#Intrusion-detection
Showing 48 of 48 repositories tagged #intrusion-detection, ranked by stars
SQL powered operating system instrumentation, monitoring, and analytics.
Daemon to ban hosts that cause multiple authentication errors
Malicious traffic detection system
Lightweight network IP scanner written in Go. With notifications, history, export to Grafana
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Real-time HTTP Intrusion Detection
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices
Since 2011, IPBan is the worlds most trusted, free security software to block hackers and botnets. With both Windows and Linux support, IPBan has your dedicated or cloud server protected. Upgrade to IPBan Pro today and get a discount. Learn more at ↓
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
A utility to safely generate malicious network traffic patterns and evaluate controls.
Wazuh - Docker containers
Monitor network traffic per executable
Network Intrusion Detection KDDCup '99', NSL-KDD and UNSW-NB15
By Kprobe technology Open Source Host-based Intrusion Detection System(HIDS), from E_Bwill.
Code for IDS-ML: intrusion detection system development using machine learning algorithms (Decision tree, random forest, extra trees, XGBoost, stacking, k-means, Bayesian optimization..)
Wazuh - Ruleset
Plugins for Wazuh Dashboard
Wazuh - Ansible playbook
Wazuh - Project documentation
[ICMLC 2018] A Neural Network Architecture Combining Gated Recurrent Unit (GRU) and Support Vector Machine (SVM) for Intrusion Detection
Machine learning algorithms applied on log analysis to detect intrusions and suspicious activities.
Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives output with cryptographic hashes.
Local safety layer for AI agents that use the terminal. Screens risky commands and MCP/tool calls, watches Linux activity with eBPF, blocks dangerous behavior, and keeps audit trails local. Open source, self-hosted, dry-run by default.
This repository contains an in-depth analysis of the Intrusion Detection Evaluation Dataset (CIC-IDS2017) for Intrusion Detection, showcasing the implementation and comparison of different machine learning models for binary and multi-class classification tasks.
A framework for building provenance-based intrusion detection systems with neural networks (KDD'26, USENIX Sec'25)
IDS monitors a network or systems for malicious activity and protects a computer network from unauthorized access from users,including perhaps insider.
Firegex, a firewall for Attack-Defense CTFs
Detect and warn about suspicious IPs logging into Nextcloud
Simple Implementation of Network Intrusion Detection System. KddCup'99 Data set is used for this project. kdd_cup_10_percent is used for training test. correct set is used for test. PCA is used for dimension reduction. SVM and KNN supervised algorithms are the classification algorithms of project. Accuracy : %83.5 For SVM , %80 For KNN
This tool parses log data and allows to define analysis pipelines for anomaly detection. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitable for production server use.
Sandfly Security Agentless Compromise and Intrusion Detection System For Linux
Wazuh - RESTful API
Real-time eBPF-powered network security monitor with AI-driven threat detection. Surfaces port scans, DDoS attacks, botnet activity, and anomalies at 100Gbps+ speeds with sub-microsecond latency (~150 million packets/sec).
Install open-source software from source to focus on Zero Trust Network principles, enhancing security for existing applications, and deploying tools for threat detection and prevention.
A comprehensive survey of datasets for research in host-based and/or network-based intrusion detection, with a focus on enterprise networks
GraphIDS: Self-supervised GNN for Network Intrusion Detection (NeurIPS 2025)
🛡️ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seconds. No fees. No experts needed. Just protection. One node's detection → everyone's protection.
Penguin OS Forensic (or Flight) Recorder
Self-hosted Linux server protector that ACTS, not just alerts. SIGSTOP runaway processes, iptables-ban brute-forcers, take incident snapshots. Single Rust binary.
Real-time intrusion detection system that monitors honeypot files and sends instant Discord alerts when unauthorized access is detected. Built for Homelabs.
Investigating attacks using Splunk Enterprise logs and creating SPL intrusion detection searches based on known attacker TTPs and anomaly behavior derived from statistical baselines
Advanced Network Vulnerability Scanner
Intrusion Detection and Counter Attack System - CTF Attack/Defense tool
IDPS-ESCAPE: Intrusion Detection and Prevention System - Enhanced Security through a Cooperative Anomaly Prediction Engine. SOAR via a Risk-aware Anomaly Detection-based Automated Response (RADAR) subsystem and a deep learning-based AD subsystem (SONAR), integrated with Wazuh, Flowintel, Suricata
[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)