Network Anomaly Detector

Inspiration

Recent outages affecting services like Canvas, GoSFU, and SFU Snap showed how disruptive network failures can be for thousands of students. These incidents made us think about how difficult it can be for administrators to quickly identify when a network is under attack. Many monitoring tools rely on logs or delayed alerts, which makes it harder to respond immediately. We wanted to build a system that could detect network attacks in real time and present them visually, so administrators can instantly see when something is wrong.

What it does

Network Anomaly Detector is a real-time cybersecurity dashboard that monitors network switch metrics and detects suspicious behavior using machine learning. The system analyzes SNMP data and predicts the probability of different network attacks such as MAC flooding, DHCP flooding, and STP flooding. The results are visualized in a graph, along with a line chart of attacks and the attack type listed.

How we built it

We built the project using a pipeline that combines data processing, machine learning, and real-time visualization. First, we used an SNMP network dataset containing switch performance metrics during both normal activity and different attack scenarios. The data was cleaned and preprocessed to prepare it for training. Next, we trained a Random Forest classifier to recognize patterns in the metrics that correspond to specific network attacks. Finally, we created an interactive dashboard using Python, Gradio and HuggingFace. The dashboard receives simulated real-time network metrics, feeds them into the trained model, and displays predictions through gauges, alerts, and live charts.

Challenges we ran into

One of our biggest challenges was finding suitable datasets for training and testing. The SNMP dataset we used had limited variation, which meant our model sometimes showed near-perfect accuracy during testing. While this sounds good, it actually highlighted the need for more diverse data to properly evaluate real-world performance. Another challenge was designing the user interface. Initially, we experimented with Figma prototypes but this made the development process more complicated than necessary. Eventually, we simplified the stack and chose Gradio, which allowed us to build the dashboard faster and focus on the visualization itself. We also originally wanted to implement a real-time pulse-style traffic visualization, but due to time and tool constraints we implemented a live line graph instead. While simpler, it still effectively communicates spikes and anomalies in network activity.

Accomplishments that we're proud of

We successfully built a working pipeline that connects machine learning predictions to a real-time visualization dashboard. Our system can dynamically detect different attack types and instantly display them through clear visual alerts. We are especially proud of the dashboard design, which turns complex network data into something that can be understood at a glance.

What we learned

Through this project we learned how network monitoring data can be used to detect anomalies with machine learning. We gained experience with data preprocessing, training classification models, and building real-time visualization dashboards. We also learned the importance of designing systems that present complex technical information in a way that is intuitive for users.

What's next for Network Anomaly Detector

In the future we want to integrate live SNMP network data instead of simulated inputs. We would also like to improve the detection model, explore deep learning approaches for anomaly detection, and add automated responses that could help mitigate attacks when they are detected. Our goal is to turn this project into a fully automated network monitoring and threat detection platform.