Open to internship & full-time rolesOpen to internship & full-time rolesOpen to internship & full-time rolesOpen to internship & full-time rolesOpen to internship & full-time rolesOpen to internship & full-time roles
Selected work

ML Security · 2025 · Designer & Sole Engineer

Network Guard — AI-based DDoS Detection

A real-time intrusion detection system that flags volumetric and low-and-slow attacks in under 100ms using packet-level features and unsupervised machine learning.

<100ms
Detection latency
89%
Accuracy
Real-time
Packet capture

Context

Signature-based defenses only catch attacks they've seen before. I wanted a detector that learns what normal traffic looks like and flags deviations — so it can react to novel DDoS patterns without a rule for each one.

Approach

  • Live capture with Scapy, extracting flow-level features (packet rates, inter-arrival times, protocol mix, source entropy) on a rolling window.
  • Unsupervised anomaly detection with an Isolation Forest, so no labeled attack data is required — the model isolates outliers against learned baseline behavior.
  • A tight capture → feature → score loop engineered to keep end-to-end detection latency under 100ms, fast enough to trigger mitigation inline.

Outcome

  • 89% classification accuracy distinguishing attack from benign traffic.
  • Sub-100ms detection latency on live packet streams.
  • Catches both volumetric floods and low-and-slow patterns that rate-limits miss.

What I'd do next

An ensemble with a supervised head for known attack families, and automatic iptables mitigation on sustained anomalies.

Built with

PythonScapyScikit-learnLinux