System Architecture
Click to enlarge • Scroll to zoom • Drag to pan • Double-click to reset
Project Overview
Description
Enterprise-grade intrusion detection system that analyzes network traffic using a three-pronged approach: rule-based detection for known attack patterns, signature matching against threat intelligence databases, and machine learning anomaly detection. The system processes PCAP files through Zeek to extract protocol-level intelligence, enabling deep visibility into network behavior and automated threat identification for security operations.
Key Features
✓
Triple-layer detection: Rule-based thresholds, signature matching, and Isolation Forest ML anomaly detection✓
Automated PCAP processing pipeline with Zeek for protocol analysis (DNS, HTTP, SSL, connections)✓
Intelligent threat scoring with four-tier severity classification (Critical/High/Medium/Low)✓
Human-readable security reports with actionable insights and recommended remediation steps✓
Configurable detection rules and custom threat intelligence integration✓
Statistical profiling of connection patterns, data volumes, and protocol distributionsTechnology Stack
PythonZeekScikit-learnPCAPLinuxPandas
Project Links
© 2025 Charlotte Burns