About the System

System Features

This Network Attack Detection System is designed to analyze network traffic files (PCAP) and detect potential security threats using advanced machine learning techniques. Key features include:

  • PCAP File Analysis: Upload and analyze network capture files (.pcap, .pcapng) to identify malicious traffic patterns.
  • Attack Detection: Detects various types of attacks including DDoS (SYN Flood, UDP Flood, HTTP Flood) and Port Scans.
  • Interactive Dashboard: Visualizes analysis results with detailed charts, statistics, and attack timelines.
  • Analysis History: Keeps track of all uploaded files and their analysis reports for future reference.
  • AI Security Recommendations: Provides actionable security advice based on the detected threats using AI analysis.
How It Works: Random Forest Analysis

The core of our detection engine utilizes the Random Forest Classifier, a powerful ensemble learning method. Here's a specific breakdown of the analysis process:

The system first reads the raw PCAP file and extracts individual packets. It parses key headers (IP, TCP, UDP, ICMP) to extract relevant features such as Source/Destination IPs, Ports, Protocols, TCP Flags (SYN, ACK, FIN, etc.), Packet Length, and Inter-arrival Times.

Raw data is transformed into numerical vectors suitable for the model. Categorical data (like protocols) are encoded, and statistical features (like packet rates or flag counts within a time window) are calculated to capture behavioral patterns associated with attacks.

The processed features are fed into a pre-trained Random Forest model. This model consists of multiple decision trees that vote on the classification of each packet or flow. By aggregating the results of many trees, the model achieves high accuracy and reduces the risk of overfitting compared to a single decision tree.

The model classifies traffic as either Benign or specific attack types (e.g., DDoS, Port Scan). The system then aggregates these predictions to generate a comprehensive report, highlighting the number of malicious packets, attack types, and affected targets.