Upload app.py

app.py

@@ -0,0 +1,207 @@
+# ============================
+# AI-Based Network Intrusion Detection System (NIDS)
+# VOIS Internship – Final Project
+# ============================
+
+import streamlit as st
+import pandas as pd
+import numpy as np
+from sklearn.ensemble import RandomForestClassifier
+from sklearn.model_selection import train_test_split
+from sklearn.metrics import accuracy_score, confusion_matrix
+import matplotlib.pyplot as plt
+import seaborn as sns
+from groq import Groq
+
+# ============================
+# PAGE CONFIG
+# ============================
+st.set_page_config(page_title="AI-Based NIDS", layout="wide")
+
+st.title("AI-Based Network Intrusion Detection System")
+st.markdown("""
+This project implements a **Random Forest–based Network Intrusion Detection System (NIDS)**.  
+It supports:
+- Simulated traffic
+- Real CIC-style CSV datasets
+- Live packet analysis
+- AI-based explanation using Groq
+""")
+
+# ============================
+# SESSION STATE INIT
+# ============================
+for key in ["model", "accuracy", "conf_matrix", "features", "X_test", "y_test"]:
+    if key not in st.session_state:
+        st.session_state[key] = None
+
+# ============================
+# SIDEBAR – SETTINGS
+# ============================
+st.sidebar.header("1. Settings")
+groq_api_key = st.sidebar.text_input("Groq API Key", type="password")
+
+st.sidebar.header("2. Data Mode")
+data_mode = st.sidebar.radio(
+    "Select Data Source",
+    ("Simulation Mode", "CSV Upload Mode")
+)
+
+# ============================
+# DATA LOADING FUNCTIONS
+# ============================
+def load_simulated_data(samples=2000):
+    np.random.seed(42)
+    df = pd.DataFrame({
+        "packet_size": np.random.randint(20, 1500, samples),
+        "duration": np.random.uniform(0, 60, samples),
+        "src_bytes": np.random.randint(0, 10000, samples),
+        "dst_bytes": np.random.randint(0, 10000, samples),
+        "failed_logins": np.random.randint(0, 5, samples),
+    })
+    df["label"] = np.where(
+        (df["failed_logins"] > 2) | (df["src_bytes"] > 8000),
+        1, 0
+    )
+    return df
+
+def preprocess_csv(df):
+    df = df.replace([np.inf, -np.inf], np.nan).dropna()
+
+    # Normalize CIC-like labels
+    if "Label" in df.columns:
+        df["Label"] = df["Label"].apply(lambda x: 0 if x == "BENIGN" else 1)
+
+    df = df.rename(columns={
+        "Flow Duration": "duration",
+        "Total Fwd Packets": "src_bytes",
+        "Total Backward Packets": "dst_bytes",
+        "Packet Length Mean": "packet_size",
+        "Label": "label"
+    })
+
+    required = ["packet_size", "duration", "src_bytes", "dst_bytes", "label"]
+    return df[required]
+
+# ============================
+# MODEL TRAINING
+# ============================
+def train_model(df):
+    X = df.drop("label", axis=1)
+    y = df["label"]
+
+    X_train, X_test, y_train, y_test = train_test_split(
+        X, y, test_size=0.3, random_state=42
+    )
+
+    model = RandomForestClassifier(
+        n_estimators=100,
+        max_depth=12,
+        random_state=42
+    )
+    model.fit(X_train, y_train)
+
+    acc = accuracy_score(y_test, model.predict(X_test))
+    cm = confusion_matrix(y_test, model.predict(X_test))
+
+    return model, acc, cm, X_test, y_test
+
+def plot_confusion_matrix(cm):
+    fig, ax = plt.subplots()
+    sns.heatmap(
+        cm, annot=True, fmt="d",
+        xticklabels=["Normal", "Intrusion"],
+        yticklabels=["Normal", "Intrusion"],
+        cmap="Blues", ax=ax
+    )
+    ax.set_xlabel("Predicted")
+    ax.set_ylabel("Actual")
+    ax.set_title("Confusion Matrix")
+    return fig
+
+# ============================
+# TRAIN MODEL BUTTON
+# ============================
+st.sidebar.header("3. Model Training")
+
+uploaded_file = None
+if data_mode == "CSV Upload Mode":
+    uploaded_file = st.sidebar.file_uploader("Upload CSV Dataset", type=["csv"])
+
+if st.sidebar.button("Train Model"):
+    with st.spinner("Training model..."):
+        if data_mode == "Simulation Mode":
+            df = load_simulated_data()
+        else:
+            if uploaded_file is None:
+                st.sidebar.error("Please upload a CSV file first.")
+                st.stop()
+            raw_df = pd.read_csv(uploaded_file)
+            df = preprocess_csv(raw_df)
+
+        model, acc, cm, X_test, y_test = train_model(df)
+
+        st.session_state.model = model
+        st.session_state.accuracy = acc
+        st.session_state.conf_matrix = cm
+        st.session_state.X_test = X_test
+        st.session_state.y_test = y_test
+
+        st.sidebar.success(f"Training completed (Accuracy: {acc:.2%})")
+
+# ============================
+# DASHBOARD
+# ============================
+st.header("Threat Analysis Dashboard")
+
+if st.session_state.model is not None:
+    st.metric("Model Accuracy", f"{st.session_state.accuracy:.2%}")
+    st.pyplot(plot_confusion_matrix(st.session_state.conf_matrix))
+
+    st.markdown("---")
+    st.subheader("Live Packet Simulation")
+
+    if st.button("Capture Random Packet"):
+        idx = np.random.randint(0, len(st.session_state.X_test))
+        st.session_state.packet = st.session_state.X_test.iloc[idx]
+        st.session_state.actual = st.session_state.y_test.iloc[idx]
+
+    if "packet" in st.session_state:
+        packet = st.session_state.packet
+        pred = st.session_state.model.predict([packet])[0]
+
+        st.write("Packet Data")
+        st.dataframe(packet.to_frame().T)
+
+        if pred == 1:
+            st.error("Prediction: Intrusion Detected")
+        else:
+            st.success("Prediction: Normal Traffic")
+
+        st.caption(f"Ground Truth: {st.session_state.actual}")
+
+        st.markdown("---")
+        st.subheader("AI Explanation (Groq)")
+
+        if st.button("Generate Explanation"):
+            if not groq_api_key:
+                st.warning("Enter Groq API key first.")
+            else:
+                client = Groq(api_key=groq_api_key)
+                prompt = f"""
+                You are a cybersecurity analyst.
+                The following packet was classified as {'Intrusion' if pred == 1 else 'Normal'}.
+
+                Packet details:
+                {packet.to_string()}
+
+                Explain briefly in simple terms.
+                """
+                response = client.chat.completions.create(
+                    model="llama-3.3-70b-versatile",
+                    messages=[{"role": "user", "content": prompt}],
+                    temperature=0.6
+                )
+                st.info(response.choices[0].message.content)
+else:
+    st.info("Train the model to begin analysis.")