π¦ TCP Self-Healing Traffic Analyzer
A mini project that simulates TCP/IP network traffic, detects anomalies like SYN flooding and high-frequency packets from suspicious IPs, and performs self-healing actions such as IP blocking and mock alerting. Built to showcase system-level AI, anomaly detection, and basic cybersecurity response.
π Features
- π¦ Simulates TCP packet logs using Python
- π Detects suspicious behavior using rule-based logic
- β Detects SYN-flood attempts based on TCP flag patterns
- π‘οΈ Auto-blocks IPs and generates mock alerts
- π Visualizes traffic per IP over time using Matplotlib
- π§ Logs blocked IPs for future tracking
π οΈ Tech Stack
- Python (pandas, numpy)
- Matplotlib (for traffic plots)
- Rule-based anomaly detection
- Simulated TCP/IP packet data
π Files
tcp_analyzer.ipynbβ Main notebook with full logicblocked_ips_log.csvβ IPs flagged from basic anomaly logicfinal_blocked_ips_log.csvβ Final list including SYN-flag patterns- Traffic plot image (optional)
π Sample Output
- High-traffic IPs flagged if they send >100 packets
- IPs with >30 SYN packets also flagged
- IPs are "blocked" and an admin is alerted in simulation
- Time-based traffic chart for visual monitoring
π‘ Why It Stands Out
Unlike typical Python projects, this one mimics a lightweight intrusion detection system (IDS) using AI-inspired logic, showing a deep understanding of network behavior, cybersecurity, and automated response. No web frontend or cloud needed β fully backend-engineered and AI-focused.
π How to Run
- Open
tcp_analyzer.ipynbin Google Colab or Jupyter - Run all cells step-by-step
- Customize IP patterns, thresholds, or traffic behavior if needed
- View alerts, blocked IP logs, and traffic charts
π Disclaimer
This is a simulation project β it does not interact with real network traffic or modify firewalls. Intended for educational and showcase purposes only.