A production-ready, enterprise-grade DDoS (Distributed Denial of Service) detection system with advanced machine learning capabilities, real-time monitoring, and professional web dashboard.
- Machine Learning: Isolation Forest algorithm with adaptive thresholding
- Statistical Analysis: Multi-layered anomaly detection with baseline learning
- Real-time Processing: Sub-second detection and response capabilities
- Behavioral Analysis: Traffic pattern recognition and burst detection
- Real-time Updates: WebSocket-powered live monitoring
- Interactive Visualizations: Dynamic charts with Chart.js
- Comprehensive Metrics: Traffic statistics, threat levels, and system health
- Responsive Design: Modern UI optimized for all devices
- Multi-method Monitoring: Raw packet capture + system connection fallback
- Automatic IP Blocking: Intelligent threat mitigation
- Prometheus Integration: Enterprise monitoring and alerting
- Professional Logging: Structured logging with rotation and levels
- Configuration Management: Environment-based configuration with validation
- Security Hardening: Input validation, rate limiting, and CORS protection
- Python 3.8+ with pip package manager
- Administrator/root privileges (required for network packet capture)
- Network interface access for traffic monitoring
- Modern web browser (Chrome, Firefox, Safari, Edge)
# Right-click PowerShell as Administrator
cd path\to\DDoS-Detection-main
.\start.ps1# Run with sudo for packet capture
sudo python3 ddos_detection.py# Clone repository
git clone https://github.com/yourusername/ddos-detection-system.git
cd ddos-detection-system
# Install dependencies
pip install -r requirements.txt
# Configure environment (optional)
cp .env.example .env
# Edit .env with your settings
# Start application
python ddos_detection.pyOpen http://localhost:5000 in your browser
# Clone repository
git clone https://github.com/yourusername/ddos-detection-system.git
cd ddos-detection-system
# Create virtual environment (recommended)
python -m venv venv
source venv/bin/activate # Linux/macOS
# or
venv\Scripts\activate # Windows
# Install dependencies
pip install -r requirements.txtCreate .env file for custom settings:
# Security
SECRET_KEY=your-secret-key-here
DEBUG=False
# Network
WEB_HOST=127.0.0.1
WEB_PORT=5000
INTERFACE=eth0
# Detection Parameters
TIME_WINDOW=10
HISTORY_WINDOW=60
REQUEST_THRESHOLD_MULTIPLIER=3.0
ANOMALY_THRESHOLD=0.1
# Logging
LOG_LEVEL=INFO
LOG_FILE=logs/ddos_detection.log# Production mode
python ddos_detection.py
# Development mode with debug
DEBUG=True python ddos_detection.py
# Custom configuration
CONFIG_FILE=custom.env python ddos_detection.py- π Real-time Traffic Monitoring: Live network activity visualization
- π― Threat Detection: ML-powered anomaly identification
- π« IP Management: Block/unblock suspicious addresses
- π Analytics: Comprehensive traffic statistics and trends
- βοΈ System Health: Monitoring status and performance metrics
# System status
GET /api/status
# Traffic statistics
GET /api/stats
# Block IP address
POST /api/block-ip
{"ip": "192.168.1.100"}
# Unblock IP address
POST /api/unblock-ip
{"ip": "192.168.1.100"}
# Clear traffic data
POST /api/clear-traffic- Machine Learning: Isolation Forest with adaptive contamination
- Statistical Analysis: Baseline learning and deviation detection
- Feature Extraction: Multi-dimensional traffic analysis
- Threat Classification: 4-level threat assessment (low/medium/high/critical)
- Dual-mode Operation: Raw packet capture + connection monitoring
- Cross-platform Support: Windows/Linux/macOS compatibility
- Automatic Fallback: Graceful degradation when privileges unavailable
- Performance Optimized: Efficient packet processing and filtering
- Real-time Dashboard: WebSocket-powered live updates
- Responsive Design: Mobile-friendly interface
- Interactive Charts: Dynamic visualization with Chart.js
- Professional UI: Modern design with Bootstrap components
- Input validation and sanitization
- Rate limiting for API endpoints
- CORS protection and secure headers
- Environment-based configuration
- Structured logging with rotation
- Prometheus metrics integration
- Health check endpoints
- Performance monitoring
- Environment variable support
- Configuration validation
- Runtime parameter adjustment
- Production-ready defaults
# Run test suite
python -m pytest tests/
# Run with coverage
python -m pytest --cov=src tests/
# Integration tests
python test_app.py# Generate network activity for testing:
# 1. Browse multiple websites simultaneously
# 2. Download large files
# 3. Run network-intensive applications
# 4. Use tools like curl or wget in loops
# Monitor logs for detection events
tail -f logs/ddos_detection.logconfig.py: Core application settings.env: Environment-specific overridesrequirements.txt: Python dependencies
# Detection sensitivity
REQUEST_THRESHOLD_MULTIPLIER = 3.0 # Higher = less sensitive
ANOMALY_THRESHOLD = 0.1 # ML contamination rate
# Performance tuning
TIME_WINDOW = 10 # Analysis window (seconds)
HISTORY_WINDOW = 60 # Data retention (seconds)
MONITORING_INTERVAL = 1 # Update frequency (seconds)
# Security settings
MAX_REQUESTS_PER_MINUTE = 100 # Rate limiting
BLOCK_DURATION = 300 # IP block duration (seconds)| Issue | Solution |
|---|---|
| Permission denied | Run as Administrator/sudo |
| No network interface | Check INTERFACE setting in config |
| Dashboard not loading | Verify port 5000 is available |
| No traffic detected | Ensure network activity is present |
# Enable verbose logging
LOG_LEVEL=DEBUG python ddos_detection.py
# Check system compatibility
python -c "import scapy; print('Scapy available')"
python -c "import psutil; print('Psutil available')"# View recent logs
tail -f logs/ddos_detection.log
# Search for errors
grep -i error logs/ddos_detection.log
# Monitor traffic detection
grep "traffic update" logs/ddos_detection.logWe welcome contributions! Please follow these guidelines:
# Fork and clone repository
git clone https://github.com/yourusername/ddos-detection-system.git
cd ddos-detection-system
# Create development environment
python -m venv venv
source venv/bin/activate
pip install -r requirements-dev.txt
# Install pre-commit hooks
pre-commit install- Style: Black code formatting
- Linting: Flake8 compliance
- Type Hints: Full type annotation
- Documentation: Comprehensive docstrings
- Testing: Unit tests for new features
- π΄ Fork the repository
- πΏ Create feature branch (
git checkout -b feature/amazing-feature) - π» Make your changes with tests
- β
Run test suite (
pytest) - π Update documentation
- π Submit pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- π Documentation: Check this README and code comments
- π Bug Reports: Open an issue with detailed information
- π‘ Feature Requests: Describe your use case and requirements
- π¬ Discussions: Use GitHub Discussions for questions
For enterprise deployments and custom integrations, contact the maintainers.
β If this project helps you, please consider giving it a star!
π Connect with us:
- GitHub: @yourusername
- LinkedIn: Your Profile
- Email: your.email@domain.com