This Intrusion Detection System (IDS) monitors network traffic in real-time to identify suspicious activities and potential threats. It uses the Scapy library to capture and analyze network packets, looking for abnormal patterns such as unusually large packets or repetitive requests. Upon detecting anomalies, the IDS can take automated preventive actions, such as blocking suspicious IP addresses using Windows Firewall commands. All detected threats and system events are logged for further analysis and review.
-
Real-time Packet Monitoring: Captures and analyzes network packets in real-time using Scapy. π‘
-
Statistical Analysis: Tracks packet sizes and counts to identify unusual traffic patterns. π
-
Anomaly Detection:
- Large Packet Detection: Flags packets larger than 1500 bytes as potentially malicious. π¦
- Repetitive Traffic Detection: Detects repetitive packet sizes (more than 100 times) that may indicate a flood attack. π
-
Automated Response: Blocks offending IP addresses using Windows Firewall commands (requires admin privileges). π«
-
Logging: Logs all detected threats, including timestamps and anomaly details, to
ids_logs.log. π -
Alerting (Potential): While not explicitly mentioned, the logging feature facilitates the implementation of alerts (e.g., email notifications) based on log entries. π
-
Python: The core programming language for the IDS. π
-
Scapy: A powerful Python library for network packet manipulation and analysis. π‘
-
Windows Firewall: Used for blocking IP addresses (Windows-specific). π§±
-
Network Security Professionals: Monitoring network traffic for security threats. π§βπ»
-
Security Researchers: Studying network attacks and developing intrusion detection techniques. π΅οΈββοΈ
-
Python Developers: Learning about network programming, packet analysis, and security concepts. π§βπ
-
Clone the repository:
git clone <repo url> -
Install required libraries:
pip install scapy -
Run the program (with administrator privileges):
python ids.py(orpython3 ids.py)