Note: Constructing the internal working of this tool is still under process and a lot needs to be done !! feel free to contribute and discuss.

NetForensix: Smart Network Intrusion Detection Tool

NetForensix is a powerful and intelligent network intrusion detection tool designed to bolster your network's security by identifying various network attacks. By analyzing network flow behavior, this tool can detect and provide insights into attacks such as Brute Force FTP, Brute Force SSH, DoS, Web Attacks, Botnets, DDoS, and more. Leveraging the CICIDS2017 dataset from Kaggle, NetForensix offers a robust solution for network forensics and intrusion detection.

Feel free to contribute.

• Project Flow Chart

For a visual representation of NetForensix's architecture and operation, please refer to the

• Features:

1. Advanced Intrusion Detection: Utilize machine learning techniques to uncover and report a wide range of network attacks.
2. Flow-based Analysis: NetForensix focuses on analyzing the flow behavior of network traffic, providing a deeper understanding of potential threats.
3. Effortless Setup: Follow the simple setup steps outlined in the How to Setup section to get NetForensix up and running quickly.
4. Automated Reporting: Generate detailed CSV files containing flow-based features extracted from input data files.
5. Forensic Analysis: Conduct forensic analysis on input files to identify and categorize network intrusions, and retrieve the output files.
6. User-friendly CLI: Interact with NetForensix using a command-line interface, making it accessible to both beginners and experts.

• How to setup:

1. Create a fork of this repo and clone into your local environment
2. Create a new branch
3. Install all dependencies by following command:

pip install -r requirements.txt

4. Open deploy_model.ipynb file in ML_model folder and run each cell one by one. This will do a minor preprocessing, train, test your model and save it into a file using joblib that it will use later.
5. All done !!

• How to use:

python3 src/main.py <options> <file>

1. After above given setup you can interact with the tool
2. Use follwing command to see all the options and how to use:

python3 src/main.py --help

3. To generate flow file use the follwing command:

python3 src/main.py -f --pcap <file_path>

4. To generate result of detected intrusions use the following command:

python3 src/main.py -r --pcap <file_path>

You will see the result on your cli and a file will be generated based on the chosen option.

• How to Contribute:

We welcome contributions from the community to enhance NetForensix's capabilities. Follow these steps to contribute:

Fork the repositor Create a new branch for your feature or improvement. Commit your changes and push to your branch. Open a pull request to merge your changes.

• License:

NetForensix is open-source software licensed under the MIT License.

• Contact:

For questions, feedback, or collaborations, please feel free to reach out:

Developer: Flanker

• Acknowledgements:

NetForensix appreciates the following resources:

• CICIDS2017 Dataset
• Joblib
• pyshark
• Pandas
• Scikit-Learn

Protect your network with NetForensix: Your Smart Network Intrusion Detection Tool. 🛡️🌐