AI-powered intrusion detection and APT attack prediction platform with explainable machine learning, FastAPI backend, cybersecurity analytics, and LLM-ready architecture.
This project is an AI-driven cybersecurity platform developed for intrusion detection, Advanced Persistent Threat (APT) prediction, and intelligent network attack analysis.
The system combines:
- machine learning,
- explainable AI,
- cybersecurity analytics,
- FastAPI backend services,
- and experimental AI workflows
to create a practical and scalable intrusion detection environment for modern network security operations.
The project was developed as a graduation thesis in Information Security and focuses on combining AI technologies with cybersecurity defense mechanisms.
- Real-time intrusion prediction
- AI-powered attack analysis
- APT attack detection
- FastAPI backend API
- Explainable AI using SHAP
- MITRE ATT&CK technique mapping
- PostgreSQL integration
- Attack severity estimation
- Feature importance analysis
- Cross-dataset evaluation
- Latency benchmarking
- Robustness testing
- Early warning experiments
- Attack timeline visualization
- Research-oriented experiment modules
- LLM-ready architecture for future SOC automation
The platform integrates AI-based analytical workflows for intelligent cyber threat analysis and automated attack prediction.
Implemented AI capabilities include:
- probabilistic attack classification,
- intelligent threat prioritization,
- anomaly analysis,
- explainable prediction workflows,
- attack severity estimation,
- and contextual attack interpretation.
The architecture is designed for future integration with Large Language Models (LLMs) to support:
- SOC analyst assistance,
- automated incident summarization,
- threat explanation generation,
- intelligent alert enrichment,
- natural language reporting,
- and AI-assisted cybersecurity operations.
Potential future integrations:
- OpenAI API
- Azure OpenAI
- Local LLM inference
- Security-focused AI copilots
The platform architecture includes:
- data preprocessing pipeline,
- feature engineering modules,
- machine learning prediction engine,
- FastAPI backend service,
- PostgreSQL storage,
- explainability layer,
- and visualization components.
The system supports experimental cybersecurity research workflows and real-time inference operations.
- Python
- FastAPI
- AsyncIO
- Scikit-learn
- XGBoost
- Pandas
- NumPy
- PostgreSQL
- SHAP
- Matplotlib
- MITRE ATT&CK Framework
- Network Traffic Analysis
AI-Intrusion-Detection-System/
│
├── apt_prediction_service.py
├── attack_start_prediction_v2.py
├── attack_timeline_visualization.py
├── feature_pipeline.py
│
├── ablation_experiment.py
├── advanced_experiment.py
├── baseline_experiment.py
├── cross_dataset_ablation.py
├── early_warning_experiment.py
├── latency_experiment.py
├── mixed_training_experiment.py
├── robustness_experiment.py
├── visualization_experiments.py
│
├── confusion_matrix.png
├── roc_curve.png
├── roc_curves.png
├── feature_importance.png
│
├── Old experiments/
│
├── .gitignore
└── README.md