IDS/
├── .git/ # Git repository
├── __pycache__/ # Python cache directory
├── logs/ # Log files directory
├── templates/ # HTML templates
│ ├── config.html # Configuration page
│ ├── index.html # Main dashboard
│ └── logs.html # Log viewer page
├── utils/ # Utility functions and helpers
│ └── detailed_logger.py # Detailed logging implementation
├── config.json # Configuration file
├── requirements.txt # Python dependencies
├── sensor.py # Network sensor implementation
└── server.py # Main server application
-
server.py: Main application server that handles:
- Web interface and routing
- Event streaming
- Log management
- Real-time monitoring
-
sensor.py: Network traffic sensor that:
- Captures packets
- Analyzes network traffic
- Detects suspicious activities
- Generates events
-
utils/detailed_logger.py: Logging system for:
- Structured event logging
- System events
- Network traffic events
-
templates/: Web interface files
- Main dashboard (index.html)
- Configuration interface (config.html)
- Log viewer (logs.html)
-
docs/: Project documentation
- Installation and setup guides
- Configuration documentation
- API documentation
- Web interface guide
- Sensor functionality details
- Project report
-
logs/: Directory containing:
- System logs
- Network traffic logs
- Event logs
-
config.json: Configuration settings for:
- Network interfaces
- Blacklisted IPs
- Suspicious ports
- System parameters
See requirements.txt for a complete list of Python dependencies.
-
Install dependencies:
pip install -r requirements.txt
-
Configure settings in
config.json -
Start the server:
python server.py
-
Start the sensor:
python sensor.py
-
Access the web interface at
http://localhost:5000
- Real-time network traffic monitoring
- Suspicious activity detection
- Structured logging
- Web-based user interface
- Event filtering and search
- Export capabilities
- System event tracking
- Python 3.11
- Flask web framework
- Bootstrap 5 UI framework
- JSON-based configuration
- Clone the repository:
git clone [repository-url]- Install dependencies:
pip install -r requirements.txt- Run the application:
python server.py- Access the interface:
http://localhost:5000
Default credentials:
- Username: admin
- Password: 123
The system uses a JSON-based configuration file (config.json) with the following structure:
{
"GENERAL_SETTINGS": {
"LOG_DIR": "logs",
"LOG_LEVEL": "INFO",
"INTERFACE": "auto",
"CAPTURE_TIMEOUT": 0
},
"IP_RULES": {
"BLACKLISTED_IPS": [],
"WHITELISTED_IPS": [],
"IP_RANGES_TO_MONITOR": ["192.168.0.0/16"],
"MAX_CONNECTIONS_PER_IP": 50,
"CONNECTION_TIMEOUT": 300
},
"PORT_RULES": {
"SUSPICIOUS_PORTS": [22, 23, 445, 1433, 3389, 4444, 5554],
"ALLOWED_PORTS": [80, 443, 53],
"PORT_SCAN_DETECTION": {
"ENABLED": true,
"THRESHOLD": 20,
"TIME_WINDOW": 60
}
},
"DNS_RULES": {
"DNS_BLACKLIST": [],
"DGA_DETECTION": {
"ENABLED": true,
"MIN_ENTROPY": 3.5,
"MIN_LENGTH": 10,
"CONSONANT_THRESHOLD": 0.7
},
"DNS_MONITORING": {
"CACHE_TIMEOUT": 300,
"MAX_QUERIES_PER_DOMAIN": 100,
"SUSPICIOUS_TLD": [".xyz", ".top"]
}
}
}-
Authentication
- Basic authentication implemented
- Password hashing enabled
- Session management included
-
Configuration Security
- Section-based updates
- Type validation
- Error handling
- Configuration backup
-
Network Security
- Flexible IP blocking
- Port scanning detection
- DNS threat monitoring
- DGA detection
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.