Extract signals. Classify behavior. Detect network threats.
| DDoS Traffic Flooding |
Probe Reconnaissance |
R2L Remote Access |
U2R Privilege Escalation |
Normal Benign Traffic |
|
This repository implements a machine learning based network attack detection system with a Flask inference interface. It classifies traffic into multiple security states, including DDoS, Probe, R2L, U2R, and Normal. The project is positioned as a compact research-engineering prototype for feature-driven network threat analysis and browser-based prediction. |
|
flowchart TD
A[Network Traffic Features] --> B[Input Form]
B --> C[Flask Application]
C --> D[Feature Vector Builder]
D --> E[Serialized ML Model]
E --> F{Prediction}
F --> G[DDoS]
F --> H[Probe]
F --> I[R2L]
F --> J[U2R]
F --> K[Normal]
C --> L[SQLite Auth Layer]
| Feature | Purpose |
|---|---|
| Multi-class classification | Detects DDoS, Probe, R2L, U2R, and Normal traffic states. |
| Flask inference UI | Provides a browser-based interface for traffic feature prediction. |
| Serialized model runtime | Loads a trained model artifact for inference. |
| Authentication flow | Includes SQLite-backed signup/signin workflow. |
| Research workflow | Supports ML experimentation, feature analysis, and classification validation. |
| Security-focused output | Converts numerical traffic inputs into human-readable threat states. |
flowchart LR
A[Traffic Record] --> B[Feature Extraction]
B --> C[Model Inference]
C --> D[Threat Class]
D --> E[Security Interpretation]
| Class | Meaning |
|---|---|
| DDoS | High-volume traffic behavior intended to disrupt service availability. |
| Probe | Reconnaissance-style behavior used to discover network weaknesses. |
| R2L | Remote-to-local access attempt pattern. |
| U2R | User-to-root privilege escalation pattern. |
| Normal | Benign traffic behavior. |
flowchart TD
A[Raw Dataset] --> B[Preprocessing]
B --> C[Encoding]
C --> D[Feature Selection]
D --> E[Model Training]
E --> F[Evaluation]
F --> G[Exported Model]
G --> H[Flask Prediction Runtime]
| Stage | Output |
|---|---|
| Preprocessing | Clean and normalized network features. |
| Feature extraction | Detection-ready numerical vectors. |
| Training | Supervised model for attack-class prediction. |
| Evaluation | Accuracy, precision, recall, F1-score, confusion matrix. |
| Inference | Browser-based prediction through Flask. |
git clone https://github.com/ns7523/Network-attacks-detection.git
cd Network-attacks-detection
python -m venv .venv
source .venv/bin/activate
pip install flask pandas numpy scikit-learn joblib matplotlib seabornRun the Flask application:
python app.pyOpen the local interface:
http://127.0.0.1:5000
Submit the required network traffic feature values through the prediction form. The model returns a traffic classification result.
.
├── assets/
│ └── brand/
│ ├── hero.svg
│ └── pipeline.svg
├── app.py
├── model.sav
├── signup.db
├── templates/
├── static/
└── README.md
Suggested production structure:
docs/ · src/ · models/ · data/ · results/ · notebooks/ · assets/screenshots/ · requirements.txt
|
Traffic feature input interface. |
Output view showing the predicted network state. |
|
Confusion matrix, precision, recall, and F1-score. |
Clean visual map of the detection system. |
- Move credentials and mail configuration into environment variables.
- Hash stored passwords before any production-style deployment.
- Validate form input before model inference.
- Add dependency pinning through
requirements.txt.
- Add reproducible training notebook.
- Add
requirements.txt. - Move ML and Flask code into
src/. - Add confusion matrix and classification report.
- Add Docker support for isolated runtime.
- Add screenshots under
assets/screenshots/. - Add a formal open-source license.
