AI-assisted network traffic analysis system for real-time anomaly detection using Suricata and Isolation Forest.
- Real-time processing of Suricata's Eve JSON output
- Unsupervised anomaly detection using Isolation Forest
- Interactive web dashboard for monitoring anomalies
- Detection of various cyber threats including DDoS attacks, malware communications, and unauthorized access
- Suricata installed and configured
- Python 3.8+ with pip
-
Clone the repository:
git clone "Project Repo" cd network-forensics
-
Install dependencies:
pip install -r requirements.txt
-
Install and configure Suricata:
sudo ./scripts/install_suricata.sh
-
Configure Suricata to write to eve.json:
sudo nano /etc/suricata/suricata.yaml
Make sure the following is set:
outputs: - eve-log: enabled: yes filetype: regular filename: /var/log/suricata/eve.json types: - alert - flow
-
Create model directory:
mkdir -p ~/network_data
-
Collect normal traffic data:
sudo ./scripts/collect_training_data.sh eth0
-
Train the Isolation Forest model:
python -m src.ai.training
Start all components:
python src/main.py
Or run components separately:
# Run only the detector
python src/main.py --detector-only
# Run only the dashboard
python src/main.py --dashboard-only
Access the dashboard at [http://localhost:5000]