SecureML Fabric is an intelligent cybersecurity platform designed to monitor live network traffic, detect anomalies using Machine Learning, and autonomously respond to suspicious activities through intelligent IP blocking and dynamic WAF rule generation.
The platform combines:
- π‘ Real-time traffic monitoring
- π€ Machine Learning anomaly detection
- π‘οΈ Autonomous response system
- π₯ WAF intelligence generation
- π Interactive SOC dashboard
- β‘ Live threat visualization
β
Real-Time Packet Monitoring
β
AI-Based Threat Detection
β
Autonomous IP Blocking
β
Dynamic WAF Rule Generation
β
Interactive SOC Dashboard
β
Threat Confidence Analysis
β
Packet Rate & Traffic Analysis
β
Light/Dark Theme Support
β
Live Threat Visualization
β
Real-Time Response Engine
Network Traffic
β
βΌ
Traffic Capture Engine
β
βΌ
Feature Extraction
β
βΌ
ML Anomaly Detection
β
βββββββ΄ββββββ
βΌ βΌ
Threat Normal
Detected Traffic
βΌ
Response Engine
βΌ
IP Blocking + WAF Intelligence
βΌ
SOC Dashboard Visualization
SECUREML-FABRIC/
β
βββ dashboard/
β βββ app.py
β
βββ Interface/
β βββ Anomoly.png
β βββ Call_Dash.png
β βββ Capture_ips.png
β βββ Dash.png
β βββ Hiest.png
β βββ IP_Blocked.png
β βββ Monitoring.png
β βββ System_blocking.png
β βββ WAF_intel.png
β
βββ logs/
β βββ actions.log
β βββ blocked_ips.log
β βββ confidence_state.json
β
βββ ml_engine/
β βββ baseline_model.pkl
β βββ detect_anomaly.py
β βββ explain.py
β βββ live_traffic.csv
β βββ sample_data.py
β βββ traffic_data.csv
β βββ train_baseline.py
β
βββ rule_engine/
β βββ confidence.py
β βββ response_engine.py
β βββ rule_generator.py
β
βββ traffic_collector/
β βββ capture.py
β
βββ README.mdThe SecureML Fabric dashboard provides a centralized Security Operations Center (SOC) interface for monitoring live traffic, analyzing anomalies, and visualizing threat activity in real time.
The monitoring engine continuously captures and analyzes live network activity to identify suspicious traffic patterns.
The packet capture engine extracts real-time telemetry data including:
- Packet count
- Byte transfer
- Traffic rate
- Connection duration
The Threat Matrix visualizes suspicious network behavior based on packet rate and packet volume.
The larger and more abnormal the traffic pattern, the higher the risk score generated by the ML engine.
The Investigation Bay performs deep traffic analysis for selected IP addresses.
Features include:
- π Telemetry Analysis
- π Network Velocity Tracking
- π‘οΈ AI Threat Assessment
β οΈ Risk Confidence Meter
When malicious traffic exceeds predefined thresholds, SecureML Fabric automatically triggers defensive actions.
Blocking conditions include:
- High packet rate
- Repeated anomaly detection
- Suspicious traffic patterns
- Elevated ML risk score
The response engine can automatically isolate suspicious IP addresses and temporarily block malicious communication.
Additional capabilities:
- Manual override
- Real-time block tracking
- Temporary ban expiration
SecureML Fabric dynamically generates WAF protection recommendations based on detected attack behavior.
Generated rules include:
- Rate limiting
- Temporary blocks
- ModSecurity rules
- Payload inspection rules
The SOC dashboard runs using Streamlit and visualizes network intelligence in real time.
The ML model analyzes traffic features such as:
| Feature | Description |
|---|---|
| Duration | Connection duration |
| Packets | Number of packets |
| Bytes | Data transfer volume |
| Rate | Packet transfer speed |
The system classifies traffic into:
- β Normal Traffic
- π¨ Threat / Anomaly
| Technology | Purpose |
|---|---|
| Python | Core Backend |
| Streamlit | Dashboard |
| Plotly | Visualization |
| Pandas | Data Processing |
| Scikit-Learn | Machine Learning |
| Joblib | Model Loading |
| Linux Networking | Packet Capture |
| WAF Rules | Threat Mitigation |
git clone https://github.com/itsakki10/SecureML-Fabric.git
cd SecureML-Fabricpython3 -m venv secureml-linux-venv
source secureml-linux-venv/bin/activatepip install -r requirements.txtsudo -E python3 traffic_collector/capture.pystreamlit run dashboard/app.pyLocal:
http://localhost:8501
Network:
http://<your-ip>:8501
- π GeoIP Threat Mapping
- π§ Deep Learning Detection Models
- βοΈ Cloud Threat Intelligence
- π°οΈ SIEM Integration
- π Advanced Threat Analytics
- π¨ Email & Telegram Alerts
- π Global Threat Heatmaps
This project is inspired by research in:
- Intrusion Detection Systems
- AI-Based Cybersecurity
- Network Traffic Analysis
- Adaptive Security Systems
- WAF Automation
- Autonomous Cyber Defense
AI & Cybersecurity Enthusiast
Full Stack Developer | ML Security Researcher
SecureML Fabric demonstrates how Artificial Intelligence and Machine Learning can be integrated with cybersecurity systems to create an adaptive and autonomous defense platform capable of:
- Monitoring network traffic
- Detecting anomalies
- Generating threat intelligence
- Blocking malicious activity
- Assisting security operations in real time








