AIML-CyberDefense-System

An AI-Driven Cyber Defense Platform combining Network Flow Machine Learning, Behavioral Biometrics, and Real-Time Threat Intelligence for autonomous intrusion detection.

---

Overview

A unified AI/ML cyber-defense system that detects DDoS attacks and automated bots using a dual pipeline of network-flow machine learning (RF + XGBoost) and mouse-dynamics behavioral biometrics (RF + LSTM). It features a secure Flask backend with JWT auth, real-time Socket.IO alerts, and MySQL logging, delivering a low-latency, multi-modal defense layer against modern network threats and automated attacks.

---

Key Capabilities

Flow-Based Intrusion Detection using Random Forest + XGBoost ensemble.

Behavioral Biometrics (Mouse Dynamics) with RF + LSTM hybrid modeling.

Real-Time Threat Alerts via Socket.IO dashboard.

Adaptive Rate Limiting & IP Blocking using sliding-window analysis.

Automation Detection for Selenium, Puppeteer, and Playwright bots.

Secure Backend Architecture with Flask, JWT auth, and bcrypt hashing.

MySQL Data Persistence for flows, behavioral events, and predictions.

Modular, Low-Latency Pipeline optimized for real-time cyber defense.

---

System Architecture

---

Technology Stack

Backend

Machine Learning

Frontend

Database

DevOps

---

Machine Learning Models

Flow-Based Models

Model	Purpose	File
Random Forest	Baseline binary classifier	rf_model.save
XGBoost	Final booster model	xgb_model.json
Scaler	Feature normalization	scaler_used.save
Label Encoder	Attack label encoding	label_encoder.save

Mouse Dynamics Models

Model	Purpose	File
RF Classifier	Handcrafted feature classifier	mouse_rf.save
LSTM Model	Temporal sequence model	mouse_lstm.keras
Scaler	LSTM normalization	mouse_lstm_scaler.save
Ensemble Meta	Hybrid weighting	mouse_ensemble_meta.json

Datasets Used

CIC-IDS 2017 DDoS Dataset

Balabit Mouse Dynamics Dataset

ISiT Mouse Dynamics Dataset

---

Local Installation

Clone Repo (bash)

git clone https://github.com/Spyderzz/AIML-CyberDefense-System
cd AIML-CyberDefense-System

Loading ML Models

Download pre-trained models and place them in ./data/processed or run bash:

curl -L -o data_processed.zip "https://github.com/<username>/<repo>/releases/download/v1.0-models/data_processed.zip"
unzip data_processed.zip -d data/processed

Backend Setup

cd backend
python -m venv venv
venv/Scripts/activate   # Windows
pip install -r requirements.txt

Frontend Setup

cd frontend
npm install
npm run dev

Environment File

Create .env using this powershell cmd:

Copy-Item .env.example -Destination .env

---

Build Frontend for GitHub Pages

1️⃣ Add homepage to package.json

"homepage": "https://<your-username>.github.io/<repo-name>"

2️⃣ Install GH Pages

npm install --save-dev gh-pages

3️⃣ Add deploy scripts

"scripts": {
  "build": "vite build",
  "predeploy": "npm run build",
  "deploy": "gh-pages -d dist"
}

4️⃣ Deploy

npm run deploy

---

Docker Deployment

Build

docker build -t aiml-cyberdefense-system .

Run

docker run -p 5000:5000 aiml-cyberdefense-system

---

Security Features

• Behavior-driven bot detection
• Adaptive sliding-window IP rate limiting
• Auto-blocking suspicious clients
• Automation fingerprint detection
• JWT access/refresh tokens
• BCrypt hashing with cost upgrade

---

License

MIT License — free for academic, research, and commercial use.

---

Author

Atharva

---

⭐ If you liked this project, don’t forget to star the repo!