This folder contains a working MVP scaffold for CyberSentinel — an AI-powered IDS. It includes a Streamlit dashboard, simple rule engine, ML isolation forest trainer, and a simulated capture script to produce demo alerts.
- Create Python environment (3.10+)
- Install requirements: pip install -r requirements.txt
- Train model (optional, demo will train on first run): python detection/ml_model.py
- Run dashboard: cd dashboard streamlit run app.py
- In dashboard click "Simulate MITM (ARP Spoof)" to generate a demo alert.
- Live packet capture requires root privileges and a compatible network interface.
- This scaffold is intended for hackathon demo and learning purposes.
Built for Agentic AI Hackathon 2025
CyberSentinel is a lightweight, AI-powered Intrusion Detection & Response System (IDRS) designed to detect and respond to simulated cyberattacks such as MITM (Man-in-the-Middle) and ARP Spoofing.
It provides real-time network anomaly visualization, an interactive defense dashboard,
and a built-in Groq LLM assistant that recommends intelligent responses to each detected threat.
CyberSentinel represents a practical implementation of Agentic AI — where artificial intelligence not only analyzes but also acts autonomously to defend the system.
- 🔍 AI-Driven Detection — Identifies simulated MITM and ARP spoofing attacks.
- ⚡ Real-Time Alert Dashboard — Visual alert animation with traffic graph and red warning banner.
- 🤖 Auto-Mode (Simulation) — System automatically applies quarantine or block actions (AI-simulated).
- 💬 Groq LLM Chat Assistant — Built-in AI chat that recommends the best defense action and explains why.
- 🧾 Action Logs — Tracks every alert, action, and AI decision in JSON format.
- 🎨 Dark SOC-Themed UI — Professional security operations dashboard with green-blue accent colors.
- 🧱 Lightweight Architecture — Runs locally on laptops — no servers, no external dependencies.
- 🪄 Logo Branding & Animation — CyberSentinel logo and smooth visual transitions.
Simulated packet monitoring layer that identifies suspicious network events.
Groq LLM analyzes alerts and suggests actions via natural language understanding.
Auto-Mode layer applies actions such as quarantine, block IP, or acknowledge, simulating an AI-managed defense cycle.
| Category | Tools / Frameworks |
|---|---|
| Frontend | Streamlit |
| Backend | Python |
| AI Integration | Groq LLM API |
| Visualization | Pandas, NumPy, Matplotlib |
| UI/UX | Custom CSS (Dark + Neon Theme) |
| Data Storage | Local JSON Logs |
CyberSentinel/ │ ├── dashboard/ → Streamlit app (main UI) │ ├── app.py │ └── assets/ → Logo & UI images │ ├── tools/ → Simulation scripts (attack & defense) │ ├── simulate_attack.py │ ├── apply_action.py │ └── clear_alerts.py │ ├── logs/ → Generated alerts & actions │ ├── alerts.json │ └── actions.json │ ├── requirements.txt → Libraries required to run project └── README.md → This file
yaml Copy code
Follow these commands step by step in VS Code terminal 👇
# 1️⃣ Create & activate virtual environment
python -m venv venv
.\venv\Scripts\Activate.ps1
# 2️⃣ Install dependencies
pip install -r requirements.txt
# or
pip install streamlit pandas numpy requests pillow
# 3️⃣ Set your Groq API key (for chat assistant)
$env:GROQ_API_KEY = "your_api_key_here"
# 4️⃣ Run the app
cd dashboard
streamlit run app.py --server.port 8501