Network Baseline
Builds a normal traffic baseline from a sample of network logs, then flags unusual source IPs, destination ports, and connection volume spikes in observed traffic.
Takes a 'normal' sample of network connections, learns typical source IPs, destination ports, and per-host volume, then compares against an 'observed' sample to detect anomalies. Outputs severity-scored anomalies, per-source risk tables, and an analyst triage handoff.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
- Port Scan LabSecurity project· Demo ready
Detection lab for identifying Nmap-style port scan and reconnaissance activity from firewall logs.
- Reverse Shell StudySecurity project· Demo ready
Safe lab metadata analyzer for suspicious outbound reverse-shell-like network behavior — pcap metadata only, no payloads.
- Web Attack DetectionSecurity project· Demo ready
Web log detection lab — flags SQL injection, XSS, suspicious user agents, scanner activity, and risk-scored request summaries from nginx access logs.
- AttackReplay StudioSecurity project· Demo ready
Visual incident replay dashboard — turns safe sample logs into an attack timeline, attack path view, GeoIP map, and incident summary.
Want a heads-up when Network Baseline releases?