Skip to content
/ SDN-Based-Real-Time-Network-Forensics-and-Anomaly-Detection-System Public

This project leverages Software-Defined Networking (SDN) principles to monitor, detect, and respond to network traffic anomalies in real-time.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cap26803/SDN-Based-Real-Time-Network-Forensics-and-Anomaly-Detection-System

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
docs
docs
 
 
snapshots
snapshots
 
 
src
src
 
 
tests
tests
 
 
topology
topology
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

SDN-Based Real-Time Network Forensics and Anomaly Detection System

This project leverages Software-Defined Networking (SDN) principles to monitor, detect, and respond to network traffic anomalies in real-time. The goal is to enhance network security, provide effective forensic analysis, and offer an intuitive dashboard for visualizing threats dynamically.

Features

  • Real-time network traffic monitoring using Mininet and SDN controllers.
  • Anomaly detection focused on detecting SYN flood DDoS attacks.
  • Alerts displayed both on the web interface and terminal.
  • Traffic flow logging in JSON format for forensic analysis.
  • Visualizations of threat data using real-time charts (line and pie charts) on a responsive Flask web interface.
  • Easy navigation to view detailed logs and traffic summaries.

Tools Used

  • Mininet: For network emulation.
  • Custom SDN Controller: For managing network traffic and implementing security policies.
  • Scapy: For capturing and analyzing packets.
  • Wireshark: For detailed packet inspection and validation.
  • Flask: For a lightweight, responsive web interface.
  • Chart.js: For dynamic chart visualizations on the web interface.

Documentation

How to Run

  1. Prerequisites:

    • Ubuntu 22.04 environment (virtual machine recommended).
    • Python 3.10.6 installed with necessary libraries.
    • Mininet installed and configured.
    • hping3, iperf, and other required network tools installed.

  2. Steps:

    • Launch the Mininet topology using the provided configuration.
    • Run the realtime_attack_detection.py script on the target host (e.g., h8).
    • Start the Flask server using app.py for real-time monitoring.
    • Generate traffic (e.g., using hping3 or iperf) to simulate DDoS attacks and observe detections.
    • Navigate to the Flask web interface for visualizations and logs.

  3. Features in Action:

    • Alerts for anomalies will appear on the web interface and logs.
    • Dynamic charts show SYN flood rates and attack sources in real-time.

Notes:

  1. Versioning: The versions provided are stable at the time of writing and compatible with Python 3.10.6 (my current setup). If you prefer the latest versions, consider testing for compatibility.
  2. Optional Libraries:
    • If you're not using Flask-WTF or Gunicorn for the dashboard, remove them.
    • Add libraries specific to your final implementation, such as advanced visualization tools.
  3. Installation Command: To install these dependencies, use the following command: pip install -r requirements.txt

Contributors:

  • Chinmay Paranjape
  • Chandsab Engineer
  • Kushal Kaparatti
  • Prathamesh Chitnis

About

This project leverages Software-Defined Networking (SDN) principles to monitor, detect, and respond to network traffic anomalies in real-time.

Topics

python flask networking analysis network-forensics chartjs sdn wireshark scapy sdn-controller network-analysis software-defined-network sdn-network mininet anomaly-detection mininet-topology network-logs real-time-detection

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages