{"id":6668,"date":"2025-06-17T07:12:40","date_gmt":"2025-06-17T07:12:40","guid":{"rendered":"https:\/\/www.kaashivinfotech.com\/blog\/?p=6668"},"modified":"2025-07-30T09:40:29","modified_gmt":"2025-07-30T09:40:29","slug":"intrusion-detection-system-guide","status":"publish","type":"post","link":"https:\/\/www.kaashivinfotech.com\/blog\/intrusion-detection-system-guide\/","title":{"rendered":"Intrusion Detection System (IDS)"},"content":{"rendered":"<h3 data-start=\"164\" data-end=\"247\"><strong data-start=\"168\" data-end=\"247\">AI Based Intrusion Detection System: A Smarter Shield Against Cyber Threats<\/strong><\/h3>\n<p data-start=\"249\" data-end=\"689\">In today\u2019s rapidly evolving digital landscape, traditional security tools often fall short in detecting sophisticated cyberattacks. This is where an <strong data-start=\"398\" data-end=\"446\">AI based intrusion detection system (AI IDS)<\/strong> becomes essential. Leveraging machine learning and intelligent behavior analysis, <strong data-start=\"529\" data-end=\"563\">AI intrusion detection systems<\/strong> can identify threats faster, adapt to new attack patterns, and reduce false positives\u2014something legacy systems struggle with.<\/p>\n<p data-start=\"691\" data-end=\"1029\">Whether you&#8217;re running a corporate network or managing cloud-based infrastructure, an <strong data-start=\"777\" data-end=\"793\">AI based IDS<\/strong> empowers cybersecurity teams to proactively monitor traffic and respond in real-time. From detecting anomalies in user behavior to identifying zero-day attacks, <strong data-start=\"955\" data-end=\"981\">AI intrusion detection<\/strong> offers a dynamic and scalable layer of defense.<\/p>\n<p data-start=\"1031\" data-end=\"1364\">As cyber threats become more complex, implementing an <strong data-start=\"1085\" data-end=\"1124\">AI based intrusion detection system<\/strong> is no longer a luxury but a necessity for organizations seeking robust, next-gen security. In this article, we explore how AI IDS works, its advantages over traditional systems, and how to integrate it into your existing security strategy.<\/p>\n<hr data-start=\"1366\" data-end=\"1369\" \/>\n<p data-start=\"1371\" data-end=\"1492\" data-is-last-node=\"\" data-is-only-node=\"\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-6670 size-full\" src=\"https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/IDS.png\" alt=\"\" width=\"1024\" height=\"516\" srcset=\"https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/IDS.png 1024w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/IDS-300x151.png 300w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/IDS-768x387.png 768w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/IDS-833x420.png 833w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/IDS-150x76.png 150w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/IDS-696x351.png 696w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>Intrusion Detection System<span style=\"color: #111111; font-family: Roboto, sans-serif; font-size: 32px;\">Table of Contents<\/span><\/p>\n<div class=\"jp-Cell jp-MarkdownCell jp-Notebook-cell\">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-RenderedHTMLCommon jp-RenderedMarkdown jp-MarkdownOutput \" data-mime-type=\"text\/markdown\">\n<div class=\"toc\">\n<ul class=\"toc-item\">\n<li><a href=\"#simple-Intrusion-Detection\" data-toc-modified-id=\"simple-Intrusion-Detection-1\">simple Intrusion Detection<\/a><\/li>\n<li><a href=\"#Intrusion-Detection-using-Scikit-learn\" data-toc-modified-id=\"Intrusion-Detection-using-Scikit-learn-2\">Intrusion Detection using Scikit-learn<\/a><\/li>\n<li><a href=\"#Port-scan-detection\" data-toc-modified-id=\"Port-scan-detection-3\">Port scan detection<\/a><\/li>\n<li><a href=\"#Brute-Force-Login-Detection\" data-toc-modified-id=\"Brute-Force-Login-Detection-4\">Brute-Force Login Detection<\/a><\/li>\n<li><a href=\"#DDoS-Attack-Detection\" data-toc-modified-id=\"DDoS-Attack-Detection-5\">DDoS Attack Detection<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[\u00a0]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"o\">!<\/span>ls\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>sample_data\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[2]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">from<\/span> <span class=\"nn\">google.colab<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">drive<\/span>\r\n<span class=\"n\">drive<\/span><span class=\"o\">.<\/span><span class=\"n\">mount<\/span><span class=\"p\">(<\/span><span class=\"s1\">'\/content\/drive'<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>Mounted at \/content\/drive\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell jp-mod-noOutputs \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[\u00a0]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">warnings<\/span>\r\n<span class=\"n\">warnings<\/span><span class=\"o\">.<\/span><span class=\"n\">filterwarnings<\/span><span class=\"p\">(<\/span><span class=\"s1\">'ignore'<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-MarkdownCell jp-Notebook-cell\">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\"><\/div>\n<div class=\"jp-RenderedHTMLCommon jp-RenderedMarkdown jp-MarkdownOutput \" data-mime-type=\"text\/markdown\">\n<h1 id=\"simple-Intrusion-Detection\">Simple Intrusion Detection<a class=\"anchor-link\" href=\"#simple-Intrusion-Detection\">\u00b6<\/a><\/h1>\n<ul>\n<li>Counts how many times each IP shows up.<\/li>\n<li>Flags IPs that exceed a threshold (e.g., more than 100 requests).<\/li>\n<li>This can detect simple DoS-type attacks or brute-force attempts.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[3]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">pandas<\/span> <span class=\"k\">as<\/span> <span class=\"nn\">pd<\/span>\r\n<span class=\"kn\">from<\/span> <span class=\"nn\">collections<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">Counter<\/span>\r\n\r\n<span class=\"n\">log<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pd<\/span><span class=\"o\">.<\/span><span class=\"n\">read_csv<\/span><span class=\"p\">(<\/span><span class=\"s1\">'\/content\/drive\/My Drive\/<a href=\"https:\/\/drive.google.com\/file\/d\/1DzC4elW7_sln_QX3h-NLmdO5wedXu6Jd\/view?usp=drive_link\" target=\"_blank\" rel=\"noopener\">network_log.csv<\/a>'<\/span><span class=\"p\">)<\/span>\r\n<span class=\"n\">ip_counts<\/span> <span class=\"o\">=<\/span> <span class=\"n\">Counter<\/span><span class=\"p\">(<\/span><span class=\"n\">log<\/span><span class=\"p\">[<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">]<\/span><span class=\"o\">.<\/span><span class=\"n\">values<\/span><span class=\"p\">)<\/span>\r\n<span class=\"n\">threshold<\/span> <span class=\"o\">=<\/span> <span class=\"mi\">100<\/span>\r\n<span class=\"n\">intrusions<\/span> <span class=\"o\">=<\/span> <span class=\"p\">[<\/span><span class=\"n\">ip<\/span> <span class=\"k\">for<\/span> <span class=\"n\">ip<\/span><span class=\"p\">,<\/span> <span class=\"n\">count<\/span> <span class=\"ow\">in<\/span> <span class=\"n\">ip_counts<\/span><span class=\"o\">.<\/span><span class=\"n\">items<\/span><span class=\"p\">()<\/span> <span class=\"k\">if<\/span> <span class=\"n\">count<\/span> <span class=\"o\">&gt;<\/span> <span class=\"n\">threshold<\/span><span class=\"p\">]<\/span>\r\n\r\n<span class=\"nb\">print<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"Suspicious IPs:\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">intrusions<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>Suspicious IPs: ['192.168.0.99']\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[4]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">pandas<\/span> <span class=\"k\">as<\/span> <span class=\"nn\">pd<\/span>\r\n<span class=\"kn\">from<\/span> <span class=\"nn\">sklearn.ensemble<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">IsolationForest<\/span>\r\n\r\n<span class=\"c1\"># Read the log file<\/span>\r\n<span class=\"n\">log<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pd<\/span><span class=\"o\">.<\/span><span class=\"n\">read_csv<\/span><span class=\"p\">(<\/span><span class=\"s1\">'\/content\/drive\/My Drive\/network_log.csv'<\/span><span class=\"p\">)<\/span>\r\n\r\n<span class=\"c1\"># Count the occurrences of each IP<\/span>\r\n<span class=\"n\">ip_counts<\/span> <span class=\"o\">=<\/span> <span class=\"n\">log<\/span><span class=\"p\">[<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">]<\/span><span class=\"o\">.<\/span><span class=\"n\">value_counts<\/span><span class=\"p\">()<\/span><span class=\"o\">.<\/span><span class=\"n\">reset_index<\/span><span class=\"p\">()<\/span>\r\n<span class=\"n\">ip_counts<\/span><span class=\"o\">.<\/span><span class=\"n\">columns<\/span> <span class=\"o\">=<\/span> <span class=\"p\">[<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">,<\/span> <span class=\"s1\">'count'<\/span><span class=\"p\">]<\/span>\r\n\r\n<span class=\"c1\"># Train an IsolationForest model on the IP counts<\/span>\r\n<span class=\"n\">model<\/span> <span class=\"o\">=<\/span> <span class=\"n\">IsolationForest<\/span><span class=\"p\">(<\/span><span class=\"n\">contamination<\/span><span class=\"o\">=<\/span><span class=\"mf\">0.1<\/span><span class=\"p\">)<\/span>  <span class=\"c1\"># Assuming 10% outliers<\/span>\r\n<span class=\"n\">ip_counts<\/span><span class=\"p\">[<\/span><span class=\"s1\">'anomaly'<\/span><span class=\"p\">]<\/span> <span class=\"o\">=<\/span> <span class=\"n\">model<\/span><span class=\"o\">.<\/span><span class=\"n\">fit_predict<\/span><span class=\"p\">(<\/span><span class=\"n\">ip_counts<\/span><span class=\"p\">[[<\/span><span class=\"s1\">'count'<\/span><span class=\"p\">]])<\/span>\r\n\r\n<span class=\"c1\"># Get suspicious IPs<\/span>\r\n<span class=\"n\">suspicious_ips<\/span> <span class=\"o\">=<\/span> <span class=\"n\">ip_counts<\/span><span class=\"p\">[<\/span><span class=\"n\">ip_counts<\/span><span class=\"p\">[<\/span><span class=\"s1\">'anomaly'<\/span><span class=\"p\">]<\/span> <span class=\"o\">==<\/span> <span class=\"o\">-<\/span><span class=\"mi\">1<\/span><span class=\"p\">][<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">]<\/span><span class=\"o\">.<\/span><span class=\"n\">tolist<\/span><span class=\"p\">()<\/span>\r\n\r\n<span class=\"nb\">print<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"Suspicious IPs:\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">suspicious_ips<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>Suspicious IPs: ['192.168.0.99', '192.168.0.19']\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-MarkdownCell jp-Notebook-cell\">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">\n<figure id=\"attachment_9568\" aria-describedby=\"caption-attachment-9568\" style=\"width: 850px\" class=\"wp-caption alignnone\"><img decoding=\"async\" class=\"size-full wp-image-9568\" src=\"https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/The-architecture-of-AI-based-IDS-adapted.jpg\" alt=\"ai based intrusion detection system, ai ids, ai intrusion detection\" width=\"850\" height=\"305\" srcset=\"https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/The-architecture-of-AI-based-IDS-adapted.jpg 850w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/The-architecture-of-AI-based-IDS-adapted-300x108.jpg 300w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/The-architecture-of-AI-based-IDS-adapted-768x276.jpg 768w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/The-architecture-of-AI-based-IDS-adapted-332x119.jpg 332w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/The-architecture-of-AI-based-IDS-adapted-664x238.jpg 664w, https:\/\/www.kaashivinfotech.com\/blog\/wp-content\/uploads\/2025\/06\/The-architecture-of-AI-based-IDS-adapted-688x247.jpg 688w\" sizes=\"(max-width: 850px) 100vw, 850px\" \/><figcaption id=\"caption-attachment-9568\" class=\"wp-caption-text\">The architecture of AI based IDS adapted<\/figcaption><\/figure>\n<\/div>\n<div class=\"jp-RenderedHTMLCommon jp-RenderedMarkdown jp-MarkdownOutput \" data-mime-type=\"text\/markdown\">\n<h1 id=\"Intrusion-Detection-using-Scikit-learn\">Intrusion Detection using Scikit-learn<a class=\"anchor-link\" href=\"#Intrusion-Detection-using-Scikit-learn\">\u00b6<\/a><\/h1>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-MarkdownCell jp-Notebook-cell\">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\"><\/div>\n<div class=\"jp-RenderedHTMLCommon jp-RenderedMarkdown jp-MarkdownOutput \" data-mime-type=\"text\/markdown\">\n<p>Uses machine learning to detect anomalies in network traffic.<\/p>\n<p>Flags data points the model thinks are intrusions.<\/p>\n<p>Very useful for numeric-based anomaly detection.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-MarkdownCell jp-Notebook-cell\">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\"><\/div>\n<div class=\"jp-RenderedHTMLCommon jp-RenderedMarkdown jp-MarkdownOutput \" data-mime-type=\"text\/markdown\">\n<h1 id=\"Port-scan-detection\">Port scan detection<a class=\"anchor-link\" href=\"#Port-scan-detection\">\u00b6<\/a><\/h1>\n<ul>\n<li>This flags IPs that are trying to connect to too many ports<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[\u00a0]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">pandas<\/span> <span class=\"k\">as<\/span> <span class=\"nn\">pd<\/span>\r\n<span class=\"kn\">from<\/span> <span class=\"nn\">collections<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">defaultdict<\/span>\r\n\r\n<span class=\"n\">log<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pd<\/span><span class=\"o\">.<\/span><span class=\"n\">read_csv<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"\/content\/drive\/My Drive\/<a href=\"https:\/\/drive.google.com\/file\/d\/1R0fRIa-M7ia7k1GvGqGR0OhWolMSGela\/view?usp=drive_link\" target=\"_blank\" rel=\"noopener\">network_log_1.csv<\/a>\"<\/span><span class=\"p\">)<\/span>\r\n<span class=\"n\">ip_ports<\/span> <span class=\"o\">=<\/span> <span class=\"n\">defaultdict<\/span><span class=\"p\">(<\/span><span class=\"nb\">set<\/span><span class=\"p\">)<\/span>\r\n\r\n<span class=\"k\">for<\/span> <span class=\"n\">_<\/span><span class=\"p\">,<\/span> <span class=\"n\">row<\/span> <span class=\"ow\">in<\/span> <span class=\"n\">log<\/span><span class=\"o\">.<\/span><span class=\"n\">iterrows<\/span><span class=\"p\">():<\/span>\r\n    <span class=\"n\">ip_ports<\/span><span class=\"p\">[<\/span><span class=\"n\">row<\/span><span class=\"p\">[<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">]]<\/span><span class=\"o\">.<\/span><span class=\"n\">add<\/span><span class=\"p\">(<\/span><span class=\"n\">row<\/span><span class=\"p\">[<\/span><span class=\"s1\">'dst_port'<\/span><span class=\"p\">])<\/span>\r\n\r\n<span class=\"n\">attackers<\/span> <span class=\"o\">=<\/span> <span class=\"p\">[<\/span><span class=\"n\">ip<\/span> <span class=\"k\">for<\/span> <span class=\"n\">ip<\/span><span class=\"p\">,<\/span> <span class=\"n\">ports<\/span> <span class=\"ow\">in<\/span> <span class=\"n\">ip_ports<\/span><span class=\"o\">.<\/span><span class=\"n\">items<\/span><span class=\"p\">()<\/span> <span class=\"k\">if<\/span> <span class=\"nb\">len<\/span><span class=\"p\">(<\/span><span class=\"n\">ports<\/span><span class=\"p\">)<\/span> <span class=\"o\">&gt;<\/span> <span class=\"mi\">50<\/span><span class=\"p\">]<\/span>\r\n<span class=\"nb\">print<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"Port scan suspects:\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">attackers<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>Port scan suspects: ['192.168.0.250']\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[5]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">pandas<\/span> <span class=\"k\">as<\/span> <span class=\"nn\">pd<\/span>\r\n<span class=\"kn\">from<\/span> <span class=\"nn\">sklearn.ensemble<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">IsolationForest<\/span>\r\n\r\n<span class=\"c1\"># Read the log file<\/span>\r\n<span class=\"n\">log<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pd<\/span><span class=\"o\">.<\/span><span class=\"n\">read_csv<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"\/content\/drive\/My Drive\/network_log_1.csv\"<\/span><span class=\"p\">)<\/span>\r\n\r\n<span class=\"c1\"># Count the number of distinct ports accessed by each IP<\/span>\r\n<span class=\"n\">ip_ports<\/span> <span class=\"o\">=<\/span> <span class=\"n\">log<\/span><span class=\"o\">.<\/span><span class=\"n\">groupby<\/span><span class=\"p\">(<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">)[<\/span><span class=\"s1\">'dst_port'<\/span><span class=\"p\">]<\/span><span class=\"o\">.<\/span><span class=\"n\">nunique<\/span><span class=\"p\">()<\/span><span class=\"o\">.<\/span><span class=\"n\">reset_index<\/span><span class=\"p\">()<\/span>\r\n\r\n<span class=\"c1\"># Train an IsolationForest model to detect anomalies (potential port scanning)<\/span>\r\n<span class=\"n\">model<\/span> <span class=\"o\">=<\/span> <span class=\"n\">IsolationForest<\/span><span class=\"p\">(<\/span><span class=\"n\">contamination<\/span><span class=\"o\">=<\/span><span class=\"mf\">0.05<\/span><span class=\"p\">)<\/span>  <span class=\"c1\"># Assuming 5% outliers<\/span>\r\n<span class=\"n\">ip_ports<\/span><span class=\"p\">[<\/span><span class=\"s1\">'anomaly'<\/span><span class=\"p\">]<\/span> <span class=\"o\">=<\/span> <span class=\"n\">model<\/span><span class=\"o\">.<\/span><span class=\"n\">fit_predict<\/span><span class=\"p\">(<\/span><span class=\"n\">ip_ports<\/span><span class=\"p\">[[<\/span><span class=\"s1\">'dst_port'<\/span><span class=\"p\">]])<\/span>\r\n\r\n<span class=\"c1\"># Get suspicious IPs (anomalies are labeled -1)<\/span>\r\n<span class=\"n\">attackers<\/span> <span class=\"o\">=<\/span> <span class=\"n\">ip_ports<\/span><span class=\"p\">[<\/span><span class=\"n\">ip_ports<\/span><span class=\"p\">[<\/span><span class=\"s1\">'anomaly'<\/span><span class=\"p\">]<\/span> <span class=\"o\">==<\/span> <span class=\"o\">-<\/span><span class=\"mi\">1<\/span><span class=\"p\">][<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">]<\/span><span class=\"o\">.<\/span><span class=\"n\">tolist<\/span><span class=\"p\">()<\/span>\r\n\r\n<span class=\"nb\">print<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"Port scan suspects:\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">attackers<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>Port scan suspects: ['192.168.0.14', '192.168.0.250', '192.168.0.26', '192.168.0.98']\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-MarkdownCell jp-Notebook-cell\">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\"><\/div>\n<div class=\"jp-RenderedHTMLCommon jp-RenderedMarkdown jp-MarkdownOutput \" data-mime-type=\"text\/markdown\">\n<h1 id=\"Brute-Force-Login-Detection\">Brute-Force Login Detection<a class=\"anchor-link\" href=\"#Brute-Force-Login-Detection\">\u00b6<\/a> [AI IDs]<\/h1>\n<ul>\n<li>IPs with excessive failed login attempts<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[\u00a0]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">pandas<\/span> <span class=\"k\">as<\/span> <span class=\"nn\">pd<\/span>\r\n<span class=\"kn\">from<\/span> <span class=\"nn\">collections<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">Counter<\/span>\r\n\r\n<span class=\"n\">log<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pd<\/span><span class=\"o\">.<\/span><span class=\"n\">read_csv<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"\/content\/drive\/My Drive\/<a href=\"https:\/\/drive.google.com\/file\/d\/1GEZeCMzYpDLAD8xCghS7szP8n0wiNWFX\/view?usp=drive_link\" target=\"_blank\" rel=\"noopener\">login_log.csv<\/a>\"<\/span><span class=\"p\">)<\/span>\r\n<span class=\"n\">failed<\/span> <span class=\"o\">=<\/span> <span class=\"n\">log<\/span><span class=\"p\">[<\/span><span class=\"n\">log<\/span><span class=\"p\">[<\/span><span class=\"s1\">'status'<\/span><span class=\"p\">]<\/span> <span class=\"o\">==<\/span> <span class=\"s1\">'FAIL'<\/span><span class=\"p\">]<\/span>\r\n<span class=\"n\">ip_counts<\/span> <span class=\"o\">=<\/span> <span class=\"n\">Counter<\/span><span class=\"p\">(<\/span><span class=\"n\">failed<\/span><span class=\"p\">[<\/span><span class=\"s1\">'ip'<\/span><span class=\"p\">])<\/span>\r\n\r\n<span class=\"n\">suspicious<\/span> <span class=\"o\">=<\/span> <span class=\"p\">[<\/span><span class=\"n\">ip<\/span> <span class=\"k\">for<\/span> <span class=\"n\">ip<\/span><span class=\"p\">,<\/span> <span class=\"n\">count<\/span> <span class=\"ow\">in<\/span> <span class=\"n\">ip_counts<\/span><span class=\"o\">.<\/span><span class=\"n\">items<\/span><span class=\"p\">()<\/span> <span class=\"k\">if<\/span> <span class=\"n\">count<\/span> <span class=\"o\">&gt;<\/span> <span class=\"mi\">10<\/span><span class=\"p\">]<\/span>\r\n<span class=\"nb\">print<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"Possible brute-force IPs:\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">suspicious<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>Possible brute-force IPs: ['192.168.1.200']\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[6]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">pandas<\/span> <span class=\"k\">as<\/span> <span class=\"nn\">pd<\/span>\r\n<span class=\"kn\">from<\/span> <span class=\"nn\">sklearn.ensemble<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">IsolationForest<\/span>\r\n\r\n<span class=\"c1\"># Read the log file<\/span>\r\n<span class=\"n\">log<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pd<\/span><span class=\"o\">.<\/span><span class=\"n\">read_csv<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"\/content\/drive\/My Drive\/login_log.csv\"<\/span><span class=\"p\">)<\/span>\r\n\r\n<span class=\"c1\"># Filter failed login attempts<\/span>\r\n<span class=\"n\">failed<\/span> <span class=\"o\">=<\/span> <span class=\"n\">log<\/span><span class=\"p\">[<\/span><span class=\"n\">log<\/span><span class=\"p\">[<\/span><span class=\"s1\">'status'<\/span><span class=\"p\">]<\/span> <span class=\"o\">==<\/span> <span class=\"s1\">'FAIL'<\/span><span class=\"p\">]<\/span>\r\n\r\n<span class=\"c1\"># Count failed attempts per IP<\/span>\r\n<span class=\"n\">ip_failed_attempts<\/span> <span class=\"o\">=<\/span> <span class=\"n\">failed<\/span><span class=\"o\">.<\/span><span class=\"n\">groupby<\/span><span class=\"p\">(<\/span><span class=\"s1\">'ip'<\/span><span class=\"p\">)<\/span><span class=\"o\">.<\/span><span class=\"n\">size<\/span><span class=\"p\">()<\/span><span class=\"o\">.<\/span><span class=\"n\">reset_index<\/span><span class=\"p\">(<\/span><span class=\"n\">name<\/span><span class=\"o\">=<\/span><span class=\"s1\">'failed_count'<\/span><span class=\"p\">)<\/span>\r\n\r\n<span class=\"c1\"># Train an IsolationForest model for anomaly detection<\/span>\r\n<span class=\"n\">model<\/span> <span class=\"o\">=<\/span> <span class=\"n\">IsolationForest<\/span><span class=\"p\">(<\/span><span class=\"n\">contamination<\/span><span class=\"o\">=<\/span><span class=\"mf\">0.05<\/span><span class=\"p\">)<\/span>  <span class=\"c1\"># 5% outliers<\/span>\r\n<span class=\"n\">ip_failed_attempts<\/span><span class=\"p\">[<\/span><span class=\"s1\">'anomaly'<\/span><span class=\"p\">]<\/span> <span class=\"o\">=<\/span> <span class=\"n\">model<\/span><span class=\"o\">.<\/span><span class=\"n\">fit_predict<\/span><span class=\"p\">(<\/span><span class=\"n\">ip_failed_attempts<\/span><span class=\"p\">[[<\/span><span class=\"s1\">'failed_count'<\/span><span class=\"p\">]])<\/span>\r\n\r\n<span class=\"c1\"># Get suspicious IPs (anomalies labeled as -1)<\/span>\r\n<span class=\"n\">suspicious_ips<\/span> <span class=\"o\">=<\/span> <span class=\"n\">ip_failed_attempts<\/span><span class=\"p\">[<\/span><span class=\"n\">ip_failed_attempts<\/span><span class=\"p\">[<\/span><span class=\"s1\">'anomaly'<\/span><span class=\"p\">]<\/span> <span class=\"o\">==<\/span> <span class=\"o\">-<\/span><span class=\"mi\">1<\/span><span class=\"p\">][<\/span><span class=\"s1\">'ip'<\/span><span class=\"p\">]<\/span><span class=\"o\">.<\/span><span class=\"n\">tolist<\/span><span class=\"p\">()<\/span>\r\n\r\n<span class=\"nb\">print<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"Possible brute-force IPs:\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">suspicious_ips<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>Possible brute-force IPs: ['192.168.1.200']\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-MarkdownCell jp-Notebook-cell\">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\"><\/div>\n<div class=\"jp-RenderedHTMLCommon jp-RenderedMarkdown jp-MarkdownOutput \" data-mime-type=\"text\/markdown\">\n<h1 id=\"DDoS-Attack-Detection\">DDoS Attack Detection<a class=\"anchor-link\" href=\"#DDoS-Attack-Detection\">\u00b6<\/a><\/h1>\n<ul>\n<li>IPs that send an unusually high number of requests in a short time.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[\u00a0]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">pandas<\/span> <span class=\"k\">as<\/span> <span class=\"nn\">pd<\/span>\r\n<span class=\"kn\">from<\/span> <span class=\"nn\">collections<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">Counter<\/span>\r\n\r\n<span class=\"n\">log<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pd<\/span><span class=\"o\">.<\/span><span class=\"n\">read_csv<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"\/content\/drive\/My Drive\/<a href=\"https:\/\/drive.google.com\/file\/d\/1FQt2epQVVOmz9zJ6LgLxKd_wjn-vIJ6z\/view?usp=drive_link\" target=\"_blank\" rel=\"noopener\">traffic_log.csv<\/a>\"<\/span><span class=\"p\">)<\/span>\r\n<span class=\"n\">ip_counts<\/span> <span class=\"o\">=<\/span> <span class=\"n\">Counter<\/span><span class=\"p\">(<\/span><span class=\"n\">log<\/span><span class=\"p\">[<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">])<\/span>\r\n\r\n<span class=\"n\">ddos_suspects<\/span> <span class=\"o\">=<\/span> <span class=\"p\">[<\/span><span class=\"n\">ip<\/span> <span class=\"k\">for<\/span> <span class=\"n\">ip<\/span><span class=\"p\">,<\/span> <span class=\"n\">count<\/span> <span class=\"ow\">in<\/span> <span class=\"n\">ip_counts<\/span><span class=\"o\">.<\/span><span class=\"n\">items<\/span><span class=\"p\">()<\/span> <span class=\"k\">if<\/span> <span class=\"n\">count<\/span> <span class=\"o\">&gt;<\/span> <span class=\"mi\">1000<\/span><span class=\"p\">]<\/span>  <span class=\"c1\"># Threshold<\/span>\r\n<span class=\"nb\">print<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"DDoS suspected IPs:\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">ddos_suspects<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>DDoS suspected IPs: ['10.0.0.251', '10.0.0.250']\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[7]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre><span class=\"kn\">import<\/span> <span class=\"nn\">pandas<\/span> <span class=\"k\">as<\/span> <span class=\"nn\">pd<\/span>\r\n<span class=\"kn\">from<\/span> <span class=\"nn\">sklearn.ensemble<\/span> <span class=\"kn\">import<\/span> <span class=\"n\">IsolationForest<\/span>\r\n\r\n<span class=\"c1\"># Read the log file<\/span>\r\n<span class=\"n\">log<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pd<\/span><span class=\"o\">.<\/span><span class=\"n\">read_csv<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"\/content\/drive\/My Drive\/traffic_log.csv\"<\/span><span class=\"p\">)<\/span>\r\n\r\n<span class=\"c1\"># Count requests per IP<\/span>\r\n<span class=\"n\">ip_requests<\/span> <span class=\"o\">=<\/span> <span class=\"n\">log<\/span><span class=\"o\">.<\/span><span class=\"n\">groupby<\/span><span class=\"p\">(<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">)<\/span><span class=\"o\">.<\/span><span class=\"n\">size<\/span><span class=\"p\">()<\/span><span class=\"o\">.<\/span><span class=\"n\">reset_index<\/span><span class=\"p\">(<\/span><span class=\"n\">name<\/span><span class=\"o\">=<\/span><span class=\"s1\">'request_count'<\/span><span class=\"p\">)<\/span>\r\n\r\n<span class=\"c1\"># Initialize IsolationForest with 5% contamination (outliers)<\/span>\r\n<span class=\"n\">model<\/span> <span class=\"o\">=<\/span> <span class=\"n\">IsolationForest<\/span><span class=\"p\">(<\/span><span class=\"n\">contamination<\/span><span class=\"o\">=<\/span><span class=\"mf\">0.05<\/span><span class=\"p\">)<\/span>\r\n\r\n<span class=\"c1\"># Predict anomalies: -1 for outliers, 1 for normal<\/span>\r\n<span class=\"n\">ip_requests<\/span><span class=\"p\">[<\/span><span class=\"s1\">'anomaly'<\/span><span class=\"p\">]<\/span> <span class=\"o\">=<\/span> <span class=\"n\">model<\/span><span class=\"o\">.<\/span><span class=\"n\">fit_predict<\/span><span class=\"p\">(<\/span><span class=\"n\">ip_requests<\/span><span class=\"p\">[[<\/span><span class=\"s1\">'request_count'<\/span><span class=\"p\">]])<\/span>\r\n\r\n<span class=\"c1\"># List IPs with anomalies (DDoS suspects)<\/span>\r\n<span class=\"n\">ddos_suspects<\/span> <span class=\"o\">=<\/span> <span class=\"n\">ip_requests<\/span><span class=\"p\">[<\/span><span class=\"n\">ip_requests<\/span><span class=\"p\">[<\/span><span class=\"s1\">'anomaly'<\/span><span class=\"p\">]<\/span> <span class=\"o\">==<\/span> <span class=\"o\">-<\/span><span class=\"mi\">1<\/span><span class=\"p\">][<\/span><span class=\"s1\">'src_ip'<\/span><span class=\"p\">]<\/span><span class=\"o\">.<\/span><span class=\"n\">tolist<\/span><span class=\"p\">()<\/span>\r\n\r\n<span class=\"nb\">print<\/span><span class=\"p\">(<\/span><span class=\"s2\">\"DDoS suspected IPs:\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">ddos_suspects<\/span><span class=\"p\">)<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell-outputWrapper\">\n<div class=\"jp-Collapser jp-OutputCollapser jp-Cell-outputCollapser\"><\/div>\n<div class=\"jp-OutputArea jp-Cell-outputArea\">\n<div class=\"jp-OutputArea-child\">\n<div class=\"jp-OutputPrompt jp-OutputArea-prompt\"><\/div>\n<div class=\"jp-RenderedText jp-OutputArea-output\" data-mime-type=\"text\/plain\">\n<pre>DDoS suspected IPs: ['10.0.0.1', '10.0.0.125', '10.0.0.134', '10.0.0.250', '10.0.0.251', '10.0.0.252', '10.0.0.36', '10.0.0.51']\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"jp-Cell jp-CodeCell jp-Notebook-cell jp-mod-noOutputs \">\n<div class=\"jp-Cell-inputWrapper\">\n<div class=\"jp-Collapser jp-InputCollapser jp-Cell-inputCollapser\"><\/div>\n<div class=\"jp-InputArea jp-Cell-inputArea\">\n<div class=\"jp-InputPrompt jp-InputArea-prompt\">In\u00a0[\u00a0]:<\/div>\n<div class=\"jp-CodeMirrorEditor jp-Editor jp-InputArea-editor\" data-type=\"inline\">\n<div class=\"CodeMirror cm-s-jupyter\">\n<div class=\" highlight hl-ipython3\">\n<pre> \r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI Based Intrusion Detection System: A Smarter Shield Against Cyber Threats In today\u2019s rapidly evolving digital landscape, traditional security tools often fall short in detecting sophisticated cyberattacks. This is where an AI based intrusion detection system (AI IDS) becomes essential. Leveraging machine learning and intelligent behavior analysis, AI intrusion detection systems can identify threats faster, [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":6672,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3203,3236],"tags":[5789,5797,5793,2047,5800,5798,5796,5791,5799,5790,5801,5792,5794,5802,5795],"class_list":["post-6668","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-programming","category-python","tag-ai-in-cybersecurity","tag-ai-based-intrusion-detection","tag-anomaly-detection","tag-artificial-intelligence","tag-automated-security-systems","tag-cybersecurity-ai-tools","tag-deep-learning-ids","tag-ids","tag-intelligent-threat-detection","tag-intrusion-detection-system","tag-intrusion-prevention","tag-machine-learning-security","tag-network-security","tag-neural-networks-security","tag-threat-detection"],"_links":{"self":[{"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/posts\/6668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/comments?post=6668"}],"version-history":[{"count":0,"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/posts\/6668\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/media\/6672"}],"wp:attachment":[{"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/media?parent=6668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/categories?post=6668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaashivinfotech.com\/blog\/wp-json\/wp\/v2\/tags?post=6668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}