Skip to content

Isaacwilliam4/INSyT

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

124 Commits

.github/workflows

.github/workflows

 
 

eda

eda

 
 

front-end

front-end

 
 

insyt

insyt

 
 

simulation

simulation

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

5_fold_cross_validation.png

5_fold_cross_validation.png

 
 

INSYT_report.pdf

INSYT_report.pdf

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

pyproject.toml

pyproject.toml

 
 

setup.cfg

setup.cfg

 
 

test_confusion_matrix.png

test_confusion_matrix.png

 
 

Repository files navigation

INSyT - Innovative Network Security Technologies

INSyT is a LLM-based Network Instrusion Detection System designed to detect and analyze anomalous and dangerous network and system behavior.

Installation

This software can be installed using pip:

pip install insyt

Note: INSyT depends of the fact that you have a Redis Server running on your machine. Visit the Redis documentation to learn how to start a redis server for your OS.

Note: Generative AI analysis is built on ollama. And as such it is important that ollama is installed on your machine. Visit there github to learn how to install on you specific system. After installing ollama, run the following to create the insyt model:

ollama create insyt -f insyt/models/ollama/Modelfile

You can still use the software without installing ollama, just without analysis and response reccomendations.

Note for Windows users: Redis is not officially supported on Windows. However, you can install Redis on Windows for development by following these instructions.

Usage

Start monitoring log lines

To start monitoring log files, run the following command in your terminal:

insyt --watch /path/to/your/file1 /path/to/your/file2 /path/to/dir/

Replace /path/to/your/file1 and /path/to/your/file2 with the actual paths to the files you want to watch. The file watcher will then monitor these files for any changes and load the new lines into the database. If you pass in a directory, the system will monitor all files within that directory.

It will also place new lines into a redis queue for classification and analysis, as well as process those jobs.

Custom database paths

The INSyT sqlite database is by default contained at ~/.cache/insyt/insyt.db. You can also pass in a different database filename using the --db flag. For example:

insyt --watch /path/to/your/file1 /path/to/your/file2 --db /path/to/your/db

Replace /path/to/your/db with the actual path to the database file you want to use.

Resetting the database

Run with the --purge flag to delete all rows in the database before starting to monitor files.

insyt --watch /path/to/watch/dir/ --purge

Debug

If you want to run in debug mode, use the flag --debug

Frontend

The frontend application can be used to view and analyze logline classifications.

The frontend is automatically served in the background while INSyT file monitoring is running. You can specify the port at which it is served using the --port flag (Default is 5656).

insyt --watch /path/to/dir/ --port 8001

Alternatively, you can also serve just the frontend and inference apis (without file monitoring) using insyt-server.

insyt-server --port 8001

Navigate to http://localhost:[your port here] to view and interact with the frontend application.

Navigate to http://localhost:[your port here]/docs to read the inference and database server api documentation (Provided by SwaggerUI).

For Developers/Contributors

Good luck...

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages