This project leverages Software-Defined Networking (SDN) principles to monitor, detect, and respond to network traffic anomalies in real-time. It enhances network security through DDoS attack detection (SYN flood) and offers both forensic logging and live web-based visualization.
- β Real-time network traffic monitoring with Mininet.
- β Anomaly detection targeting SYN flood DDoS attacks.
- β Alerts shown on terminal and live web interface.
- β IP blocking using iptables when attacks are detected.
- β Logs suspicious traffic in structured JSON format.
- β Live traffic visualizations using dynamic charts.
| Tool | Purpose |
|---|---|
| Mininet | Simulated network topology with SDN |
| Scapy | Packet sniffing and analysis |
| Wireshark | Packet validation and deep inspection |
| Flask | Backend server for dashboard |
| Chart.js | Real-time line/pie chart visualization |
| iptables | Blocking suspicious IPs dynamically |
-
Ubuntu 22.04 (VM recommended)
-
Python 3.10.6
-
Mininet
-
hping3,iperf, andiptables -
Python libraries:
- Flask
- Scapy
- Chart.js (frontend)
- json, time, os, collections (built-in)
Install Python dependencies using:
pip install -r requirements.txtThere are three main components to launch for the complete system:
Run the topology file (e.g., topology.py) to simulate your network:
sudo python3 topology.pyβ This sets up hosts (like h1 to h8) and connects them via SDN.
Run the detection script (realtime_attack_detection.py) inside the h8 host (or the relevant host receiving traffic):
xterm h8
sudo python3 realtime_attack_detection.pyβ This will:
- Monitor incoming packets.
- Detect potential SYN flood attacks.
- Log alerts to terminal and JSON files.
- Block attacker IPs dynamically.
From your main machine (not inside Mininet), run:
python3 app.pyβ
This opens a real-time dashboard at http://localhost:5000/ displaying:
- Line chart of live SYN packets.
- Pie chart of attack source distribution.
- Table of blocked IPs.
You can generate test traffic using:
xterm h1
hping3 -S -p 80 --flood 10.0.0.8xterm h2
iperf -s
xterm h3
iperf -c 10.0.0.2| File | Purpose |
|---|---|
topology.py |
Custom Mininet topology script |
realtime_attack_detection.py |
Packet sniffer + DDoS detection + blocking |
app.py |
Flask web server to display dashboard |
requirements.txt |
List of required Python packages |
- This system assumes the attacking target is host
h8(10.0.0.8) by default. Adjust IPs as per your topology. - If iptables rules persist after blocking, you may clear them with:
sudo iptables -F- Run detection script as root due to packet sniffing and firewall manipulation.
Feel free to fork this project, suggest improvements, or contribute to future versions with advanced ML-based detection or a more scalable dashboard.