This project aims to detect network intrusions by analyzing TCP/IP dump files. The system uses machine learning techniques to classify network traffic as normal or intrusive, helping identify potential security threats in real-time.
- TCP/IP Packet Capture: Uses Scapy to capture and analyze network traffic.
- Machine Learning Model: Trains a Model to detect anomalies in network traffic.
- Real-time Sniffing: Continuously monitors live network traffic for intrusions.
- Web Interface: A simple Tkinter-based GUI to run scripts.
Install the necessary Python packages:
pip install scapy pandas scikit-learn tkinter-
Packet Capture: Run
nid.pyto start capturing and analyzing network packets.python nid.py
-
Detect Anomaly: Use
anomaly_detect.pyto train the anomaly detection model.python anomaly_detect.py
-
GUI Interface: Use
gui.pyto run scripts from a graphical interface.python gui.py
After training, the model generates a classification report with metrics like precision, recall, and accuracy. Example output:
Classification Report:
precision recall f1-score support
0 1.00 1.00 1.00 8
1 1.00 1.00 1.00 7