An open-source, automated tool that uses a Random Forest classifier to detect network intrusions from both offline PCAP files and live network traffic.
- Random Forest Classifier — trained on synthetic network flow data
- PCAP File Analysis — upload and analyze
.pcap/.pcapngfiles - Live Traffic Monitoring — real-time capture and detection
- Web Dashboard — premium dark-themed Flask UI with charts
- CLI Interface — command-line access for all features
- 4 Attack Types Detected: Port Scan, DoS Flood, Brute Force, Data Exfiltration
Analyzer/
├── cli.py # CLI entry point
├── app.py # Flask web dashboard
├── config.py # Central configuration
├── requirements.txt
├── core/
│ ├── feature_extractor.py # Packet → feature extraction
│ ├── train_model.py # Model training & evaluation
│ ├── detector.py # Intrusion detection engine
│ ├── pcap_analyzer.py # Offline PCAP analysis
│ └── live_capture.py # Live traffic capture
├── scripts/
│ └── generate_dataset.py # Synthetic dataset generator
├── data/ # Generated CSV datasets
├── models/ # Trained model files
├── templates/ # Flask HTML templates
└── static/ # CSS and JS assets
pip install -r requirements.txtpython cli.py generate # Creates data/network_data.csv (10,000 samples)
python cli.py train # Trains and saves the Random Forest modelpython cli.py analyze path/to/capture.pcappython cli.py serve
# Open http://127.0.0.1:5000python cli.py live # Default interface
python cli.py live "Wi-Fi" # Specific interfaceNote: Live capture requires Npcap (Windows) or libpcap (Linux/Mac), and administrator/root privileges.
| Parameter | Value |
|---|---|
| Algorithm | Random Forest |
| Trees | 100 |
| Max Depth | 20 |
| Features | 13 network flow features |
| Training Data | 10,000 synthetic samples |
| Class Balancing | Balanced class weights |
duration, protocol_type, src_bytes, dst_bytes, count, srv_count, same_srv_rate, dst_host_count, dst_host_srv_count, flag, packet_size_avg, fwd_packets, bwd_packets
MIT License — free to use, modify, and distribute.