Machine learning system to detect and classify DDoS attacks in real-time network traffic.
📖 For complete documentation, see COMPLETE_DOCUMENTATION.md
This project develops a DDoS (Distributed Denial of Service) attack detection system using machine learning. It analyzes network traffic patterns, packet rates, and connection characteristics to identify various types of DDoS attacks including SYN flood, UDP flood, and HTTP flood.
- ✅ Real-time traffic monitoring
- ✅ DDoS attack classification
- ✅ Feature extraction from network flows
- ✅ Multiple attack type detection (SYN flood, UDP flood, HTTP flood, ICMP flood)
- ✅ Performance metrics and alerts
- ✅ Interactive Jupyter notebooks for analysis
- ✅ Pre-trained ML models
- ✅ Web dashboard for visualization
- 🚀 Attack Severity Scoring - Automatic severity calculation (0-100) with CRITICAL/HIGH/MEDIUM/LOW levels
- 🚀 Attack Pattern Detection - Identifies recurring, escalating, and coordinated attacks
- 🚀 Attack Prediction - Early warning system predicting attack probability
- 🚀 IP Reputation System - Tracks and scores IP addresses based on attack history
- 🚀 Automated Mitigation Recommendations - AI-powered suggestions for each attack type
- 🚀 Multi-Format Reports - Generate CSV, JSON, and HTML reports
- 🚀 REST API - Full RESTful API for integration with other systems
- 🚀 Attack Timeline Analysis - Historical attack tracking and statistics
- 🚀 Attack Simulator - Test your system with simulated attacks
- 🚀 Quick Action Commands - Ready-to-use iptables commands for mitigation
- 🚀 Bandwidth Monitoring - Track network bandwidth usage during attacks
- 🚀 Attack Statistics Dashboard - Comprehensive statistics and analytics
- Python 3.8+
- Scikit-learn - Machine learning algorithms
- TensorFlow/Keras - Deep learning models
- Pandas - Data manipulation
- NumPy - Numerical computing
- Jupyter Notebook - Interactive analysis
- Matplotlib/Seaborn - Data visualization
- Scapy - Network packet analysis
- Flask - Web dashboard
ddos-detection/
├── README.md
├── requirements.txt
├── LICENSE
├── config.yaml
├── data/
│ ├── raw/
│ ├── processed/
│ └── models/
├── src/
│ ├── __init__.py
│ ├── data_processor.py
│ ├── feature_extractor.py
│ ├── models/
│ │ ├── __init__.py
│ │ ├── classifier.py
│ │ └── deep_learning.py
│ ├── monitor.py
│ ├── alert_system.py
│ └── utils.py
├── notebooks/
│ ├── 01_data_exploration.ipynb
│ ├── 02_feature_engineering.ipynb
│ ├── 03_model_training.ipynb
│ └── 04_evaluation.ipynb
├── scripts/
│ ├── train_model.py
│ ├── monitor_traffic.py
│ └── generate_data.py
├── web_dashboard/
│ ├── app.py
│ ├── templates/
│ └── static/
└── tests/
├── test_feature_extractor.py
└── test_classifier.py
- Clone the repository:
git clone https://github.com/rskworld/ddos-detection.git
cd ddos-detection- Create a virtual environment:
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate- Install dependencies:
pip install -r requirements.txtpython scripts/train_model.pypython scripts/monitor_traffic.pycd web_dashboard
python app.pyjupyter notebookNavigate to the notebooks/ directory for interactive analysis.
- Accuracy: >95%
- Precision: >94%
- Recall: >93%
- F1-Score: >93%
- SYN Flood - TCP connection exhaustion
- UDP Flood - UDP packet flooding
- HTTP Flood - Application layer attacks
- ICMP Flood - Ping flood attacks
- Normal Traffic - Legitimate network traffic
Edit config.yaml to customize:
- Model parameters
- Alert thresholds
- Monitoring intervals
- Feature extraction settings
Contributions are welcome! Please feel free to submit a Pull Request.
See LICENSE file for details.
Project Developer: RSK World
- Founder: Molla Samser
- Designer & Tester: Rima Khatun
- Email: help@rskworld.in, support@rskworld.in
- Phone: +91 93305 39277
- Website: https://rskworld.in
- Location: Nutanhat, Mongolkote, Purba Burdwan, West Bengal, India, 713147
For general inquiries: info@rskworld.com
This project is for educational and research purposes only. Use responsibly and in accordance with applicable laws and regulations.
© 2025 RSK World. All rights reserved.