tion.

The NIDS is capable of identifying various types of network attacks, such as brute force
attempts, DoS attacks, and SQL injections. By providing a real-time dashboard interface,
the system empowers administrators to monitor threats, analyze traffic behavior, and take
prompt action. This project recognizes the growing need for adaptable and developer-
friendly security solutions in modern network infrastructures. It offers a customizable and
open system that can be integrated into existing architectures, providing a flexible approach
to proactive cybersecurity. With increasing reliance on digital platforms and online ser-
vices, this NIDS serves as a critical tool to ensure server integrity and safeguard sensitive
data.

1.2 Problem Statement

The growing number of sophisticated cyberattacks on modern web servers has exposed the
limitations of traditional firewall systems, which often fail to detect or respond to deep-
level threats hidden within web traffic. As web applications become more complex, attack-
ers exploit vulnerabilities in HTTP/HTTPS requests to gain unauthorized access, launch
denial-of-service attacks, or steal sensitive data. The lack of an efficient, real-time system

1
to inspect and filter incoming network traffic based on specific threat patterns has made
web servers increasingly vulnerable. Many existing solutions are either too complex, lack
customization, or fail to provide actionable alerts for developers and system administrators.
This growing concern highlighted the need for a lightweight, customizable Network Intru-
sion Detection System (NIDS) that can perform deep traffic inspection and empower users
to respond to threats instantly.

1.3 Objectives
The primary objective of Network Intrusion Detection System (NIDS) is to develop a ro-
bust and customizable solution that can detect and respond to network-based threats in real
time, addressing the limitations of traditional firewall systems. By analyzing incoming web
traffic and providing instant alerts on malicious behavior, the system aims to improve the
overall security of modern web applications.
Overall objectives of this project include:
• To develop a rule-based intrusion detection engine capable of deep inspection of
HTTP/HTTPS requests.
• To create a real-time dashboard that visualizes suspicious activities and detected
threats.
• To minimize false positives while ensuring accurate detection of threats like brute
force, DoS, and SQL injection attacks.

1.4 Significance of Project

The significance of this project lies in its ability to enhance the security of modern web
applications by providing real-time detection, analysis, and response to network-based
threats. Traditional security mechanisms like firewalls and antivirus software are often not
enough to counter advanced cyberattacks. Our proposed NIDS offers an additional layer
of protection through in-depth traffic analysis and intelligent filtering, ensuring that poten-

2
tial threats are identified and handled before they can cause damage. This system is espe-
cially significant for developers, server administrators, and organizations that need a cus-
tomizable and cost-effective way to protect their digital assets.
• Feature1: Real-time Packet Inspection: This feature allows the system to inspect
incoming HTTP/HTTPS packets instantly and analyze them for suspicious patterns. It
helps in identifying common attack types such as brute-force attempts, DoS attacks,
and SQL injections as they occur.
• Feature2: Rule-based Filtering Engine in C++: The system is powered by a fast and
efficient C++ rule engine that enables deep packet inspection based on customizable
rules. Users can add, modify, or remove rules according to specific threat signatures or
organization policies, offering flexibility and control.
• Feature3: Live Dashboard for Threat Monitoring: A user-friendly web dashboard
provides live visualizations of network activities and alerts. This enables administrators
to quickly assess the security status of their systems, review logs, and take action in
case of an intrusion.

1.5 Application
The proposed Network Intrusion Detection System (NIDS) can be applied across various
domains where secure data transmission and system protection are essential. Its real-time
threat detection and customizable rule-based engine make it highly suitable for both small-
scale and large-scale networks. The application areas of this project include:
• Web Hosting Servers: To detect and block malicious web requests targeting hosted
websites.
• Enterprise Networks: To monitor internal and external traffic for potential breaches and
suspicious activities.
• Cloud-based Applications: For securing API endpoints and web services in cloud
infrastructure.

3
CHAPTER 2:
LITERATURE REVIEW

2.1 Overview of Intrusion Detection System (IDS)

Intrusion Detection Systems (IDS) are essential in detecting unauthorized access or anom-
alies in computer networks. They are broadly classified into Host-Based IDS (HIDS) and
Network-Based IDS (NIDS). While HIDS monitors activities on individual systems, NIDS
focuses on inspecting and analyzing traffic across the network to detect signs of intrusion
[1]. Due to the rising number of sophisticated cyberattacks on web applications, NIDS has
become a fundamental component in modern security infrastructures [2].

2.2 Detection Techniques: Signature-Based vs. Anomaly-Based

Signature-based detection uses predefined rules or known attack patterns to identify
threats in network traffic. Open-source tools like Snort and Suricata are based on this ap-
proach. Snort, one of the earliest NIDS, became popular for its real-time traffic analysis
and packet logging capabilities [3]. Suricata extended this by supporting multithreaded
packet processing and deep packet inspection (DPI), enabling higher performance and
more complex rule sets [4]. Although effective against known threats, signature-based
systems often fail to detect zero-day attacks.
Anomaly-based detection identifies threats by comparing current behavior with a baseline
of normal activity. This technique can detect unknown attacks but often results in a
higher rate of false positives [5]. Some studies have implemented machine learning mod-
els for anomaly detection, yet they often require large datasets and extensive tuning to be
reliable in real-time systems [6]. Our project focuses on a rule-based detection system for
better precision and easier control.

4
2.3 Related Task
Several existing works have helped shape the architecture and development of our NIDS
system:
Patel and Soni [7] presented a hybrid NIDS combining anomaly and signature-based
methods, improving detection accuracy but increasing complexity.
Kumar and Singh [8] implemented a Snort-based system to detect DoS attacks in campus
networks. Their work highlighted the challenges of configuring effective rule sets and
minimizing false alarms.
Alshamrani et al. [9] focused on the importance of real-time dashboards in intrusion de-
tection, allowing network admins to quickly analyze and respond to threats.
Alauthman et al. [10] explored deep learning techniques for NIDS but identified limita-
tions in scalability and real-time application.

5
CHAPTER 3:
METHODOLOGY
The Network Intrusion Detection System (NIDS) project adopts a structured methodology
to ensure accurate, scalable, and real-time detection of suspicious HTTP/HTTPS traffic.
Our methodology includes requirement analysis, iterative development, continuous inte-
gration, testing, and deployment. This chapter explains the development models, tools,
technologies, and workflows used during the project lifecycle.

3.1 System Development

The system follows the Agile Methodology, which allows for flexible, iterative develop-
ment in incremental sprints. This approach ensured modular development of key compo-
nents such as the DNS Layer, MITM Proxy, C++ Inspection Engine, Web Dashboard, and
Backend API. Our approach ensures modular development of key components: DNS
Layer, MITM Proxy, C++ Inspection Engine, Web Dashboard, and Backend API. The core
inspection logic uses a rule-based filtering algorithm written in C++, focusing on detecting
specific threats like SQL injection, brute force, and malformed requests. The development
process is iterative, with each component tested and integrated upon completion.

3.1.1 Rule-based Engine Filtering

The filtering engine is written in C++ and processes raw HTTP requests forwarded by the
MITM proxy. It evaluates these requests against a predefined rule set. Each rule checks for
specific attack patterns, returning a Boolean value: true for safe and false for malicious or
suspicious. Rules can be added or modified dynamically to keep the system updated with
evolving threats.

3.1.2 SDLC Phases

• Requirement Analysis: Identification of system scope and vulnerabilities.
• Design: Architecture design for request flow, packet capture, and alerting system.

6
• Implementation: Development of C++ inspection engine, MITM proxy, and frontend.
• Testing: Component-wise and integrated testing with simulated attacks.
• Deployment: Hosting the system locally for real-time demonstration.
• Maintenance: Rule updates and log monitoring.

3.2 Tools and Techniques

A variety of tools and frameworks were used across different layers of the system to ensure
performance, modularity, and real-time processing.

3.2.1 D.N.S. Layer

Custom DNS Server: Redirects .local traffic to the inspection server for analysis.

3.2.2 MITM Proxy & Interceptor

Functions:
• Fetch IP:Port mapping via REST API
• Send packet/request data to C++ engine
• Forward/block requests based on inspection result

3.2.3 Packet Inspection Engine

C++ Based Engine:
• Performs deep inspection on raw request data
• Matches data with detection rules for anomalies
3.2.4 Web Dashboard (Frontend)
• Next.js Framework: Interactive dashboard for monitoring threats.
• Shadcn UI + Tailwind CSS: Clean, responsive UI.
• Pusher: Real-time updates to UI as alerts are generated.

3.2.5 Backend & Storage

• MongoDB: Stores user data, logs, and packet details.
7
• Next.js API Routes: Backend logic for data access and updates.

3.3 System Architecture and Workflow

3.3.1 Block Diagram

Figure 3.3.1: Block Diagram

8
3.3.2 Flow Chart

Figure 3.3.2: Flow Chart

9
3.4 Technology Stack Used
Our system uses a multi-layered stack optimized for real-time packet inspection, redirec-
tion, and visualization.
• DNS Layer: Redirects any .local traffic to the inspection proxy.
• MITM Proxy & Traffic Interceptor: Python scripts intercept HTTP requests and sends
data to the inspection engine.
• Packet Inspection Engine: C++ logic for deep analysis and pattern matching.
• Web Application & User Interface: Next.js, Tailwind, Shadcn UI, and Pusher for real-
time UI updates.
• Backend and Data Storage: MongoDB and Next.js API for persistent data and service
endpoints.

3.5 Agile Methodology

We followed Agile Methodology to divide the project into sprints and manage complexity
incrementally.
• Sprint Planning:
Sprint 1: DNS setup + MITM Proxy
Sprint 2: C++ Engine + Proxy integration
Sprint 3: UI, MongoDB, Pusher
• Task Management with Trello: Trello cards were used to assign and track progress.
Tasks followed the flow: To Do → In Progress → Review → Done
• Daily Stand-ups: Discussed daily progress, blockers, and next-day plans.
• Integration & Testing: Modules were tested and integrated incrementally.
• Iterative Improvements: Real-time traffic was tested, feedback collected, and UI and
rule logic were improved.

10
3.6 UML Diagrams
3.6.1 Use Case Diagram

Figure 3.6.1: Use Case Diagram

A use case diagram summarizes the interaction between various actors and the NIDS sys-
tem, highlighting the different functionalities they access or perform. The figure above (Fig
3.6.1) illustrates the complete system workflow, beginning from user interaction to request
inspection, rule evaluation, and visualization. Here are the details of the above Fig 3.6.1:

Actors:
• User: Interacts with the system to input server information, view results, and monitor
suspicious packets.

11
• DNS Resolver: Resolves .local domains and redirects them to the MITM proxy for
inspection.
• MITM Proxy: Intercepts incoming HTTP/HTTPS traffic, fetches server address, and
forwards packets for inspection.
• CppRuleEngine: Evaluates intercepted HTTP/HTTPS requests using rule-based
matching to detect threats.
• WebAPI: Handles data storage and forwards suspicious data to the frontend for
visualization.

Use Cases:
• View Results: User checks the detection logs and system findings.
• Visualize Suspicious: Results Displays suspicious request details visually in the
frontend dashboard.
• Input Server Info: User maps domain names to their respective IP and port addresses.
• Resolve to MITM Proxy: DNS Resolver ensures .local domains point to the MITM
proxy.
• Resolve .local Domain: Handles the resolution process of custom domains to route
traffic internally.
• Fetch Server Address: MITM Proxy queries the WebAPI for server info based on
domain name.
• Check Request: MITM Proxy intercepts and forwards requests to the CppRuleEngine
for inspection.
• Evaluate Request: CppRuleEngine analyzes packets against predefined rules to detect
threats.
• Allow Request: CppRuleEngine returns a green flag if the request is safe.
• Send Suspicious Request: Suspicious requests are flagged and sent to WebAPI for
logging and analysis.
• Store Server Info: WebAPI stores user-provided server data and flagged packet
information.
12
3.6.2 System Sequential Diagram

Figure 3.6.2: System Sequential Diagram

The sequence diagram illustrates the real-time interaction between the core components
of the Network Intrusion Detection System (NIDS): the System Administrator, MITM
Proxy + Detection Engine, Backend (Pusher), and Frontend (Next.js). It highlights the
process flow from network monitoring to malicious packet detection and visualization.

System Administrator:
• Monitor Network Traffic: Observes network activity in real-time through the frontend
dashboard.

13
• Respond to Threats: Takes necessary action based on flagged or suspicious
HTTP/HTTPS requests.

MITM Proxy + Detection Engine:

• Capture HTTP/HTTPS Requests: Intercepts incoming requests from redirected
domains for inspection.
• Analyze Requests for Malicious Patterns: Uses rule-based detection to identify
suspicious behavior such as SQL injection or malformed headers.
• Send Flagged Data: Forwards suspicious request metadata to the backend if a threat is
identified.

Backend (Pusher):
• Receive Detection Results: Collects flagged packet information from the MITM
proxy and detection engine.
• Transmit Suspicious Request (Real-time): Delivers alerts instantly to the frontend
using real-time data pipelines.

Frontend (Next.js):
• Display Suspicious Requests: Shows intercepted and analyzed packets in an
organized dashboard view.
• Support Admin Review: Enables the administrator to investigate threats and monitor
live network behavior.

14
3.6.3 ER Diagram

Figure 3.6.3: ER Diagram

The Entity-Relationship (ER) diagram shown in Fig 3.6.3 represents the core data structure
and relationships between major components of the Network Intrusion Detection System
(NIDS). It defines how users, packets, devices, rules, alerts, and reports interact within the
system.

Key Entities and Attributes:

• User: Stores user-related information such as SSN, Fname, Lname, email, password,
and an isAdmin flag. Each user can create packets, alerts, API keys, and custom rules.
• Packet: Represents captured network traffic. Each packet includes attributes like
PacketID, SourceIP, DestinationIP, Port, Size, Protocol, Payload, and is linked to a
User and a Network Device.

15
• LivePacket: Stores real-time HTTP/HTTPS request metadata, such as URL, Method,
Headers, ClientIP, ServerIP, Timestamp, and is directly linked to a corresponding
packet.
• Network Device: Refers to monitored devices in the network. Attributes include
DeviceID, Name, IPAddress, MacAddress, DeviceType, and Location.
• Rule: Represents predefined detection logic. Includes RuleID, Pattern, Severity, Active
status, and is categorized under a Rule Category.
• Rule_Category: Groups detection rules under categories like "SQL Injection", "XSS",
etc. Contains fields like CategoryID, Name, and Description.
• Alert: Alerts are generated when a rule is triggered by a packet. Attributes include
AlertID, Severity, Description, DetectedAt, Acknowledged, and AcknowledgedBy.
• API_KEY: API keys enable controlled system access. Attributes include KeyID,
KeyValue, Permissions, LastUsed, and are linked to a User.

16
Entity Relationships:
• User creates → Packet (1:N)
• User creates → Rule (1:N)
• User owns → API_KEY (1:N)
• User receives → Alert (1:N)
• Packet generates → LivePacket (1:1)
• Packet triggers → Alert (1:N)
• Packet originates from → Network Device (M:1)
• Rule belongs to → Rule_Category (M:1)
• Rule triggers → Alert (1:N)
• Alert acknowledged by → User (M:1)
• Network Device owns → API_KEY (1:N)

17
CHAPTER 4
RESULT AND EVALUATION
4.1 Result
The Network Intrusion Detection System (NIDS) project delivers an effective, modular
solution to analyze and detect suspicious network activities in real time. The system in-
spects HTTP/HTTPS traffic using a rule-based filtering engine and displays detected
threats on a real-time dashboard. Through our custom MITM proxy and C++ packet in-
spection engine, incoming requests are analyzed, filtered, and either blocked or forwarded
based on predefined rules. This setup enables secure domain access, traffic logging, and
instant alerts without compromising performance. The outcome includes a live dashboard
for administrators, secure request forwarding, and centralized data storage for future audit-
ing and analysis.

4.2 Evaluation
The NIDS project was developed following agile methodology, ensuring flexibility and
responsiveness throughout the development process. The system was tested using various
simulated attack patterns such as SQL injection, brute-force login attempts, and malformed
packet requests. Each module—including DNS redirection, MITM proxy, rule engine, and
frontend—was individually tested and then integrated to ensure smooth operation. From a
technical perspective, the evaluation confirms that the rule-based engine correctly identi-
fies and handles malicious traffic based on defined signatures. The system achieved a high
accuracy rate in detection during controlled test environments. Additionally, the frontend
dashboard performed reliably in providing real-time updates through Pusher integration.
Operationally, the project was well-structured using Trello task boards, daily syncs, and
sprints. Sprint-based planning allowed for incremental feature delivery and timely bug fix-
ing. The team ensured that both backend and frontend modules remained modular, testable,
and scalable. Overall, the project has proven technically viable, user-friendly for system
administrators, and adaptable to different environments through customizable rules.

18
4.3 Future Scope
The future scope of our project "Network Intrusion Detection System" includes the follow-
ing enhancements:
Integration of anomaly-based detection using machine learning models to complement
rule-based filtering.
Development of advanced threat analytics dashboard with filtering and export options.
Support for encrypted HTTPS packet inspection using SSL termination techniques.
Integration with threat intelligence feeds for dynamic rule updates.
Deployment on cloud-based infrastructure for scalable enterprise use.

19
CHAPTER 5
CONCLUSION AND FUTURE WORKS
5.1 Conclusion
In conclusion, the Network Intrusion Detection System (NIDS) project provides a compre-
hensive and modular approach to detecting, analyzing, and visualizing network-based
threats in real time. The system was designed to be lightweight, customizable, and devel-
oper-friendly, ensuring that both small-scale and enterprise-level infrastructures can bene-
fit from its implementation. The project successfully integrated multiple components such
as a custom DNS redirection layer, MITM proxy interception, a C++ rule-based packet
inspection engine, and a real-time frontend dashboard. This combination enables efficient
threat detection, request filtering, and dynamic alert generation for suspicious activities.
The development process followed Agile methodology, which enabled iterative progress,
continuous integration, and collaborative task management through tools like Trello. Each
module was tested independently and in combination, resulting in a well-integrated final
product that met the original objectives. The system achieved strong performance in con-
trolled environments, accurately detecting multiple types of attacks including SQL injec-
tions, brute-force attempts, and malformed HTTP requests. The frontend dashboard en-
hanced the usability for administrators by offering instant visual insights into traffic be-
havior.
Overall, the NIDS project demonstrates feasibility in terms of technical implementation,
user experience, and scalability. It holds potential for future enhancements such as anom-
aly-based detection, cloud deployment, and integration with external threat intelligence
feeds. With continued development, the system could serve as a critical tool in modern
cybersecurity operations.

20
5.2 Limitations
Despite its success, the NIDS project has some limitations:
• The system currently uses only rule-based detection, which may not detect novel or
zero-day attacks.
• HTTPS traffic is not fully inspected due to encryption limitations and lack of SSL
termination integration.
• The system is optimized for HTTP traffic only and needs further work to support multi-
protocol inspection.
• The dashboard, while functional, can be further improved for better analytics and log
filtering capabilities.
• Scalability testing in high-throughput environments has not been performed yet.

5.3 Future works

To address current limitations and expand the project’s capabilities, the following future
works are proposed:
• Implement anomaly-based detection using machine learning to complement rule-based
methods.
• Integrate SSL termination techniques for encrypted HTTPS packet analysis.
• Expand the dashboard to include advanced filtering, analytics, and export options.
• Connect with real-time threat intelligence APIs for dynamic rule updates.
• Deploy the system in a containerized or cloud-native environment for horizontal
scalability.

21
CHAPTER 6
REFERENCE
[1] M. Alauthman, A. D. Bakhshi, and M. Al-Alkami, "A survey on network intrusion
detection systems using deep learning," IEEE Access, vol. 8, pp. 219650–219672, Dec.
2020.
[2] A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, "A survey on advanced per-
sistent threats: Techniques, solutions, challenges, and research opportunities," IEEE Com-
mun. Surv. Tutor., vol. 21, no. 2, pp. 1851–1877, 2019.
[3] R. Kumar and R. Singh, "Detection of DoS attacks using Snort," Int. J. Comput. Appl.,
vol. 180, no. 12, pp. 20–23, Mar. 2018.
[4] A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur, and J. Srivastava, "A comparative study
of anomaly detection schemes in network intrusion detection," in Proc. SIAM Int. Conf.
Data Min., San Francisco, CA, USA, 2003, pp. 25–36.
[5] OISF, "Suricata – Open Source IDS / IPS / NSM Engine," [Online]. Available:
https://suricata.io. [Accessed: Apr. 10, 2025].
[6] P. Patel and N. Soni, "Hybrid NIDS using machine learning and signature-based meth-
ods," J. Cybersecurity Inf. Manage., vol. 6, no. 1, pp. 33–41, 2020.
[7] M. Roesch, "Snort – Lightweight intrusion detection for networks," in Proc. 13th USE-
NIX Conf. Syst. Admin., Seattle, WA, USA, 1999, pp. 229–238.
[8] K. Scarfone and P. Mell, "Guide to intrusion detection and prevention systems (IDPS),"
NIST Special Publication 800-94, National Institute of Standards and Technology, 2007.
[9] K. Beck et al., "Manifesto for Agile Software Development," Agile Alliance, 2001.
[Online]. Available: https://agilemanifesto.org/. [Accessed: Apr. 10, 2025].
[10] R. S. Pressman and B. R. Maxim, Software Engineering: A Practitioner’s Approach,
8th ed., New York, NY, USA: McGraw-Hill, 2014.
[11] S. Schleimer, D. Wilkerson, and D. Boneh, "MITM-based attacks on SSL," Stanford
University Security Lab, 2005. [Online]. Available: https://crypto.stanford.edu/ssl-mitm/.
[Accessed: Apr. 10, 2025].

22
23