Installation
Set up dependencies and get the system running on your machine
Quickstart
Launch the IDS, start monitoring traffic, and trigger your first detection
Architecture
Understand how the IDS engine, ML model, and IPS response layer connect
ML Pipeline
Generate training data, train the ensemble model, and evaluate its performance
What the system detects
The IDS/IPS identifies six categories of network attack in real time:SYN Flood
Detects TCP SYN storms targeting connection tables
DDoS
Identifies volumetric attacks from distributed sources
Port Scan
Flags reconnaissance sweeps across unique ports
Exploit Attempts
Monitors connections to vulnerable service ports
SQL Injection
Inspects packet payloads for malicious SQL patterns
UDP Flood
Catches high-volume UDP saturation attacks
How it works
Capture traffic
Scapy’s
AsyncSniffer captures all inbound packets on your selected network interface using Npcap in real time.Detect threats
Six heuristic detectors analyze each packet for known attack patterns using sliding-window counters and payload inspection.
Classify with ML
When a threat is detected, the ensemble model classifies the attack type and returns a confidence score. If confidence exceeds 70%, the ML verdict is used; otherwise the heuristic label is applied.
The system requires administrator privileges to create Windows Firewall rules. Without admin rights, blocks are recorded as “Bloqueo simulado” in the SOC dashboard while monitoring and alerting continue normally.