{"id":49486991,"url":"https://github.com/feb027/iot-dos-forensics-ids","last_synced_at":"2026-05-01T02:05:37.159Z","repository":{"id":354448123,"uuid":"1223693776","full_name":"feb027/iot-dos-forensics-ids","owner":"feb027","description":"UAS IoT: DoS attack analysis on IoT traffic with BoT-IoT, ML-based IDS, network forensics, and static dashboard.","archived":false,"fork":false,"pushed_at":"2026-04-28T16:21:38.000Z","size":34,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-28T17:08:36.173Z","etag":null,"topics":["bot-iot","cybersecurity","digital-forensics","dos-attack","github-pages","ids","iot","machine-learning"],"latest_commit_sha":null,"homepage":"https://feb027.github.io/iot-dos-forensics-ids/","language":"TeX","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/feb027.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-28T15:05:44.000Z","updated_at":"2026-04-28T16:22:24.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/feb027/iot-dos-forensics-ids","commit_stats":null,"previous_names":["feb027/iot-dos-forensics-ids"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/feb027/iot-dos-forensics-ids","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feb027%2Fiot-dos-forensics-ids","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feb027%2Fiot-dos-forensics-ids/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feb027%2Fiot-dos-forensics-ids/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feb027%2Fiot-dos-forensics-ids/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/feb027","download_url":"https://codeload.github.com/feb027/iot-dos-forensics-ids/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feb027%2Fiot-dos-forensics-ids/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32482466,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot-iot","cybersecurity","digital-forensics","dos-attack","github-pages","ids","iot","machine-learning"],"created_at":"2026-05-01T02:05:36.345Z","updated_at":"2026-05-01T02:05:37.149Z","avatar_url":"https://github.com/feb027.png","language":"TeX","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IoT DoS Forensics IDS\n\nProyek UAS individu mata kuliah IoT Semester 6.\n\n## Judul\n\n**Sistem Analisis Serangan DoS pada Arsitektur IoT**\n\nJudul kerja yang diperjelas:\n\n**Sistem Analisis Serangan DoS pada Trafik IoT Berbasis Machine Learning dan Network Forensics Menggunakan Dataset BoT-IoT**\n\n## Tema\n\nIoT + Cyber Security + Digital Forensics\n\n## Dataset\n\n- Dataset utama: BoT-IoT (UNSW) — https://research.unsw.edu.au/projects/bot-iot-dataset\n- Dataset alternatif: RT-IoT2022 (UCI) — https://archive-beta.ics.uci.edu/dataset/942/rt-iot2022\n\n## Scope Awal\n\n- Fokus utama: klasifikasi biner `normal` vs `DoS/DDoS`.\n- Fokus tambahan jika waktu cukup: klasifikasi multi-kelas dan validasi pembanding dengan RT-IoT2022.\n- Output utama: naskah ilmiah, eksperimen reproducible, grafik/tabel evaluasi, analisis forensik fitur, dan dashboard static GitHub Pages.\n\n## Prinsip Proyek\n\n- Evidence-first: setiap angka pada laporan harus berasal dari artifact atau referensi yang jelas.\n- Tidak mengarang statistik dataset, hasil eksperimen, atau sitasi.\n- Dataset besar tidak di-commit ke GitHub.\n- Result penting seperti tabel, grafik, metrik, dan dashboard data ringkas di-commit.\n\n## Struktur Repo\n\n```text\ndocs/        Dokumentasi proyek, roadmap, log, dan spesifikasi\nreferences/  Literatur dan BibTeX\nnotebooks/   Notebook EDA, preprocessing, modeling, dan forensic analysis\nscripts/     Script reproducible untuk dataset, training, evaluasi, dashboard data\nresults/     Tabel, grafik, metrik, dan model output\ndashboard/   Static dashboard untuk visualisasi hasil\nreports/     Progress report dan naskah ilmiah\nprompts/     Prompt template untuk Codex/Hermes workflow\n```\n\n## Dashboard Preview\n\nGitHub Pages: https://feb027.github.io/iot-dos-forensics-ids/\n\nDashboard saat ini menampilkan ringkasan audit dataset Fase 2, EDA/preprocessing Fase 3, baseline modeling Fase 4, forensic analysis Fase 5, dan advanced/SOTA modeling Fase 6A dari artifact repo.\n\n## Definition of Done\n\nProyek dianggap selesai jika:\n\n- literature review berisi minimal 10–15 referensi relevan,\n- dataset audit BoT-IoT jelas dan dapat direproduksi,\n- EDA dan preprocessing terdokumentasi,\n- minimal 3 model baseline dilatih dan dievaluasi,\n- tabel/grafik/metrik tersimpan di `results/`,\n- analisis forensik fitur tersedia,\n- dashboard static menampilkan hasil dari artifact,\n- naskah ilmiah final selesai dan sesuai artifact,\n- final review menyatakan siap submit.\n\n## Literature Review Snapshot\n\nFase 1 sudah selesai dan sudah di-*merge* ke `main` melalui PR #1. Ringkasan artefak:\n\n- `references/literature-matrix.md`: 18 sumber.\n- `references/references.bib`: 18 BibTeX entries.\n- `docs/research-log.md`: log seleksi dan sintesis awal.\n- `reports/progress-1-literature-review.md`: laporan progres Fase 1.\n- Final review: `docs/REVIEW_phase1_literature_final_approved.md` — **92/100 APPROVED**.\n\nFase 1 sudah selesai; Fase 2 Dataset Audit juga sudah selesai dan di-*merge* ke `main` melalui PR #2.\n\n## Dataset Audit Snapshot\n\nFase 2 Dataset Audit sudah selesai dan di-*merge* ke `main` melalui PR #2. Artifact awal dari BoT-IoT/UNSW-IoT CSV mirror:\n\n- `scripts/audit_botiot_dataset.py`: script audit reproducible tanpa pandas.\n- `results/metrics/dataset_audit.json`: ringkasan audit machine-readable.\n- `results/tables/dataset_files.csv`: file, row count, checksum, duplicate summary.\n- `results/tables/class_distribution.csv`: distribusi `attack`, `category`, `subcategory`, dan scope DoS/DDoS.\n- `results/tables/column_profile.csv`: profil kolom dan missing values.\n- `results/tables/split_leakage_checks.csv`: cek overlap train/test.\n- `reports/progress-2-dataset-audit.md`: laporan progres Fase 2.\n\nTemuan utama: DoS/DDoS tersedia, tetapi normal class sangat kecil dan ada risiko kemiripan fitur agregat antar split. Fase 3 harus memakai evaluasi yang tidak bergantung pada accuracy saja.\n\n## EDA \u0026 Preprocessing Snapshot\n\nFase 3 EDA \u0026 Preprocessing sudah selesai dan di-*merge* ke `main` melalui PR #3. Artifact utama:\n\n- `scripts/run_eda_preprocessing.py`: script EDA/preprocessing streaming untuk BoT-IoT/UNSW-IoT CSV split.\n- `notebooks/01_eda_preprocessing.ipynb`: notebook wrapper untuk menjalankan script.\n- `results/metrics/preprocessing_summary.json`: ringkasan machine-readable.\n- `results/tables/eda_*.csv`: distribusi scope, kategori, protokol, dan ringkasan fitur numerik.\n- `results/tables/eda_label_consistency_checks.csv`: validasi konsistensi label/scope.\n- `results/tables/preprocessing_feature_plan.csv`: kolom fitur, label, identifier, dan aksi preprocessing.\n- `results/tables/preprocessing_dataset_plan.csv`: rencana track imbalanced dan balanced controlled subset untuk Fase 4.\n- `results/figures/eda_*.png`: visualisasi EDA awal.\n- `reports/progress-3-eda-preprocessing.md`: laporan progres Fase 3.\n\nKeputusan utama: `other_attack` tidak dianggap normal; baseline utama adalah `normal` vs `dos_or_ddos`, dengan jalur imbalanced dan balanced controlled subset.\n\n## Baseline Modeling Snapshot\n\nFase 4 sudah menjalankan baseline modeling untuk target `normal` vs `dos_or_ddos`:\n\n- `scripts/run_baseline_modeling.py`: runner baseline reproducible untuk Track A/B/C.\n- `notebooks/02_baseline_modeling.ipynb`: notebook wrapper untuk menjalankan runner.\n- `results/metrics/baseline_summary.json`: ringkasan baseline machine-readable.\n- `results/tables/baseline_model_metrics.csv`: metrik model baseline.\n- `results/tables/baseline_confusion_matrices.csv`: confusion matrix tiap run.\n- `results/tables/baseline_dataset_tracks.csv`: ukuran dataset per track/split.\n- `results/figures/baseline_*.png`: visualisasi perbandingan macro F1, MCC, dan confusion matrix.\n- `reports/progress-4-baseline-modeling.md`: laporan progres Fase 4.\n\nKeputusan utama: accuracy disimpan tetapi bukan klaim utama; interpretasi memakai macro F1, MCC, balanced accuracy, recall normal/attack, dan FP/FN.\n\n## Fase 5 Scope — Forensic Analysis\n\nFase 5 berfokus pada interpretasi forensik dari hasil baseline:\n\n- feature importance dan/atau permutation importance,\n- analisis false positive dan false negative,\n- interpretasi pola trafik DoS/DDoS dari fitur dominan,\n- pembahasan risiko normal class kecil dan split-similarity,\n- rekomendasi mitigasi IDS IoT berbasis temuan eksperimen.\n\n## Forensic Analysis Snapshot\n\nFase 5 menambahkan interpretasi forensik dari baseline Fase 4:\n\n- `scripts/run_forensic_analysis.py`: runner feature importance, permutation importance, dan error analysis.\n- `notebooks/03_forensic_analysis.ipynb`: notebook wrapper untuk menjalankan Fase 5.\n- `results/metrics/forensic_summary.json`: ringkasan forensik machine-readable.\n- `results/tables/forensic_feature_importance.csv`: feature importance dan permutation importance.\n- `results/tables/forensic_error_analysis.csv`: ringkasan TN/FP/FN/TP selected runs.\n- `results/tables/forensic_error_examples.csv`: contoh FP/FN terbatas untuk diskusi.\n- `results/figures/forensic_*.png`: visualisasi feature importance dan error summary.\n- `reports/progress-5-forensic-analysis.md`: laporan progres Fase 5.\n\nTop feature group Fase 5: `N_IN_Conn_P_DstIP`, disusul `N_IN_Conn_P_SrcIP`, `stddev`, dan `srate`. Interpretasi tetap hati-hati karena normal class kecil dan ada risiko split-similarity.\n\n## Advanced/SOTA Modeling Extension\n\nFase 6A menambahkan eksperimen advanced/SOTA tabular modeling untuk memperkuat baseline dan interpretasi forensik:\n\n- `scripts/run_advanced_modeling.py`: runner LightGBM, XGBoost, CatBoost, dan sampled SHAP.\n- `notebooks/04_advanced_modeling.ipynb`: notebook wrapper Fase 6A.\n- `docs/phase6a-advanced-modeling-plan.md`: rencana eksperimen.\n- `docs/phase6a-local-run-guide.md`: panduan run di WSL lokal.\n\nOutput Fase 6A sudah tersedia:\n\n- `results/tables/advanced_model_metrics.csv`: metrik LightGBM/XGBoost/CatBoost.\n- `results/tables/advanced_confusion_matrices.csv`: confusion matrix advanced models.\n- `results/tables/advanced_feature_importance.csv`: native feature importance.\n- `results/tables/advanced_shap_summary.csv`: sampled SHAP explainability.\n- `results/metrics/advanced_summary.json`: ringkasan machine-readable.\n- `results/figures/advanced_*.png`: visualisasi advanced vs baseline, confusion matrix, dan SHAP.\n- `reports/progress-6a-advanced-modeling.md`: laporan progres Fase 6A.\n\nBest overall advanced run: `xgboost` pada `C_balanced_controlled_1_to_2` dengan macro F1 0.9965. Pada Track A realistis, LightGBM meningkatkan macro F1 dibanding baseline track yang sama.\n\n\n## Dashboard Polish Snapshot\n\nFase 6 Dashboard Polish sudah selesai dan di-*merge* ke `main` melalui PR #7. Dashboard sekarang memakai static dark SOC/cybersecurity command-center style, tetap artifact-driven, dan sudah melewati Codex final verification.\n\nArtifact Fase 6:\n\n- `dashboard/index.html`, `dashboard/styles.css`, `dashboard/app.js`: dashboard static final untuk GitHub Pages.\n- `docs/phase6-dashboard-design-brief.md`: arah desain dashboard.\n- `docs/dashboard-spec.md`: spesifikasi dashboard/data contract terbaru.\n- `docs/REVIEW_phase6_dashboard.md`: review awal 86/100 NEEDS REVISION.\n- `docs/REVIEW_phase6_dashboard_final.md`: final verification 94/100 APPROVED / MERGE.\n\n\n\n## SOC Replay Visual Overhaul Snapshot\n\nFase 6C meningkatkan halaman demo dari timeline statis menjadi SOC replay visual:\n\n- Packet replay map: source/bot → IoT gateway → device/service.\n- Replay controls: speed, scrubber, event timestamp.\n- Live SOC event stream.\n- Threat meter berbasis risk score heuristic.\n- Modular components: `network-replay.js`, `event-stream.js`, `threat-meter.js`, `replay-engine.js`.\n- Progress report: `reports/progress-6c-soc-replay-visual-overhaul.md`.\n\nBoundary: visual replay adalah representasi edukatif artifact, bukan PCAP replay aktual dan bukan metrik eksperimen baru.\n\n## Interactive AI SOC Demo Snapshot\n\nFase 6B menambahkan prototype demo interaktif berbasis VPS untuk membuat hasil modeling lebih hidup saat presentasi:\n\n- Live demo: https://iot.aquarise.my.id/soc-demo/demo.html\n- API health: https://iot.aquarise.my.id/soc-demo/api/health\n- Frontend modular: `dashboard/demo.html`, `dashboard/styles/`, `dashboard/scripts/`.\n- Backend FastAPI: `backend/iot_soc_api/`.\n- Demo data generated: `dashboard/data/demo-scenarios.json`, `demo-feature-ranges.json`, `demo-narrative-templates.json`.\n- Progress report: `reports/progress-6b-interactive-ai-soc-demo.md`.\n\nFraming akademik: interactive AI SOC prototype berbasis artifact eksperimen, bukan production real-time IDS.\n\n## Status\n\nCurrent phase: **Fase 7 — Scientific Manuscript**\n\n## Review History\n\n| Review | Model/Reviewer | Score | Verdict | File |\n|---|---|---:|---|---|\n| Initial Fase 0B | Codex lecturer | 83 | NEEDS REVISION | `docs/REVIEW_phase0b.md` |\n| Final Fase 0B | Codex lecturer | 91 | APPROVED | `docs/REVIEW_phase0b_final.md` |\n| Strict Re-review Fase 0 | Codex gpt-5.5 + high reasoning | 90 | APPROVED | `docs/REVIEW_phase0_gpt55_high.md` |\n| Fase 1 Literature Review | Codex gpt-5.5 + high reasoning | 92 | APPROVED | `docs/REVIEW_phase1_literature_final_approved.md` |\n| Fase 2 Dataset Audit | Codex gpt-5.5 + high reasoning | 89 | APPROVED | `docs/REVIEW_phase2_dataset_audit.md` |\n| Fase 3 EDA \u0026 Preprocessing | Codex gpt-5.5 + high reasoning | 88 | APPROVED | `docs/REVIEW_phase3_eda_preprocessing.md` |\n| Fase 3 Final Verification | Codex gpt-5.5 + high reasoning | 92 | APPROVED / MERGE | `docs/REVIEW_phase3_final_verification.md` |\n| Fase 4 Baseline Modeling | Codex gpt-5.5 + high reasoning | 90 | APPROVED | `docs/REVIEW_phase4_baseline_modeling.md` |\n| Fase 5 Forensic Analysis | Codex gpt-5.5 + high reasoning | 90 | APPROVED | `docs/REVIEW_phase5_forensic_analysis.md` |\n| Fase 6A Advanced/SOTA Modeling | Codex gpt-5.5 + high reasoning | 90 | APPROVED | `docs/REVIEW_phase6a_advanced_modeling.md` |\n| Fase 6 Dashboard Review | Codex gpt-5.5 + high reasoning | 86 | NEEDS REVISION | `docs/REVIEW_phase6_dashboard.md` |\n| Fase 6 Dashboard Final Verification | Codex gpt-5.5 + high reasoning | 94 | APPROVED / MERGE | `docs/REVIEW_phase6_dashboard_final.md` |\n\nLihat:\n\n- `docs/project-control.md`\n- `docs/roadmap.md`\n- `docs/phase-gates.md`\n- `docs/REVIEW_phase0b.md`\n- `docs/REVIEW_phase0b_final.md`\n- `docs/REVIEW_phase0_gpt55_high.md`\n- `docs/REVIEW_phase1_literature_final_approved.md`\n- `docs/REVIEW_phase2_dataset_audit.md`\n- `docs/REVIEW_phase3_eda_preprocessing.md`\n- `docs/REVIEW_phase3_final_verification.md`\n- `docs/REVIEW_phase4_baseline_modeling.md`\n- `docs/REVIEW_phase5_forensic_analysis.md`\n- `docs/REVIEW_phase6a_advanced_modeling.md`\n- `docs/REVIEW_phase6_dashboard.md`\n- `docs/REVIEW_phase6_dashboard_final.md`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffeb027%2Fiot-dos-forensics-ids","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffeb027%2Fiot-dos-forensics-ids","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffeb027%2Fiot-dos-forensics-ids/lists"}