CyberSentinel - MVP scaffold

This folder contains a working MVP scaffold for CyberSentinel — an AI-powered IDS. It includes a Streamlit dashboard, simple rule engine, ML isolation forest trainer, and a simulated capture script to produce demo alerts.

How to run (local demo mode)

1. Create Python environment (3.10+)
2. Install requirements: pip install -r requirements.txt
3. Train model (optional, demo will train on first run): python detection/ml_model.py
4. Run dashboard: cd dashboard streamlit run app.py
5. In dashboard click "Simulate MITM (ARP Spoof)" to generate a demo alert.

Notes

• Live packet capture requires root privileges and a compatible network interface.
• This scaffold is intended for hackathon demo and learning purposes.

🧠 CyberSentinel

AI-Driven Intrusion Detection & Response System

Built for Agentic AI Hackathon 2025

---

🚀 Overview

CyberSentinel is a lightweight, AI-powered Intrusion Detection & Response System (IDRS) designed to detect and respond to simulated cyberattacks such as MITM (Man-in-the-Middle) and ARP Spoofing.

It provides real-time network anomaly visualization, an interactive defense dashboard,
and a built-in Groq LLM assistant that recommends intelligent responses to each detected threat.

CyberSentinel represents a practical implementation of Agentic AI — where artificial intelligence not only analyzes but also acts autonomously to defend the system.

---

🧩 Key Features

• 🔍 AI-Driven Detection — Identifies simulated MITM and ARP spoofing attacks.
• ⚡ Real-Time Alert Dashboard — Visual alert animation with traffic graph and red warning banner.
• 🤖 Auto-Mode (Simulation) — System automatically applies quarantine or block actions (AI-simulated).
• 💬 Groq LLM Chat Assistant — Built-in AI chat that recommends the best defense action and explains why.
• 🧾 Action Logs — Tracks every alert, action, and AI decision in JSON format.
• 🎨 Dark SOC-Themed UI — Professional security operations dashboard with green-blue accent colors.
• 🧱 Lightweight Architecture — Runs locally on laptops — no servers, no external dependencies.
• 🪄 Logo Branding & Animation — CyberSentinel logo and smooth visual transitions.

---

⚙️ System Architecture

Layer 1 – Detection

Simulated packet monitoring layer that identifies suspicious network events.

Layer 2 – Intelligence

Groq LLM analyzes alerts and suggests actions via natural language understanding.

Layer 3 – Response

Auto-Mode layer applies actions such as quarantine, block IP, or acknowledge, simulating an AI-managed defense cycle.

---

🧠 Tech Stack

Category	Tools / Frameworks
Frontend	Streamlit
Backend	Python
AI Integration	Groq LLM API
Visualization	Pandas, NumPy, Matplotlib
UI/UX	Custom CSS (Dark + Neon Theme)
Data Storage	Local JSON Logs

---

🗂️ Project Structure

CyberSentinel/ │ ├── dashboard/ → Streamlit app (main UI) │ ├── app.py │ └── assets/ → Logo & UI images │ ├── tools/ → Simulation scripts (attack & defense) │ ├── simulate_attack.py │ ├── apply_action.py │ └── clear_alerts.py │ ├── logs/ → Generated alerts & actions │ ├── alerts.json │ └── actions.json │ ├── requirements.txt → Libraries required to run project └── README.md → This file

yaml Copy code

---

🧰 Installation & Run (Local Setup)

Follow these commands step by step in VS Code terminal 👇

# 1️⃣ Create & activate virtual environment
python -m venv venv
.\venv\Scripts\Activate.ps1

# 2️⃣ Install dependencies
pip install -r requirements.txt
# or
pip install streamlit pandas numpy requests pillow

# 3️⃣ Set your Groq API key (for chat assistant)
$env:GROQ_API_KEY = "your_api_key_here"

# 4️⃣ Run the app
cd dashboard
streamlit run app.py --server.port 8501