joel15thegoat/Intrusion_Detection_System-python
GitHub: joel15thegoat/Intrusion_Detection_System-python
Stars: 0 | Forks: 0
# Intrusion Detection System
A live network intrusion detection system built in Python.
`ids_live_capture.py` captures network packets with Scapy, checks traffic against configurable rules, and logs alerts to HTML and syslog-style files. It supports both console mode and an optional Tkinter GUI.
## Features:
Live packet capture using Scapy
Rule-based detection:
trusted IPs
TCP SYN port scan detection
ARP spoofing detection
configurable signature matching
Optional HTML alert report export
Optional syslog-style logging
Console mode and GUI mode
Rule file support in JSON or YAML
Requirements
Python 3.8+
scapy>=2.7.0
PyYAML>=6.0
## Requirements:
- Python 3.10+
- `scapy>=2.7.0`
- `PyYAML>=6.0`
## Installation:
python -m pip install 'scapy>=2.7.0' 'pyyaml>=6.0'
## Usage:
Run the IDS script
python nids_live_capture.py --rules rules.yaml --iface eth0 --html alerts.html --syslog alerts.log
or in console-only mode
python nids_live_capture.py --nogui --rules rules.json --iface "Wi-Fi"
## options
| Option | Description |
|--------------------|-----------------------------------------------|
| `--rules ` | JSON or YAML rule file |
| `--iface ` | network interface to capture on |
| `--bpf ` | BPF filter string for packet capture |
| `--html ` | path to HTML alert report file |
| `--syslog ` | path to syslog-style log file |
| `--nogui` | run without the Tkinter GUI |
## rule file example:
trusted_ips:
- 127.0.0.1
signatures:
- name: "TCP SYN port scan"
protocol: "TCP"
field: "flags"
value: "S"
description: "Detect excessive SYN packets from same source."
type: "port_scan"
threshold: 10
window_seconds: 5
## notes:
Scapy is required for packet capture.
`Tkinter `is only required for GUI mode.
On Windows, Npcap/WinPcap may be required for full packet capture support.
If Tkinter is not available, use `--nogui` to run in console mode.
## files:
`ids_live_capture.py `— main IDS script
`requirements.txt` — dependency list
## License
This project is released under the MIT License. Feel free to use and modify it.