Deliverable D5.4 purpose is to document the final set of requirements for Use Case #1 (Network Intrusion Detection) jointly with the design, implementation and validation of its corresponding prototype. Additionally, updates in the Use Case requirements are also shown. The ONTIC Use Case development and implementation follows a customized version of the Scrum Agile methodology (as described in deliverable D5.1 [3]); therefore, the requirements are described as user stories. The different sections in the document provide: Introduction of Use Case #1 in terms of their application in CSP environments, operational goals and machine learning algorithms (section 7) Use case #1 specification is described in section 8). Definitions of Done (DoD) are provided in (Annex A) Use case #1 design is detailed in section 9. Use case #1 implementation details are documented in section 10 . Use case #1 testing documentation is shown in section 11