CyberAura is a web-based security tool designed to identify URL-based attacks from network traffic data (PCAP files) or log files (CSV). It leverages a powerful hybrid detection engine that combines high-speed pattern matching with intelligent machine learning to provide comprehensive threat analysis.
You can access and test the live prototype here:
https://cyberaura.streamlit.app/
The prototype implements the core features outlined in our initial proposal.
Utilizes a two-phase approach for maximum accuracy:
- Phase 1: Regex Engine: A high-speed scanner using specific, curated patterns to find known attacks that are visible directly in the URL (e.g.,
' OR 1=1). - Phase 2: Machine Learning Model: A trained Random Forest classifier that identifies complex or hidden attacks by analyzing various URL features (length, entropy, character patterns), even when the malicious payload isn't obvious.
Ingests and analyzes both raw network traffic (.pcap) and pre-parsed log files (.csv).
The prototype is trained to detect the most common URL-based threats:
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS) - Stored, Reflected, and DOM-based
- Command Injection
- File Inclusion
A user-friendly web interface built with Streamlit that provides a clear and immediate summary of the analysis, including metrics, charts, and a detailed, color-coded transaction log.
- Python
- Data Processing: Pandas
- Network Analysis: Pyshark
- Machine Learning: Scikit-learn (Random Forest, TfidfVectorizer), Joblib
- Streamlit
- Plotting: Plotly Express