A comprehensive, GSOC-level security monitoring solution that leverages Artificial Intelligence to detect network anomalies, visualize threats in real-time, and provide actionable insights for system administrators.
This platform is designed to bridge the gap between traditional log monitoring and modern AI-driven threat intelligence. By ingesting system and network logs in real-time, parsing them through an advanced Isolation Forest machine learning model, and visualizing the results on a dynamic Next.js Dashboard, it empowers security teams to identify zero-day attacks and subtle anomalies that rule-based systems miss.
flowchart LR
Logs[System & Network Logs] --> Ingest[FastAPI Log Ingestion API]
Ingest --> DB[(SQLite via SQLAlchemy)]
Ingest --> Model[Isolation Forest Anomaly Model]
Model --> Scored[Scored Events - Normal / Suspicious / Critical]
Scored --> Dashboard[Next.js Real-time Dashboard]
Dashboard --> Globe[3D Threat Globe]
Dashboard --> Graph[3D Network Topology]
Dashboard --> Charts[Recharts Visualizations]
The platform ingests raw system and network logs, stores them in a relational database, scores them with an Isolation Forest model, and serves the results to a Next.js dashboard that renders traditional charts and immersive 3D visualizations.
- ๐ต๏ธ Real-time Anomaly Detection: Utilizes Unsupervised Learning (Isolation Forest) to detect outliers in network traffic and user behavior.
- ๐ Interactive Dashboard: Built with Next.js and Recharts to visualize traffic spikes, threat distribution, and live logs.
- ๐ 3D Threat Globe Visualization: Interactive 3D globe using React Three Fiber to visualize global threat distribution with color-coded severity indicators.
- ๐ 3D Network Topology Graph: Real-time 3D network relationship mapping with interactive nodes showing server, client, and threat connections.
- โจ Advanced 3D Animations: Smooth animations, hover effects, and auto-rotation for immersive threat monitoring experience.
- โก High-Performance Backend: FastAPI drives the API, ensuring millisecond-latency responses for log ingestion and inference.
- ๐ฅ Universal Log Ingestion: Capable of parsing standardized system logs and network traffic data.
- ๐จ Threat Intelligence: Automatically classifies events as "Normal", "Suspicious", or "Critical" based on AI confidence scores.
- Python 3.10+: Core logic.
- FastAPI: High-performance Async API framework.
- Scikit-learn: Machine Learning (Isolation Forest).
- Pandas & NumPy: Data manipulation and feature extraction.
- SQLAlchemy & SQLite: ORM and Database (Easily scalable to PostgreSQL).
This project focuses on unsupervised anomaly detection, where labeled attack data is rare and patterns evolve quickly. Isolation Forest is well-suited because:
- It works without labeled data, matching real-world security logs where we don't have ground-truth labels for every event.
- It handles high-dimensional, noisy features (IPs, ports, sizes, timings) with robust performance.
- Compared to density-based methods (like LOF), it scales better to large log volumes and is faster to train and infer with.
- Compared to supervised classifiers, it doesn't overfit to known attack signatures and can surface previously unseen, zero-day style anomalies.
These properties make Isolation Forest a practical baseline model for an AI-powered security monitoring platform, while leaving room for future extensions (autoencoders, ensembles, or hybrid rules-plus-ML systems).
- Next.js 15: React framework for production.
- TailwindCSS: Utility-first styling.
- Recharts: Composable charting library.
- Lucide React: Beautiful icons.
- Three.js: WebGL 3D graphics library for immersive visualizations.
- React Three Fiber: React renderer for Three.js enabling declarative 3D scenes.
- @react-three/drei: Useful helpers and abstractions for React Three Fiber.
Live Demo: Coming soon โ Cloud deployment in progress (AWS/Render).
| Dashboard View | 3D Threat Globe | Network Topology |
|---|---|---|
 |
 |
 |
๐ Add screenshots to
docs/screenshots/and update the paths above.
Follow these steps to set up the project locally.
- Python 3.9 or higher
- Node.js 18.0 or higher
- Git
git clone https://github.com/DHANUSHGCODE/AI-Powered-Security-Monitoring-Threat-Detection-Platform.git
cd AI-Powered-Security-Monitoring-Threat-Detection-PlatformInitialize the Python environment and install dependencies.
cd backend
# Create virtual environment (optional but recommended)
python -m venv venv
# Windows: venv\Scripts\activate
# Mac/Linux: source venv/bin/activate
# Install dependencies
pip install -r requirements.txtTrain the initial model using the provided simulation data.
# From the root directory
python ai-model/train_model.pyThis will generate a generated_logs.csv dataset and save the trained model to ai-model/isolation_forest_model.pkl.
# From the root directory
uvicorn backend.main:app --reload --port 8000The API will be available at http://localhost:8000.
Interactive Docs: http://localhost:8000/docs.
Open a new terminal and set up the Next.js dashboard.
cd frontend
npm install
npm run devThe dashboard will launch at http://localhost:3000.
| Method | Endpoint | Description |
|---|---|---|
GET |
/ |
Health check. |
POST |
/logs/ |
Ingest a new log entry. |
GET |
/logs/ |
Retrieve recent logs (supports pagination). |
POST |
/predict/ |
Get anomaly score for a specific traffic pattern. |
- Core Log Ingestion & Database
- Basic Anomaly Detection Model
- Real-time Dashboard
- Docker Containerization
- WebSocket Integration for Live Alerts
- User Authentication (OAuth2)
- Deployment to Cloud (AWS/Render)
Contributions are welcome! Please fork the repository and submit a pull request for any enhancements.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
See CONTRIBUTING.md for detailed guidelines.
Distributed under the MIT License. See LICENSE for more information.