Skip to content

itsakki10/SecureML-Fabric

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ” SecureML Fabric

AI-Powered Network Threat Detection & Autonomous Response System

SecureML Fabric is an intelligent cybersecurity platform designed to monitor live network traffic, detect anomalies using Machine Learning, and autonomously respond to suspicious activities through intelligent IP blocking and dynamic WAF rule generation.

The platform combines:

  • πŸ“‘ Real-time traffic monitoring
  • πŸ€– Machine Learning anomaly detection
  • πŸ›‘οΈ Autonomous response system
  • πŸ”₯ WAF intelligence generation
  • πŸ“Š Interactive SOC dashboard
  • ⚑ Live threat visualization

πŸš€ Features

βœ… Real-Time Packet Monitoring
βœ… AI-Based Threat Detection
βœ… Autonomous IP Blocking
βœ… Dynamic WAF Rule Generation
βœ… Interactive SOC Dashboard
βœ… Threat Confidence Analysis
βœ… Packet Rate & Traffic Analysis
βœ… Light/Dark Theme Support
βœ… Live Threat Visualization
βœ… Real-Time Response Engine


πŸ—οΈ System Workflow

Network Traffic
       β”‚
       β–Ό
Traffic Capture Engine
       β”‚
       β–Ό
Feature Extraction
       β”‚
       β–Ό
ML Anomaly Detection
       β”‚
 β”Œβ”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”
 β–Ό           β–Ό
Threat      Normal
Detected    Traffic
 β–Ό
Response Engine
 β–Ό
IP Blocking + WAF Intelligence
 β–Ό
SOC Dashboard Visualization

πŸ“‚ Project Structure

SECUREML-FABRIC/
β”‚
β”œβ”€β”€ dashboard/
β”‚   └── app.py
β”‚
β”œβ”€β”€ Interface/
β”‚   β”œβ”€β”€ Anomoly.png
β”‚   β”œβ”€β”€ Call_Dash.png
β”‚   β”œβ”€β”€ Capture_ips.png
β”‚   β”œβ”€β”€ Dash.png
β”‚   β”œβ”€β”€ Hiest.png
β”‚   β”œβ”€β”€ IP_Blocked.png
β”‚   β”œβ”€β”€ Monitoring.png
β”‚   β”œβ”€β”€ System_blocking.png
β”‚   └── WAF_intel.png
β”‚
β”œβ”€β”€ logs/
β”‚   β”œβ”€β”€ actions.log
β”‚   β”œβ”€β”€ blocked_ips.log
β”‚   └── confidence_state.json
β”‚
β”œβ”€β”€ ml_engine/
β”‚   β”œβ”€β”€ baseline_model.pkl
β”‚   β”œβ”€β”€ detect_anomaly.py
β”‚   β”œβ”€β”€ explain.py
β”‚   β”œβ”€β”€ live_traffic.csv
β”‚   β”œβ”€β”€ sample_data.py
β”‚   β”œβ”€β”€ traffic_data.csv
β”‚   └── train_baseline.py
β”‚
β”œβ”€β”€ rule_engine/
β”‚   β”œβ”€β”€ confidence.py
β”‚   β”œβ”€β”€ response_engine.py
β”‚   └── rule_generator.py
β”‚
β”œβ”€β”€ traffic_collector/
β”‚   └── capture.py
β”‚
└── README.md

πŸ–₯️ SOC Dashboard

The SecureML Fabric dashboard provides a centralized Security Operations Center (SOC) interface for monitoring live traffic, analyzing anomalies, and visualizing threat activity in real time.

Dashboard


🌍 Live Threat Monitoring

The monitoring engine continuously captures and analyzes live network activity to identify suspicious traffic patterns.

Monitoring


πŸ“‘ Packet Capture Engine

The packet capture engine extracts real-time telemetry data including:

  • Packet count
  • Byte transfer
  • Traffic rate
  • Connection duration

Packet Capture


🎯 Threat Matrix Visualization

The Threat Matrix visualizes suspicious network behavior based on packet rate and packet volume.

The larger and more abnormal the traffic pattern, the higher the risk score generated by the ML engine.

Threat Matrix


🧠 AI Investigation Bay

The Investigation Bay performs deep traffic analysis for selected IP addresses.

Features include:

  • πŸ“Š Telemetry Analysis
  • πŸ“ˆ Network Velocity Tracking
  • πŸ›‘οΈ AI Threat Assessment
  • ⚠️ Risk Confidence Meter

AI Investigation


🚫 Autonomous Blocking System

When malicious traffic exceeds predefined thresholds, SecureML Fabric automatically triggers defensive actions.

Blocking conditions include:

  • High packet rate
  • Repeated anomaly detection
  • Suspicious traffic patterns
  • Elevated ML risk score

Autonomous Blocking


πŸ”’ Dynamic IP Blocking

The response engine can automatically isolate suspicious IP addresses and temporarily block malicious communication.

Additional capabilities:

  • Manual override
  • Real-time block tracking
  • Temporary ban expiration

IP Blocking


πŸ›‘οΈ AI-Generated WAF Intelligence

SecureML Fabric dynamically generates WAF protection recommendations based on detected attack behavior.

Generated rules include:

  • Rate limiting
  • Temporary blocks
  • ModSecurity rules
  • Payload inspection rules

WAF Intelligence


βš™οΈ Dashboard Deployment

The SOC dashboard runs using Streamlit and visualizes network intelligence in real time.

Deployment


πŸ€– Machine Learning Engine

The ML model analyzes traffic features such as:

Feature Description
Duration Connection duration
Packets Number of packets
Bytes Data transfer volume
Rate Packet transfer speed

The system classifies traffic into:

  • βœ… Normal Traffic
  • 🚨 Threat / Anomaly

πŸ› οΈ Technologies Used

Technology Purpose
Python Core Backend
Streamlit Dashboard
Plotly Visualization
Pandas Data Processing
Scikit-Learn Machine Learning
Joblib Model Loading
Linux Networking Packet Capture
WAF Rules Threat Mitigation

⚑ Installation

1️⃣ Clone Repository

git clone https://github.com/itsakki10/SecureML-Fabric.git
cd SecureML-Fabric

2️⃣ Create Virtual Environment

python3 -m venv secureml-linux-venv
source secureml-linux-venv/bin/activate

3️⃣ Install Requirements

pip install -r requirements.txt

4️⃣ Start Traffic Capture

sudo -E python3 traffic_collector/capture.py

5️⃣ Launch Dashboard

streamlit run dashboard/app.py

🌐 Dashboard Access

Local:
http://localhost:8501

Network:
http://<your-ip>:8501

πŸ”₯ Future Improvements

  • 🌍 GeoIP Threat Mapping
  • 🧠 Deep Learning Detection Models
  • ☁️ Cloud Threat Intelligence
  • πŸ›°οΈ SIEM Integration
  • πŸ“ˆ Advanced Threat Analytics
  • πŸ“¨ Email & Telegram Alerts
  • 🌐 Global Threat Heatmaps

πŸ“š Research Areas

This project is inspired by research in:

  • Intrusion Detection Systems
  • AI-Based Cybersecurity
  • Network Traffic Analysis
  • Adaptive Security Systems
  • WAF Automation
  • Autonomous Cyber Defense

πŸ‘¨β€πŸ’» Developer

Akash Mehra

AI & Cybersecurity Enthusiast
Full Stack Developer | ML Security Researcher


⭐ Conclusion

SecureML Fabric demonstrates how Artificial Intelligence and Machine Learning can be integrated with cybersecurity systems to create an adaptive and autonomous defense platform capable of:

  • Monitoring network traffic
  • Detecting anomalies
  • Generating threat intelligence
  • Blocking malicious activity
  • Assisting security operations in real time

About

ML-Enabled Network Anomaly Detection & Automated Response System

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages