# 🛡️ Anomaly Detection in a Zero Trust IoT Network
This notebook demonstrates how to detect anomalies in IoT network traffic using Isolation Forest, in the context of a Zero Trust architecture.

In [None]:
import pandas as pd
import numpy as np
from sklearn.ensemble import IsolationForest
import matplotlib.pyplot as plt
import seaborn as sns
from sklearn.metrics import classification_report, confusion_matrix

## 🔧 Simulate IoT Network Traffic Data
We simulate normal and abnormal IoT behavior using random distributions.

In [None]:
# Normal data
np.random.seed(42)
normal_data = {
    'packet_size': np.random.normal(500, 50, 1000),
    'duration': np.random.normal(60, 10, 1000),
    'src_port': np.random.randint(1000, 5000, 1000),
    'dst_port': np.random.randint(8000, 9000, 1000),
    'bytes_sent': np.random.normal(2000, 300, 1000),
    'bytes_received': np.random.normal(1800, 250, 1000)
}
# Anomaly data
anomaly_data = {
    'packet_size': np.random.normal(1000, 10, 50),
    'duration': np.random.normal(200, 20, 50),
    'src_port': np.random.randint(6000, 7000, 50),
    'dst_port': np.random.randint(9000, 10000, 50),
    'bytes_sent': np.random.normal(10000, 200, 50),
    'bytes_received': np.random.normal(9000, 150, 50)
}
# Create DataFrames
df_normal = pd.DataFrame(normal_data)
df_anomaly = pd.DataFrame(anomaly_data)
df = pd.concat([df_normal, df_anomaly], ignore_index=True)
df['label'] = [0]*1000 + [1]*50  # 0 = normal, 1 = anomaly

## 🚨 Train Isolation Forest Model

In [None]:
features = ['packet_size', 'duration', 'src_port', 'dst_port', 'bytes_sent', 'bytes_received']
model = IsolationForest(contamination=0.05, random_state=42)
df['pred'] = model.fit_predict(df[features])
df['pred'] = df['pred'].apply(lambda x: 1 if x == -1 else 0)

## 📊 Evaluate Model Performance

In [None]:
report = classification_report(df['label'], df['pred'], target_names=['Normal', 'Anomaly'])
conf_matrix = confusion_matrix(df['label'], df['pred'])
print("Classification Report:\n", report)
print("Confusion Matrix:\n", conf_matrix)

## 📉 Visualize Anomaly Detection

In [None]:
sns.scatterplot(x='bytes_sent', y='bytes_received', hue='pred', data=df)
plt.title("Anomaly Detection in IoT Traffic")
plt.show()