System requirements
- OS: Windows (required — Npcap is Windows-only)
- Python: 3.8 or later
- Privileges: Administrator rights are required to enable IPS blocking via the Windows Firewall
- RAM: 4 GB minimum recommended (ML model + packet sniffer run concurrently)
Installation steps
Install Npcap
Scapy requires a low-level packet capture driver on Windows. Download and install Npcap from the official site:During installation, enable the option “Install Npcap in WinPcap API-compatible mode”.
ids.py already sets conf.use_pcap = True so Scapy will use the Npcap driver automatically once it is installed. No additional configuration is needed.Install Python dependencies
Install all required packages with pip:
| Package | Purpose |
|---|---|
scapy | Real-time packet capture and analysis |
PyQt5 | GUI framework for the dashboard |
matplotlib | Embedded charts in the SOC dashboard |
pandas | DataFrame construction for ML inference |
numpy | Numerical operations in the ML pipeline |
scikit-learn | Random Forest, MLP, encoders, and feature selection |
imbalanced-learn | SMOTE oversampling used during model training (CEREBRO.py) |
xgboost | XGBoost classifier in the ensemble model |
joblib | Loading serialized .pkl model files |
requests | Sending Telegram alert notifications |
sqlite3 | Built-in Python stdlib — no installation needed |
sqlite3 ships with Python’s standard library and does not need to be installed separately.Verify model files
The IDS requires five serialized model files to enable ML-based classification. Verify they exist in the project root:You can check with:If any files are missing, generate the dataset first and then train the model:
CEREBRO.py trains the ensemble (Random Forest + MLP + XGBoost), applies SMOTE balancing, and writes all .pkl files to the project root. Training typically achieves ~91.9% accuracy on the generated dataset.