A smart Network Intrusion detection tool to perform forensics on your network to discover various network attacks like Brute Force FTP, Brute Force SSH, DoS, Web Attack, Botnet, DDoS, etc, by analysing the flow behaviour of the network. This project is using CICIDS2017 dataset form kaggle. This Project is still under develpment and an UI needs to be build!!
Feel free to contribute.
Project Flow Chart:
What this tool is about
- You can generate a csv file that will contain various flow based features extracted from the entered file.
- You can perform the forensic on the file to find the Intrusions and get the file in output.
How to setup:
- Create a fork of this repo and clone into your local environment
- Create a new branch
- Install all dependencies by following command:
pip install -r requirements.txt- Open deploy_model.ipynb file in ML_model folder and run each cell one by one. This will do a minor preprocessing, train, test your model and save it into a file using joblib that it will use later.
- All done !!
How to use
python src/main.py <options> <file>- After above given setup you can interact with the tool
- Use follwing command to see all the options and how to use:
python src/main.py --help- To generate flow file use the follwing command:
python src/main.py -f --pcap <file_path>- To generate result of detected intrusions use the following command:
python src/main.py -r --pcap <file_path>You will see the result on your cli and a file will be generated based on the chosen option.