LSTM-based network intrusion detection system using the CICIDS2017 dataset for real-time threat classification.
- LSTM Neural Networks for sequence-based anomaly detection
- Multi-class classification of 15 attack types
- Handles class imbalance in network traffic
- Real-time threat prediction capabilities
ββββββββββββββββββββββββββββ β Network Traffic β pyshark ββββββββββββββ¬ββββββββββββββ β (sniff) βββββββΌβββββββ β Feature β β Extractor β β scapy / nfstream / CICFlowMeter script that extract features from live data trafiic βββββββ¬βββββββ β (vector) βββββββΌβββββββ β LSTM Model β β your trained detector feed the mmodel with data to predict βββββββ¬βββββββ β (predictions) βββββββΌβββββββββββ β Alert System β β logs, visualization if attack happends --> send alerts βββββββ¬βββββββββββ β βββββββΌβββββββ β Dashboard β β Flask + React (optional) visualisation des donnes : attaques types ... βββββββββββββββ
venv = activate the virtula environement venv/scripts/activate
uvicorn main:app --reload --port 8000
Tu devrais voir :
β Database initialized: C:\Users\lenovo\Desktop\cybersec-anamoly-detector\data\ids_alerts.db β Model loaded: 15 classes, 78 features [*] Background capture thread started
### Γtape 5 : Teste les Nouveaux Endpoints
Ouvre ton navigateur et teste :
1. **Dashboard avec stats persistantes** :
http://localhost:8000/api/dashboard
2. **Filtrer les alertes** :
http://localhost:8000/api/alerts?label=DoS%20GoldenEye&min_score=0.8
3. **Export CSV** :
http://localhost:8000/api/export/csv?table=alerts
4. **Stats sur 7 jours** :
http://localhost:8000/api/stats?days=7
5: API Directe
bash# Test avec curl
curl "http://localhost:8000/api/stats?days=0.003"
::::
# RΓ©ponse attendue :
{
"total": 45,
"benign": 32,
"malicious": 13,
"period_days": 0.003,
"period_label": "5 minutes" β Nouveau !
}