Attack Triage Classifier

A modular machine learning system for identifying attacks across log types.

Project Overview

This project ingests high‑volume NetFlow/PCAP‑derived datasets—comprising benign traffic and multiple attack types—and delivers a two‑stage classification system. The source data was sourced from Canadian Institute for Cybersecurity (CIC) and the University of New Brunswick (UNB) (reference: https://www.unb.ca/cic/datasets/malmem-2020.html).

Highlights

Notebook

Attack Identifier

Applies a two-stage classification pipeline to identify attack types from NetFlow logs.

View Notebook →

Visualizations

Key model outputs from the analysis:

F₁ Score by Class

F1 Score by Class

Two‑Stage Classification Flow

Two‑Stage Classification Sankey Diagram

Key Takeaways

← Back to Projects