Spaces:
Sleeping
Sleeping
| import streamlit as st | |
| import pandas as pd | |
| import altair as alt | |
| import plotly.express as px | |
| import requests | |
| import numpy as np | |
| ####################### | |
| # Page Configuration | |
| st.set_page_config( | |
| page_title="Intrusion Detection Dashboard", | |
| page_icon="๐ก๏ธ", | |
| layout="wide", | |
| initial_sidebar_state="expanded" | |
| ) | |
| alt.themes.enable("dark") | |
| ####################### | |
| # Load Intrusion Detection Data | |
| df_intrusions = pd.read_csv('data/cybersecurity_intrusions.csv') | |
| ####################### | |
| # Sidebar Filters | |
| with st.sidebar: | |
| st.title('๐ก๏ธ Intrusion Detection Dashboard') | |
| st.markdown("### This app predicts whether a network session is likely to be a cyberattack based on session characteristics such as packet size, login attemps, and IP reputation. Powered by a LightGBM model trained on labeled intrusion data.") | |
| st.markdown("### Model Info") | |
| st.markdown(""" | |
| - **Model:** LightGBM Classifier | |
| - **Recall:** 87.1% | |
| - **Precision:** 62.8% | |
| - **F1 Score:** 73.0% | |
| - **Threshold:** 0.2 (favor recall over precision) | |
| """) | |
| ####################### | |
| # Model Overview Section | |
| st.markdown("### About This App") | |
| st.markdown(""" | |
| This app predicts whether a network session is likely to be a cyberattack based on session-level characteristics | |
| like packet size, login attempts, encryption type, and IP reputation score. | |
| The underlying model was trained on a labeled intrusion detection dataset using LightGBM, a fast and accurate gradient boosting framework. | |
| This project demonstrates real-time predictions via a deployed API, and provides insight into the features most correlated with attack behavior. | |
| """) | |
| ####################### | |
| # Intrusion Prediction Using API | |
| st.markdown("### ๐ Intrusion Detection Prediction") | |
| # Input fields for real-time attack detection | |
| protocol_type = st.selectbox("Protocol Type", ["TCP", "UDP", "ICMP"]) | |
| encryption_used = st.selectbox("Encryption Used", ["AES", "DES", "None"]) | |
| packet_size = st.number_input("Network Packet Size", value=500) | |
| login_attempts = st.number_input("Login Attempts", value=3) | |
| session_duration = st.number_input("Session Duration", value=500.0) | |
| ip_reputation = st.number_input("IP Reputation Score", value=0.5) | |
| failed_logins = st.number_input("Failed Logins", value=1) | |
| unusual_access = st.checkbox("Unusual Time Access") | |
| # Manually apply one-hot encoding | |
| protocol_tcp = 1 if protocol_type == "TCP" else 0 | |
| protocol_udp = 1 if protocol_type == "UDP" else 0 | |
| encryption_des = 1 if encryption_used == "DES" else 0 | |
| encryption_none = 1 if encryption_used == "None" else 0 | |
| # API URL | |
| API_URL = "https://e-eeeema-intrusion-detection.hf.space/predict" | |
| if st.button("Predict Attack"): | |
| features = [ | |
| packet_size, | |
| login_attempts, | |
| session_duration, | |
| ip_reputation, | |
| failed_logins, | |
| int(unusual_access), | |
| protocol_tcp, | |
| protocol_udp, | |
| encryption_des, | |
| encryption_none | |
| ] | |
| response = requests.post(API_URL, json={"features": features}) | |
| if response.status_code == 200: | |
| result = response.json() | |
| prediction = response.json().get("attack_detected", 0) | |
| probability = result.get("probability", 0.0) | |
| st.markdown(f"**๐งฎ Prediction Confidence:** `{probability*100:.2f}%`") | |
| if prediction == 1: | |
| st.error("๐จ Attack Detected!") | |
| st.markdown(""" | |
| > **Why?** The model flagged this session as an intrusion based on a combination of: | |
| - Suspicious IP reputation | |
| - Multiple failed login attempts | |
| - Unusual access time or weak encryption | |
| """) | |
| else: | |
| st.success("โ No Attack Detected.") | |
| st.markdown("> **Why?** The session appears typical and shows no strong indicators of intrusion.") | |
| # Confidence interpretation | |
| if probability >= 0.7: | |
| st.info("๐ High model confidence in this prediction.") | |
| elif probability >= 0.4: | |
| st.warning("โ ๏ธ Medium confidence โ results should be interpreted with caution.") | |
| else: | |
| st.warning("โ Low confidence โ the model is uncertain about this prediction.") | |
| else: | |
| st.error("โ ๏ธ API request failed. Please check the API URL.") | |
| ####################### | |
| # Resources | |
| st.markdown("#### ๐ Resources") | |
| st.markdown(""" | |
| - ๐ [View Model Training Code on GitHub](https://github.com/butlerem/intrusion-detection-model-lgbm/blob/main/intrusion_detector.ipynb) | |
| - ๐ [View Kaggle Dataset](https://www.kaggle.com/code/nukimayasari/cybersecurity-intrusion) | |
| """) | |