IDS

High Energy Materials Research Laboratory (HEMRL),

Pune

An Internship Report On
Intrusion Detection System

Submitted By
Bhakti Balu Sutar
Sakshi Shailendra Deshpande

Under the guidance of

Sunil Jaiswal (Scientist ‘F’)
Megha Pise (Scientist ‘B’)

Department of Computer and Security Group

1
IDS

ACKNOWLEGEMENT
We would like to express our profound gratitude to Sunil Jaiswal, Scientist ‘F’,
Head of the Department of CGS, and Megha Pise Scientist ‘B’ of HEMRL for
their contributions to the completion of the project titled “Intrusion Detection
System”. Your useful advice and suggestions were really helpful to us during the
project’s completion. In this aspect, we are eternally grateful to you. Many thanks
to HEMRL for providing us the opportunity to complete our internship and
present this report by providing all the resources required.

- Bhakti Balu Sutar,

Sakshi Shailendra Deshpande

2
IDS

Context

1. Introduction………………………………………………………………………………4
1.1. Motivation…………………………………………………………………………..5
1.2. Problem Statement………………………………………………………………….5

2. System Analysis………………………………………………………………………….6
2.1. Existing Systems……………………………………………………………………6
2.2. Scope & Limitations of Existing Systems………………………………………….6
2.3. Project Scope……………………………………………………………………….7

3. Requirement Analysis……………………………………………………………………8
3.1. Fundamental Requirements ………………………………………………………..8
3.2. Performance Requirements………………………………………………………....8

4. Security Requirements…………………………………………………………………..9

5. System Design…………………………………………………………………………...10
5.1. ERD And Normalization…………………………………………………………...10
5.2. UML Diagrams……………………………………………………………………..11
5.3. User Interface – Screens……………………………………………………………15

6. Implementations Details…………………………………………………………………16
6.1. Software Specifications…………………………………………………………….16
6.2. Hardware Specifications …………………………………………………………...16

7. Test Cases………………………………………………………………………………..17

8. Conclusion & Recommendation…………………………………………………………18

9. Limitation………………………………………………………………………………..19

10. Future Scope…………………………………………………………………………….20

11. Bibliography & References……………………………………………………………. 20

3
IDS

1. Introduction

Perimeter Intrusion Detection Systems (IDS) play a crucial role in fortifying security measures by
providing real-time monitoring and alerting mechanisms to identify and respond to potential
breaches in designated areas. Traditional IDS often rely on a combination of physical barriers,
sensors, and surveillance technologies to detect intrusions. However, advancements in computer
vision, coupled with robust database integration, offer a more sophisticated and efficient approach
to perimeter security.

The project at hand Introduces a comprehensive Intrusion Detection System leveraging state-of-
the-art technologies to enhance security measures. By integrating computer vision techniques,
specifically the YOLO (You Only Look Once) object detection model, the system can accurately
detect and classify objects within a monitored perimeter in real-time. This enables the system to
identify unauthorized individuals or objects entering restricted zones promptly.

The system is designed to define multiple polygons representing distinct security zones within the
perimeter. Each polygon delineates areas of varying importance or sensitivity, allowing for tailored
alert responses based on the detected intrusion’s location. Moreover, the system captures
screenshots of detected intrusions, providing visual evidence for subsequent analysis and
documentation.

Database integration forms a critical aspect of the project, facilitating the storage and retrieval of
intrusion data for archival and forensic purposes. By leveraging a PostgreSQL database, the system
securely stores relevant information, including timestamps, alert types, messages, and
accompanying screenshots. This centralized repository enables security personnel to access
historical intrusion data, analyze patterns, and refine security protocols proactively.

Real-time feedback mechanisms, including visual alerts overlaid on surveillance footage and
audible alarms, ensure timely notification of security breaches. By combining these features, the
system empowers security personnel to respond swiftly and decisively to potential threats,
mitigating risks and enhancing overall security posture.

4
IDS

1.1 Motivation

The motivation for a Intrusion Detection System(IDS) stems from the critical need to secure
sensitive areas and deter unauthorized access. Here are some key reasons why IDS are crucial:

• Security Enhancement: IDS act as a first line of defence, creating a virtual barrier around
protected zones. By detecting intrusions early, they deter potential trespassers and enable
security personnel to intervene promptly.

• Reduced Risk of Theft and Damage: Early detection of unauthorized activity minimizes the
risk of theft, vandalism, or sabotage of valuable assets or infrastructure.

• Improved Incident Response: IDS provide real-time alerts and detailed information about
intrusion location and severity, allowing security teams to respond efficiently and strategically.

• Streamlined Security Operations: By automating perimeter monitoring, IDS free up security

personnel to focus on other critical tasks, optimizing resource utilization.

• Forensic Analysis: IDS generate logs and store screenshots of intrusions, providing valuable
evidence for investigations and potential legal proceedings.

• Data-driven Security Insights: Data collected by IDS over time can be analyzed to identify
trends and patterns of attempted intrusions, enabling proactive security adjustments.

In essence, IDS play a vital role in safeguarding people, property, and critical infrastructure by
deterring intrusions, enabling faster response times, and providing valuable data for continuous
security improvement.

1.2 Problem Statement

• Continuously monitor perimeters using video surveillance.

• Accurately detect intrusions in real-time using object detection models.
• Classify intrusion severity based on predefined zones (e.g., red, orange, green) for prioritized
responses.
• Generate automated alerts (visual and audio) to notify security personnel.
• Log intrusion data including timestamps, alert types, messages, and screenshots for record-
keeping and analysis.
• Export data to CSV for further analysis and security optimization.

5
IDS

2. System Analysis

1.1. Existing Systems:

Existing Intrusion Detection Systems (IDS) vary widely in terms of design, technology, and capabilities.
Traditional systems often rely on a combination of physical barriers such as fences, walls, and gates,
augmented with sensor-based detection mechanisms such as motion sensors, infrared detectors,
microwave sensors, and seismic sensors. These sensors are typically connected to a centralized
monitoring station, which processes incoming signals and triggers alerts in the event of a detected
intrusion.
However, existing systems may face challenges such as false alarms due to environmental factors (e.g.,
weather conditions, wildlife), limited scalability, high installation and maintenance costs, and
susceptibility to tampering or interference. Furthermore, traditional IDS may lack the ability to
differentiate between benign and malicious activities accurately, leading to inefficiencies in response
and resource allocation.

1.2. Scope & Limitations of Existing Systems:

The scope of existing Intrusion Detection Systems typically encompasses the detection and alerting of
unauthorized access attempts within defined security perimeters. These systems may utilize various
sensors, surveillance technologies, and alerting mechanisms to achieve this objective. However, they
may have several limitations, including:
• Limited Detection Accuracy:
Traditional sensor-based systems may suffer from false positives or false negatives, leading to
unreliable detection performance.
• Lack of Scalability:
Some existing systems may be challenging to scale or expand to accommodate changes in
perimeter size or configuration.
• High Maintenance Requirements:
Maintaining and calibrating sensor-based systems can be labor-intensive and costly, particularly
in large-scale deployments.
• Dependency on Environmental Conditions:
External factors such as weather conditions, vegetation, or terrain features may impact the
effectiveness of detection mechanisms.
• Integration Challenges:
Integrating disparate technologies and subsystems within existing IDS may pose
interoperability challenges and require customized solutions.
• Vulnerabilities to Tampering:

6
IDS

Certain detection mechanisms, such as physical sensors, may be vulnerable to tampering or

sabotage by intruders.

1.3. Project Scope:

The scope of this project encompasses the design, development, and implementation of a
comprehensive Intrusion Detection System(IDS) using advanced technologies such as computer vision
and database integration. The project aims to address the limitations of existing systems by providing:
• Real-time video monitoring:
The system will continuously analyze video feeds from perimeter cameras.
• Object detection with YOLO:
It will leverage YOLO, a pre-trained object detection model, to identify people within the video
footage.
• Zone-based intrusion detection:
Defined geofence zones (polygons) will classify intrusion severity (e.g., red, orange, green)
based on location.
• Automated alerts and alarms:
Upon detecting people in restricted zones, the system will trigger visual overlays on the video
and generate sound alerts for different intrusion severities.
• Database integration:
Intrusion data (timestamps, alert types, messages, and screenshots) will be stored in a
PostgreSQL database for record-keeping and potential future analysis.
• User-friendly interface for configuration, monitoring, and reporting of intrusion events.
• Compliance with relevant regulatory requirements and industry standards for perimeter
security.

7
IDS

3. Requirement Analysis:
3.1. Fundamental Requirements
These requirements define the core functionalities of the IDS, acting as the building blocks for its
operation:
o Continuous Perimeter Monitoring: The IDS shall continuously monitor designated
perimeter areas using video surveillance feeds from strategically positioned cameras.
o Object Detection: The system shall leverage a pre-trained object detection model,
such as YOLO, to identify people within the video frames captured by the cameras.
o Zone-based Intrusion Detection: Virtual zones (geofences) will be defined within the
perimeter to categorize intrusion severity based on location. These zones will be
visually represented on the video feed for intuitive monitoring.
o Automated Alerts: Upon detecting a person within a restricted zone (e.g., red zone),
the system shall trigger visual alerts overlaid on the live video feed, clearly indicating
the intruded zone and time of occurrence.
o Severity-based Audio Alerts: The IDS shall generate distinct audio alerts for different
intrusion severities. For example, a high-pitched tone might signal a critical intrusion
in a red zone, while a lower-pitched tone could indicate a less severe intrusion in an
orange zone.
o Intrusion Logging: The system shall meticulously log intrusion data in a secure
database. This data should include timestamps, alert types (zone and severity),
messages, and screenshots captured during intrusion events.
o Data Export: The IDS shall provide a mechanism to export intrusion data in a CSV
format. This facilitates further analysis of security incidents, identification of patterns,
and potential integration with other security systems for a holistic security approach.

3.2. Performance Requirements

These requirements specify the desired performance characteristics of the IDS to guarantee its
effectiveness and efficiency in real-world security applications:
o Geofencing: The geofencing system should accurately define restricted zones with
minimal errors in zone boundaries. Precise zone definition is crucial for accurate
intrusion categorization.
o The IDS should exhibit minimal delay between an intrusion occurring in the real world
and the system triggering an alert. This detection latency should ideally be less than 1
second to facilitate prompt response actions.
o The system should be designed to minimize false alarms triggered by factors like
animals, weather changes, or technical glitches. Techniques like size filtering or motion
confirmation can be employed to reduce false alarms and prevent unnecessary

8
IDS

4. Security Requirements
The Intrusion Detection System(IDS) plays a vital role in safeguarding sensitive areas. To ensure the
integrity of the security system itself, robust security measures are essential. This section outlines the
key security requirements implemented in the IDS design.
Data Security
• Data Confidentiality: Intrusion data, including timestamps, alert types, messages, and
screenshots, are encrypted at rest (using industry-standard algorithms) and in transit (using
secure protocols like HTTPS) to prevent unauthorized access. Additionally, access controls
within the PostgreSQL database restrict data visibility to authorized personnel with designated
roles and permissions.
• Data Integrity: Measures are in place to ensure data accuracy and prevent tampering. Digital
signatures or checksums are employed to verify data integrity during storage and retrieval,
safeguarding against potential modifications.
• Data Availability: Regular data backups are implemented following the 3-2-1 backup rule (3
copies, 2 different media, 1 offsite location) to ensure data accessibility in case of hardware
failures, cyberattacks, or accidental deletion. Recovery procedures are documented and tested
to facilitate a swift restoration process if needed.
System Access Control
• User Authentication: Strong user authentication mechanisms are enforced, requiring complex
passwords and potentially multi-factor authentication to restrict unauthorized system access.
User roles and permissions are defined to grant appropriate access levels for configuration,
monitoring, and data retrieval functions, adhering to the principle of least privilege.
• Secure Communication: Secure communication protocols (e.g., HTTPS) are employed for all
data transmission between the IDS system, video cameras, and the database. This safeguards
against eavesdropping or data modification attempts on the network.
System Hardening
• Software Updates: A regular update schedule is established for the IDS software, object
detection model (YOLO), and operating system to address security vulnerabilities promptly.
This proactive approach helps minimize the system's exposure to potential exploits.
• Network Security: The network is segmented to isolate the IDS system from non-critical
systems, reducing the attack surface. Firewalls are implemented to filter incoming and outgoing
network traffic, restricting access only to authorized sources.
• Secure Coding Practices: Secure coding practices are followed during development to
minimize vulnerabilities such as SQL injection attacks or buffer overflows. This includes code
reviews, input validation, and proper data sanitization techniques.
Physical Security
• Physical Access Control: Physical access to the hardware running the IDS system is restricted
to authorized personnel only. Server rooms or cabinets are secured with appropriate locking
mechanisms to prevent unauthorized tampering.
• Environmental Controls: The server environment is maintained within appropriate
temperature and humidity ranges to prevent hardware damage, which could compromise system
availability.

9
IDS

5. System Design
5.1.ERD

10
IDS

5.2.UML Diagrams
5.2.1. Flowchart

11
IDS

5.2.2. Class Diagram

12
IDS

5.2.3. Sequence Diagram

5.2.4. Usecase Diagram

13
IDS

5.2.5.Activity Diagram

14
IDS

5.3.User Interface – Screens

15
IDS

6.Implementations Details
6.1.Software Specifications
1. Python Version: The project is written in Python programming language.
2. Libraries Used:
• ultralytics: Used for object detection, particularly YOLO (You Only Look Once)
model.
• cv2 (OpenCV): Utilized for image processing and computer vision tasks.
• numpy: Used for numerical computing.
• shapely: Utilized for geometric operations.
• psycopg2: A PostgreSQL adapter for Python, used for database connectivity.
• datetime: Used for timestamp generation.
• pygame: Utilized for playing sounds.
• csv: Used for reading and writing CSV files.
3. Object Detection Model:
• YOLOv8n: A deep learning model used for real-time object detection.
4. Database:
• PostgreSQL: Database management system used for storing alert data and associated
information.
5. Operating System: The project is assumed to be developed and deployed on a system
compatible with Python and required libraries. It doesn't explicitly specify the OS.

6.2.Hardware Specifications:
1. Processor: The performance of the object detection system may vary depending on the CPU
capabilities. A multi-core processor is preferable for faster processing, especially during real-
time video analysis.
2. Graphics Processing Unit (GPU): Utilization of GPU acceleration can significantly enhance
the performance of deep learning-based tasks such as object detection. However, the project
doesn't specify GPU usage explicitly.
3. Memory (RAM): Sufficient RAM is essential for handling image/video data and running
deep learning models efficiently.
4. Storage: Adequate storage space is required for storing video files, images captured during
detection, and database storage.
5. Camera: Depending on the deployment scenario, appropriate cameras are required for
capturing the surveillance footage.
6. Sound Output: Output devices such as speakers or headphones are necessary for playing
alert sounds.

16
 IDS

7.Test Cases

Test
S.No Action Inputs Expected Output Actual Output Result Comments
Browsers

User successfully
Enter Correct logged in with valid
Successful
1 username and Login Successfully Login Successfully Chrome Pass credentials.
Login
password Redirected to the user
dashboard as expected

Error message shown

Error message Error message appropriately when an
Enter invalid
displayed for displayed for incorrect password is
2 Failed Login username and Chrome Pass
incorrect username incorrect username provided. Login
password
and password and password validation functioning
correctly
Person detection Person detection
Validates core
within designated within designated
Live camera functionality of person
zones with zones with
3 Start video feed (valid Chrome Pass detection and zone
appropriate alerts, appropriate alerts,
index) monitoring using live
screenshots, and screenshots, and
feed
database entries database entries
Error message Error message Ensures proper
Camera not
4 Start video indicating camera indicating camera Chrome Pass handling of invalid
found
not found not found video input
Alert for person Alert for person
Live camera Confirms detection
detected in red detected in red
Person enters feed, person and response to person
5 zone, screenshot zone, screenshot Chrome Pass
red zone walks into red entering red zone
captured, database captured, database
zone polygon using live feed
entry created entry created
Live camera Alert for person Alert for person
Confirms detection
feed, person detected in orange detected in orange
Person enters and response to person
6 walks into zone, screenshot zone, screenshot Chrome Pass
orange zone entering orange zone
orange zone captured, database captured, database
using live feed
polygon entry created entry created
Live camera Verifies detection of
Message indicating Message indicating
Person enters feed, person person in green zone
7 person detected in person detected in Chrome Pass
green zone walks into green without triggering
green zone green zone
zone polygon alerts (live feed)
Independent Independent
detection and detection and Ensures proper
Live camera
response for each response for each handling of multiple
Multiple feed, multiple
8 person in their person in their Chrome Pass person detection
people people in
respective zones respective zones within zones using
different zones
(alerts, screenshots, (alerts, screenshots, live feed
database entries) database entries)
Database insertion test
case passed
successfully. Alert
Alert type, Data inserted into
Database Data inserted type, message, and
9 message, the database Chrome Pass
Insertion successfully screenshot data were
screenshot successfully
successfully inserted
into the database
without any issues.

17
IDS

8.Conclusion & Recommendation

Conclusion
• Key Features:
o Leverages YOLOv8n object detection model for accurate person detection.
o Incorporates multi-zone monitoring with distinct alert levels (red, orange, green) for
varying intrusion severity.
o Stores alerts and screenshots in a PostgreSQL database for analysis and retrieval.
o Generates audio alerts for immediate notification.
o Creates CSV reports for data analysis and tracking.
• Effectiveness:
o Demonstrates successful identification and localization of individuals entering
designated zones.
o Effectively logs intrusion events with timestamps, alerts, and visual evidence.
o Provides a solid foundation for perimeter surveillance and intrusion response.

Recommendations

• Model Enhancement:
o Explore more advanced object detection models for greater accuracy and robustness
in diverse lighting and weather conditions.
o Investigate multi-object tracking to monitor individuals' paths and behaviors for
enhanced threat assessment.
• Alert Refinements:
o Implement customizable alert thresholds and notification preferences (e.g., email, text
messages) for tailored responses.
o Integrate with existing security systems or platforms for centralized monitoring and
response.
• Data Utilization:
o Develop visualization tools or dashboards to analyze intrusion patterns and trends.
o Explore integration with machine learning techniques for adaptive threat prediction
and proactive security measures.
• Performance Optimization:
o Optimize code for real-time processing efficiency, particularly for high-resolution
video streams.
• Security Considerations:
o Implement cybersecurity measures to protect system integrity and prevent
unauthorized access to sensitive data.
o Regularly update software libraries and dependencies to address potential
vulnerabilities.

18
IDS

9. Limitation

• Model Reliant:
The system relies on the YOLOv8n model's accuracy for person detection. Factors like
limited training data, pose variations, and occlusions can lead to misidentification or missed
detections.

• Zone Specificity:
The system is currently configured for three predefined zones. Complexities like irregular
perimeters or overlapping zones might require modifications for accurate intrusion
pinpointing.

• False Alarms:
External factors like animals, lighting changes, or shadows can trigger false alarms, requiring
manual verification and potentially delaying appropriate responses.

• Limited Coverage:
The system focuses on person detection. Other potential threats, like drones or climbing
attempts, might go unnoticed without additional security measures.

• Data Security:
The system stores data in a PostgreSQL database. Robust security practices are essential to
prevent unauthorized access and potential data breaches.

• Real-time Processing:
High-resolution video or multiple camera feeds can strain processing capabilities, potentially
leading to delays in detection and response.

• Environmental Constraints:
Outdoor deployments necessitate weatherproofing considerations and potential limitations
due to adverse weather conditions impacting image quality.

19
IDS

10. Future Scope

Enhanced Object Detection and Tracking:

o Utilize more sophisticated deep learning models for superior object recognition and
classification, encompassing a wider range of threats beyond just people (e.g., drones,
vehicles).
o Integrate multi-object tracking algorithms to follow intruders' movements, predict their
actions, and enable proactive response strategies.

Cybersecurity Fortification:

o Implement robust security protocols and encryption mechanisms to safeguard sensitive data
stored within the system and during transmission.
o Regularly update software dependencies and conduct vulnerability assessments to maintain a
strong security posture.

Mobile Application Support:

o Developing a mobile application for remote monitoring and management would provide
security personnel with real-time alerts and control over the IDS from anywhere, enhancing
operational efficiency and responsiveness.
AI-driven Predictive Analysis:

o Leveraging artificial intelligence (AI) and machine learning (ML) algorithms can enable the
IDS to predict potential security breaches based on historical data and real-time observations,
allowing for proactive threat mitigation.
Autonomous Response Mechanisms:
o Implementing autonomous response mechanisms, such as automated drone patrols or robotic
security guards, can further strengthen perimeter security and reduce human intervention
requirements.

11. Bibliography & References

1. https://www.ultralytics.com/
2. https://docs.ultralytics.com/
3. https://youtu.be/xzN_aG917-8?si=-hFRdWddFuoyWeag
4. https://www.irjet.net/archives/V9/i4/IRJET-V9I4188.pdf

20