EigenFlow Profiler

An unsupervised, image-inspired PCA approach to distinguish benign vs. multiple attack types in NetFlow data.

Project Overview

Traditional signature-based detection often misses novel or subtle threats. Inspired by facial-recognition “eigenfaces,” we reshape each 77-feature NetFlow record into a 300×300 grayscale array and train group-specific PCA models (“eigenprofiles”) for four attack families—credential abuse, denial-of-service, exploit/malware, and application-layer abuse—plus benign traffic. By measuring reconstruction error (L2 norm) against each profile, we can both flag anomalies and infer attack type without any labeled training.

Key Highlights

Pipeline Overview

Prep & PCA Flowchart

Example Visualizations

Select outputs from the analysis:

Application-Layer Attack Samples

Web Attack Day 1 Web Attack Day 2

Original vs. PCA Reconstruction

Original vs Reconstructed

Reconstruction Error by Group

Error Box Plot

Notebook

Complete Jupyter notebook demonstrating data prep, PCA modeling, and error-based classification.

View Notebook →

Full Report

Complete writeup including problem statement, detailed methodology and results.

Read the full report here →

Key Takeaways

← Back to Projects