https://github.com/dimuzzo/intrusion-detection-tester
Little intrusion detection tester using python. The project is inspired by the article from freeCodeCamp: https://www.freecodecamp.org/news/build-a-real-time-intrusion-detection-system-with-python/
https://github.com/dimuzzo/intrusion-detection-tester
intrusion-detection-system python testing
Last synced: 2 months ago
JSON representation
Little intrusion detection tester using python. The project is inspired by the article from freeCodeCamp: https://www.freecodecamp.org/news/build-a-real-time-intrusion-detection-system-with-python/
- Host: GitHub
- URL: https://github.com/dimuzzo/intrusion-detection-tester
- Owner: dimuzzo
- License: mit
- Created: 2025-06-18T21:26:06.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-06-18T22:38:08.000Z (about 1 year ago)
- Last Synced: 2025-06-18T23:19:39.342Z (about 1 year ago)
- Topics: intrusion-detection-system, python, testing
- Language: Python
- Homepage:
- Size: 4.88 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Real-Time Intrusion Detection System (IDS)



This project is a simple real-time Intrusion Detection System (IDS) built with Python and Scapy. It's designed to monitor network traffic and detect potential threats, such as SYN Flood attacks.
This is a learning project based on the concepts described in [this freeCodeCamp article](https://www.freecodecamp.org/news/build-a-real-time-intrusion-detection-system-with-python/).
## Features
- **Real-time Packet Sniffing**: Captures and analyzes network packets on the fly.
- **SYN Flood Detection**: Identifies potential Denial-of-Service (DoS) attacks by monitoring the rate of SYN packets from a single source IP.
- **Configurable**: Easily adjust detection parameters like the time window and packet thresholds.
## How It Works
The IDS listens to network traffic on a specified interface. For each packet, it checks if it's a TCP packet with the SYN flag set. It maintains a record of recent SYN packets for each source IP address. If the number of SYN packets from a single IP exceeds a defined threshold within a specific time window, it raises an alert.
## Requirements
- Python 3.7+
- Scapy
You will also need administrative/root privileges to run the packet sniffer.
## Installation & Setup
1. **Clone the repository:**
```bash
git clone https://github.com/dimuzzo/intrusion-detection-tester.git
cd intrusion-detection-tester
```
2. **Install the dependencies:**
It's recommended to use a virtual environment.
```bash
# Create and activate a virtual environment (optional but recommended)
python -m venv venv
venv\Scripts\activate
# Install the required packages
pip install -r requirements.txt
```
## Usage
You need to run the script with root privileges to allow Scapy to access raw sockets for packet sniffing.
```bash
python src/main.py
```
You can also specify a network interface to monitor:
```bash
python src/main.py --interface eth0
```
The script will start monitoring the traffic and print an alert to the console if a potential SYN flood attack is detected.
## Disclaimer
This is a basic educational tool and should not be used as a standalone, production-grade security solution.
---
> Created with passion by [dimuzzo](https://github.com/dimuzzo)