CLASSIFIED OPERATION: AI-DRIVEN SOC TOOLKIT & HYBRID IDS/IPS
STATUS: DEPLOYED | AUTHOR: MR. CIPHER-X [C|THE]
SentinAI is a comprehensive, localized Security Operations Centre (SOC) toolkit engineered to replace traditional, reactive perimeter defenses. Operating as a Hybrid Intrusion Detection and Prevention System (IDS/IPS), SentinAI utilizes a sophisticated dual-engine architecture. It converges low-level network telemetry (via Scapy) with unsupervised machine learning (IsolationForest via Scikit-learn) and dynamic firewall orchestration to provide real-time behavioral anomaly detection and automated incident response.
graph TD;
A[Live Network Traffic OSI L3/L4] -->|Packet Sniffing| B(Scapy Telemetry Engine);
B --> C{Dual-Engine Analysis};
C -->|Tier 1: Heuristic Engine| D[Signature & Port Matching];
C -->|Tier 2: ML Engine| E[IsolationForest Behavioral Analysis];
D -->|Known C2 Port / Payload Match| F[Threat Identified];
E -->|Unsupervised Outlier Detected| F;
F --> G{Automated Response};
G -->|Dynamic Orchestration| H[Windows Defender / iptables Block];
G -->|Asynchronous UI| I[Streamlit SOC Analyst Dashboard];
style A fill:#1a1a1a,stroke:#00FFFF,stroke-width:2px;
style I fill:#1a1a1a,stroke:#8A2BE2,stroke-width:2px;
| Threat Vector | Detection Modality | Automated Response / Orchestration |
|---|---|---|
| Known C2 Beaconing | Deterministic Heuristics (Ports 4444, 1337) | Intercept payload, orchestrate netsh or iptables to drop packets. |
| Zero-Day & APTs | Unsupervised ML (IsolationForest Anomaly) | Flag statistical outliers in traffic behavior; trigger SOC dashboard alert. |
| Malicious Shellcode | Deep Packet Inspection (Scapy) | Parse OSI Layer 3/4 headers for execution strings; initiate localized containment. |
(Note: Target network telemetry and active ML model weights are classified. The following displays the SentinAI asynchronous dashboard and parsing engine.)
[ OPERATION TERMINATED - GRID SECURED ]