Skip to main content

Securing IoV with BERT-based IDS

A next-generation hybrid intrusion detection system that combines BERT-based contextual embeddings with LightGBM classification to deliver real-time monitoring, anomaly detection, and intelligent threat analysis for connected vehicles and IoT networks.

Visit Github
  • Python
  • Streamlit
  • PyShark + Wireshark
  • BERT (Sentence Transformers)
  • LightGBM
  • CIC-IDS 2017

Overview

IoV-BERT-IDS is a real-time network intrusion detection and monitoring system designed for the Internet of Vehicles (IoV) and modern IoT environments. It combines BERT-based embeddings with a LightGBM classifier to achieve high-accuracy detection of cyber threats while minimizing false positives. The system captures live traffic through PyShark, performs bidirectional flow analysis, and leverages out-of-distribution (OOD) detection to identify anomalies beyond its training data. With an interactive Streamlit dashboard, IoV-BERT-IDS provides real-time visualizations, alerts, and performance metrics, making intrusion detection both scalable and accessible.

The RFIDS app interface, showing the content page with detailed network traffic analysis.
The RFIDS app interface, showing the content page with detailed network traffic analysis.

Innovation and Significance

IoV-BERT-IDS adapts natural language processing methods to cybersecurity, treating network flows as contextual sequences rather than isolated features. This cross-domain innovation allows the system to capture hidden relationships in traffic, improving detection accuracy against evolving attack types. Unlike conventional IDS tools, it supports continuous, real-time monitoring with a modern, user-friendly dashboard, bridging the gap between academic research and deployable solutions for IoV and IoT security.

The RFIDS app interface, showing the features page with model performance metrics and real-time detection capabilities.
A dramatic ocean scene with lava forming a new land mass.

Key Features

  • Real-Time Monitoring: Captures and analyzes network packets on live interfaces.
  • BERT-Powered Detection: Leverages transformer embeddings for contextual traffic understanding.
  • Hybrid Classification: Uses LightGBM to deliver fast and accurate predictions.
  • Anomaly & OOD Detection: Identifies traffic patterns that differ from training data.
  • Alert Management: Severity-based notifications with detailed flow insights.
  • Interactive Dashboard: Visualizes attacks, protocols, confidence levels, and flow statistics.
  • Export & Logging: Supports exporting flows, alerts, and system statistics for analysis.

A learning designer building and deploying an interactive lesson on volcanism using the app.

Project outcomes

IoV-BERT-IDS successfully delivered a production-ready intrusion detection system that goes beyond static evaluation. It demonstrated high detection accuracy across multiple attack categories while maintaining low false positives through contextual embeddings. The live monitoring engine and dashboard made intrusion detection transparent, interactive, and scalable, with actionable alerts and exportable insights. By integrating BERT embeddings, LightGBM classification, and OOD anomaly detection, the project established a strong foundation for next-generation intrusion detection in connected vehicles and IoT ecosystems.