Upload 4 files

README.md

@@ -1,12 +1,17 @@
----
-title: Intrusion Dashboard
-emoji: 🦀
-colorFrom: gray
-colorTo: indigo
-sdk: streamlit
-sdk_version: 1.43.2
-app_file: app.py
-pinned: false
----
+# Intrusion Detection Dashboard
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+## Overview
+This web app is an interactive dashboard that allows users to explore network session data and predict whether a session is likely to be a cyberattack. The prediction is powered by a LightGBM machine learning model, trained on an intrusion detection dataset and deployed via a Flask AP on Hugging Face Spaces.
+
+## Model Info
+- Model: LightGBM
+- Recall: 87.1%
+- Precision: 62.5%
+- F1 Score: 73.0%
+- Threshold:  0.2
+
+## Features
+- Interactive Filtering: View attack distributions by protocol and encryption type.
+- Visualization: Explore traffic patterns and protocol frequency.
+- Real-time Prediction: Input session characteristics to predict if it's likely an intrusion.
+- API Integration: Connects to a Flask API deployed on Hugging Face Spaces.

app.py

@@ -0,0 +1,127 @@
+import streamlit as st
+import pandas as pd
+import altair as alt
+import plotly.express as px
+import requests
+import numpy as np
+
+#######################
+# Page Configuration
+st.set_page_config(
+    page_title="Intrusion Detection Dashboard",
+    page_icon="🛡️",
+    layout="wide",
+    initial_sidebar_state="expanded"
+)
+
+alt.themes.enable("dark")
+
+#######################
+# Load Intrusion Detection Data
+df_intrusions = pd.read_csv('data/cybersecurity_intrusions.csv')
+
+#######################
+# Sidebar Filters
+with st.sidebar:
+    st.title('🛡️ Intrusion Detection Dashboard')
+
+    st.markdown("### This app predicts whether a network session is likely to be a cyberattack based on session characteristics such as packet size, login attemps, and IP reputation. Powered by a LightGBM model trained on labeled intrusion data.")
+    
+    st.markdown("### Model Info")
+    st.markdown("""
+    - **Model:** LightGBM Classifier  
+    - **Recall:** 87.1%  
+    - **Precision:** 62.8%  
+    - **F1 Score:** 73.0%  
+    - **Threshold:** 0.2 (favor recall over precision)  
+    """)
+
+#######################
+# Model Overview Section
+
+st.markdown("### About This App")
+st.markdown("""
+This app predicts whether a network session is likely to be a cyberattack based on session-level characteristics 
+like packet size, login attempts, encryption type, and IP reputation score.
+
+The underlying model was trained on a labeled intrusion detection dataset using LightGBM, a fast and accurate gradient boosting framework.
+This project demonstrates real-time predictions via a deployed API, and provides insight into the features most correlated with attack behavior.
+""")
+
+#######################
+# Intrusion Prediction Using API
+st.markdown("### 🔍 Intrusion Detection Prediction")
+
+# Input fields for real-time attack detection
+protocol_type = st.selectbox("Protocol Type", ["TCP", "UDP", "ICMP"])
+encryption_used = st.selectbox("Encryption Used", ["AES", "DES", "None"])
+packet_size = st.number_input("Network Packet Size", value=500)
+login_attempts = st.number_input("Login Attempts", value=3)
+session_duration = st.number_input("Session Duration", value=500.0)
+ip_reputation = st.number_input("IP Reputation Score", value=0.5)
+failed_logins = st.number_input("Failed Logins", value=1)
+unusual_access = st.checkbox("Unusual Time Access")
+
+# Manually apply one-hot encoding
+protocol_tcp = 1 if protocol_type == "TCP" else 0
+protocol_udp = 1 if protocol_type == "UDP" else 0
+encryption_des = 1 if encryption_used == "DES" else 0
+encryption_none = 1 if encryption_used == "None" else 0
+
+# API URL
+API_URL = "https://e-eeeema-intrusion-detection.hf.space/predict"
+
+if st.button("Predict Attack"):
+    features = [
+        packet_size,
+        login_attempts,
+        session_duration,
+        ip_reputation,
+        failed_logins,
+        int(unusual_access),
+        protocol_tcp,
+        protocol_udp,
+        encryption_des,
+        encryption_none
+    ]
+
+    response = requests.post(API_URL, json={"features": features})
+
+    if response.status_code == 200:
+        result = response.json()
+        prediction = response.json().get("attack_detected", 0)
+        probability = result.get("probability", 0.0)
+
+        st.markdown(f"**🧮 Prediction Confidence:** `{probability*100:.2f}%`")
+
+        if prediction == 1:
+            st.error("🚨 Attack Detected!")
+            st.markdown("""
+            > **Why?** The model flagged this session as an intrusion based on a combination of:
+            - Suspicious IP reputation
+            - Multiple failed login attempts
+            - Unusual access time or weak encryption
+            """)
+        else:
+            st.success("✅ No Attack Detected.")
+            st.markdown("> **Why?** The session appears typical and shows no strong indicators of intrusion.")
+
+        # Confidence interpretation
+        if probability >= 0.7:
+            st.info("🔍 High model confidence in this prediction.")
+        elif probability >= 0.4:
+            st.warning("⚠️ Medium confidence – results should be interpreted with caution.")
+        else:
+            st.warning("❗ Low confidence – the model is uncertain about this prediction.")
+    else:
+        st.error("⚠️ API request failed. Please check the API URL.")
+
+
+#######################
+# Resources
+
+st.markdown("#### 🔗 Resources")
+st.markdown("""
+- 📂 [View Model Training Code on GitHub](https://github.com/butlerem/intrusion-detection-model-lgbm/blob/main/intrusion_detector.ipynb)  
+- 📊 [View Kaggle Dataset](https://www.kaggle.com/code/nukimayasari/cybersecurity-intrusion)
+""")

requirements.txt

@@ -0,0 +1,5 @@
+streamlit
+pandas
+altair
+plotly
+requests