Skip to content

Home

Jump to bottom
DHANUSH G edited this page Mar 4, 2026 · 1 revision

πŸ›‘οΈ AI-Powered Security Monitoring & Threat Detection Platform

A GSOC-level, production-ready AI security platform that ingests real-time network logs, detects anomalies using Isolation Forest ML, and visualizes threats on an interactive Next.js dashboard with immersive 3D visualizations.

Build Status Python Next.js License

πŸ“‹ Table of Contents

Page Description
Home Project overview, goals, and wiki index
Architecture System design, data flow, and component breakdown
Setup-Guide Local development setup and deployment
API-Reference Full REST API documentation with examples
Contributing How to contribute β€” code, docs, or testing
GSoC-Project-Ideas Open GSoC ideas, mentorship info, and how to apply

🌟 What is this Project?

This platform bridges the gap between traditional log monitoring and modern AI-driven threat intelligence. It ingests system and network logs in real-time, scores them with a trained Isolation Forest machine learning model, and presents actionable insights on a dynamic dashboard β€” empowering security teams to detect zero-day attacks and subtle behavioral anomalies that rule-based systems miss.

πŸš€ Key Features

Feature Description
πŸ•΅οΈ Real-time Anomaly Detection Unsupervised Isolation Forest ML detects outliers in network traffic
πŸ“Š Interactive Dashboard Next.js + Recharts for live traffic, threats, and log visualization
🌐 3D Threat Globe React Three Fiber globe showing global threat distribution
πŸ”— 3D Network Topology Real-time 3D node graph of server/client/threat relationships
⚑ High-Performance API FastAPI with millisecond-latency log ingestion and inference
πŸ“₯ Universal Log Ingestion Parses standardized system logs and network traffic data
🚨 Threat Classification Auto-classifies events as Normal, Suspicious, or Critical
πŸ§ͺ Tested Backend Full pytest suite covering success, error, and pagination cases

πŸ› οΈ Tech Stack

Backend

  • Python 3.10+ β€” Core logic
  • FastAPI β€” High-performance async REST API
  • Scikit-learn β€” Isolation Forest ML model
  • Pandas & NumPy β€” Feature engineering and data manipulation
  • SQLAlchemy + SQLite β€” ORM and relational storage (PostgreSQL-ready)
  • Pytest + HTTPX β€” Unit and integration testing

Frontend

  • Next.js 14 β€” React production framework
  • TailwindCSS β€” Utility-first styling
  • Recharts β€” Composable charting
  • Three.js + React Three Fiber β€” WebGL 3D visualizations
  • @react-three/drei β€” Three.js helpers and abstractions
  • Lucide React β€” Icon library

DevOps / CI

  • GitHub Actions β€” Automated CI pipeline (ci.yml)
  • Docker β€” Containerized deployment (roadmap)
  • PYTHONPATH β€” Configured for seamless backend module imports in CI

πŸ“ Repository Structure

ai-security-platform/
β”œβ”€β”€ .github/
β”‚   └── workflows/
β”‚       └── ci.yml              # GitHub Actions CI pipeline
β”œβ”€β”€ ai-model/
β”‚   β”œβ”€β”€ train_model.py          # Isolation Forest training script
β”‚   └── isolation_forest_model.pkl
β”œβ”€β”€ backend/
β”‚   β”œβ”€β”€ main.py                 # FastAPI application entry point
β”‚   β”œβ”€β”€ models.py               # SQLAlchemy database models
β”‚   β”œβ”€β”€ schemas.py              # Pydantic request/response schemas
β”‚   β”œβ”€β”€ routes/                 # API route handlers
β”‚   β”œβ”€β”€ requirements.txt
β”‚   └── tests/
β”‚       β”œβ”€β”€ test_health.py      # Health check endpoint tests
β”‚       β”œβ”€β”€ test_logs.py        # /logs/ endpoint unit tests
β”‚       └── test_predict.py     # /predict/ endpoint tests
β”œβ”€β”€ data/
β”‚   └── generated_logs.csv      # Simulated training dataset
β”œβ”€β”€ docs/
β”‚   └── advanced_features.md   # Advanced implementation guide
β”œβ”€β”€ frontend/
β”‚   β”œβ”€β”€ pages/                  # Next.js pages
β”‚   β”œβ”€β”€ components/             # React components (charts, 3D globe, etc.)
β”‚   └── package.json
β”œβ”€β”€ CONTRIBUTING.md
β”œβ”€β”€ SECURITY.md
β”œβ”€β”€ SETUP_GUIDE.md
└── README.md

πŸ—ΊοΈ Project Roadmap

  • Core Log Ingestion & Database (SQLite + SQLAlchemy)
  • Isolation Forest Anomaly Detection Model
  • FastAPI REST Backend
  • Interactive Next.js Dashboard
  • 3D Threat Globe & Network Topology
  • Comprehensive Pytest Test Suite
  • GitHub Actions CI Pipeline
  • WebSocket Integration for Live Streaming Alerts
  • OAuth2 / JWT User Authentication
  • Docker Containerization & Docker Compose
  • Deployment to Cloud (AWS / Render / GCP)
  • Autoencoder Model for Deep Anomaly Detection
  • Multi-tenant Support
  • Alerting via Email / Slack Webhooks

πŸ‘₯ Community & Support

This wiki is maintained as part of the GSOC-level documentation standard. All contributors are encouraged to keep it up to date.

Clone this wiki locally