Major Project

.gitignore

@@ -0,0 +1,18 @@
+# --- SENSITIVE KEYS (Never Push) ---
+.env
+backend/.env
+frontend/.env
+*.env
+
+# --- HEAVY FOLDERS (Never Push) ---
+node_modules/
+frontend/node_modules/
+backend/env/
+env/
+__pycache__/
+backend/__pycache__/
+dist/
+build/
+
+# --- ML MODELS (Ignore entire folder over 100MB) ---
+backend/ml_models/

backend/app.py

@@ -0,0 +1,106 @@
+# =============================================================
+# FILE: app.py
+# Optimized Flask + SocketIO entry (threading mode, no debug)
+# =============================================================
+import logging
+from flask import Flask, jsonify
+from flask_cors import CORS
+from flask_socketio import SocketIO
+
+
+# lightweight logging
+logging.getLogger('werkzeug').setLevel(logging.ERROR)
+logging.getLogger('socketio').setLevel(logging.ERROR)
+
+
+app = Flask(__name__)
+CORS(app, resources={r"/api/*": {"origins": "*"}})
+
+
+# Use threading mode to avoid eventlet monkey-patch issues with Scapy/IO
+socketio = SocketIO(app, cors_allowed_origins="*", async_mode="threading")
+
+
+# Mail initialization is left as-is but keep credentials out of source in production
+try:
+    from extensions import mail
+    app.config.update(
+        MAIL_SERVER="smtp.gmail.com",
+        MAIL_PORT=587,
+        MAIL_USE_TLS=True,
+        MAIL_USERNAME="yishu2005.ju@gmail.com",
+        MAIL_PASSWORD="prko cejt awef zmmi",
+        MAIL_DEFAULT_SENDER=("Adaptive AI NIDS", "yishu2005.ju@gmail.com")
+    )
+    mail.init_app(app)
+
+except Exception:
+# If mail is not available in dev/test, continue gracefully
+    pass
+
+
+# lazy import of sniffer so import side-effects are minimal
+sniffer = None
+
+
+def _get_sniffer():
+    global sniffer
+    if sniffer is None:
+        from capture.live_manager import sniffer as _s
+        sniffer = _s
+    return sniffer
+
+
+# Register blueprints lazily to avoid heavy imports at startup
+def register_blueprints(app):
+    from importlib import import_module
+
+
+    routes = [
+        ("routes.live_route", "live_bp", "/api/live"),
+        ("routes.logs_route", "logs_bp", "/api/logs"),
+        ("routes.predict_route", "predict_bp", "/api/predict"),
+        ("routes.reports_route", "reports_bp", "/api/reports"),
+        ("routes.ip_lookup_route", "ip_lookup_bp", "/api/ip"),
+        ("routes.geo_route", "geo_bp", "/api/geo"),
+        ("routes.alerts_route", "alerts_bp", "/api"),
+        ("routes.system_info", "system_bp", "/api"),
+        ("routes.ml_route", "ml_bp", "/api"),
+        ("routes.traffic_routes", "traffic_bp", "/api"),
+        ("routes.ml_switch_route","ml_switch","/api/model"),
+        ("routes.manual_predict_route","manual_predict","/api"),
+        ("routes.ai_route","ai_bp","/api/ai"),
+        ("routes.chat_route","chat_bp","/api"),
+        ("routes.offline_detection","offline_bp","/api/offline")
+    ]
+
+    for module_name, varname, prefix in routes:
+        try:
+            mod = import_module(module_name)
+            bp = getattr(mod, varname)
+            app.register_blueprint(bp, url_prefix=prefix)
+            print(f"✅ Registered route: {module_name} -> {prefix}")
+
+        except Exception as e:
+            print(f"⚠️ Skipping {module_name}: {e}")
+
+register_blueprints(app)
+
+
+@app.route("/")
+def home():
+    s = _get_sniffer()
+    return jsonify({
+    "status": "✅ Backend Active",
+    "capture_running": s.is_running() if s else False,
+    "tip": "Use /api/live/start and /api/live/stop to control capture"
+    })
+
+
+if __name__ == "__main__":
+    print("🚀 Starting Adaptive AI NIDS Backend (threading mode)...")
+    # Run without debug — debug spawns extra processes and uses more CPU
+    socketio.run(app, host="0.0.0.0", port=5000, debug=False)
+
+
+

backend/capture/live_capture.py

@@ -0,0 +1,620 @@
+# backend/capture/live_capture.py
+# Flow-aware live capture supporting both BCC (per-packet) and CICIDS (flow-aggregated)
+import os
+import time
+import threading
+import queue
+from datetime import datetime
+from collections import defaultdict, deque
+import numpy as np
+from scapy.all import sniff, IP, TCP, UDP  # keep scapy usage
+import joblib
+
+from utils.logger import push_event
+from socket_manager import emit_new_event
+from utils.model_selector import get_active_model, load_model
+
+# -------------------------
+# Tunables
+# -------------------------
+CAPTURE_QUEUE_MAX = 5000
+PROCESS_BATCH_SIZE = 40
+EMIT_INTERVAL = 0.5
+BPF_FILTER = "tcp or udp"
+SAMPLE_RATE = 0.45
+THROTTLE_PER_PACKET = 0.02
+
+# Flow builder tunables
+FLOW_IDLE_TIMEOUT = 1.5        # seconds of inactivity -> expire flow
+FLOW_PACKET_THRESHOLD = 50     # force flush if many packets
+FLOW_MAX_TRACKED = 20000       # limit number of active flows tracked to avoid memory explosion
+
+# -------------------------
+# Internal state
+# -------------------------
+_packet_queue = queue.Queue(maxsize=CAPTURE_QUEUE_MAX)
+_running = threading.Event()
+_last_emit = 0.0
+
+# Flow table and lock
+_flows = dict()          # flow_key -> Flow object
+_flows_lock = threading.Lock()
+
+# background threads
+_processor_thr = None
+_capture_thr = None
+_expiry_thr = None
+
+# -------------------------
+# Flow data container
+# -------------------------
+class Flow:
+    def __init__(self, first_pkt, ts):
+        # 5-tuple key derived externally
+        self.first_seen = ts
+        self.last_seen = ts
+        self.packets_total = 0
+        self.packets_fwd = 0
+        self.packets_bwd = 0
+        self.bytes_fwd = 0
+        self.bytes_bwd = 0
+        self.fwd_lens = []      # for mean
+        self.bwd_lens = []
+        self.inter_arrivals = []    # global IATs across flow
+        self.last_pkt_ts = ts
+        self.fwd_psh = 0
+        self.fwd_urg = 0
+        self.protocol = 6 if first_pkt.haslayer(TCP) else (17 if first_pkt.haslayer(UDP) else 0)
+        # store client/server ip+port orientation based on first packet's src/dst
+        self.client_ip = first_pkt[IP].src
+        self.server_ip = first_pkt[IP].dst
+        self.client_port = first_pkt.sport if hasattr(first_pkt, 'sport') else 0
+        self.server_port = first_pkt.dport if hasattr(first_pkt, 'dport') else 0
+
+    def update(self, pkt, ts):
+        self.packets_total += 1
+        # Determine direction relative to initial client/server
+        try:
+            src = pkt[IP].src
+            sport = pkt.sport if hasattr(pkt, 'sport') else 0
+            payload = bytes(pkt.payload) if pkt.payload else b""
+            plen = len(payload)
+        except Exception:
+            src = None; sport = 0; plen = 0
+
+        # if src equals initial client, it's forward
+        if src == self.client_ip and sport == self.client_port:
+            dir_fwd = True
+        else:
+            dir_fwd = False
+
+        if dir_fwd:
+            self.packets_fwd += 1
+            self.bytes_fwd += plen
+            self.fwd_lens.append(plen)
+            # flags
+            if pkt.haslayer(TCP):
+                flags = pkt[TCP].flags
+                if flags & 0x08:  # PSH
+                    self.fwd_psh += 1
+                if flags & 0x20:  # URG
+                    self.fwd_urg += 1
+        else:
+            self.packets_bwd += 1
+            self.bytes_bwd += plen
+            self.bwd_lens.append(plen)
+
+        # inter-arrival
+        iat = ts - (self.last_pkt_ts or ts)
+        if iat > 0:
+            self.inter_arrivals.append(iat)
+        self.last_pkt_ts = ts
+        self.last_seen = ts
+
+    def is_idle(self, now, idle_timeout):
+        return (now - self.last_seen) >= idle_timeout
+
+    def build_cicids_features(self, dst_port_override=None):
+        """
+        Build feature vector matching:
+        ['Protocol', 'Dst Port', 'Flow Duration', 'Tot Fwd Pkts', 'Tot Bwd Pkts',
+         'TotLen Fwd Pkts', 'TotLen Bwd Pkts', 'Fwd Pkt Len Mean', 'Bwd Pkt Len Mean',
+         'Flow IAT Mean', 'Fwd PSH Flags', 'Fwd URG Flags', 'Fwd IAT Mean']
+        -> returns list of floats/ints
+        """
+        duration = max(self.last_seen - self.first_seen, 0.000001)
+        tot_fwd = self.packets_fwd
+        tot_bwd = self.packets_bwd
+        totlen_fwd = float(self.bytes_fwd)
+        totlen_bwd = float(self.bytes_bwd)
+        fwd_mean = float(np.mean(self.fwd_lens)) if self.fwd_lens else 0.0
+        bwd_mean = float(np.mean(self.bwd_lens)) if self.bwd_lens else 0.0
+        flow_iat_mean = float(np.mean(self.inter_arrivals)) if self.inter_arrivals else 0.0
+        fwd_iat_mean = self._fwd_iat_mean()
+        proto = int(self.protocol)
+        # FIXED: respect explicit override even if zero
+        dst_port = self.server_port if dst_port_override is None else int(dst_port_override or 0)
+
+        return [
+            proto,
+            dst_port,
+            duration,
+            tot_fwd,
+            tot_bwd,
+            totlen_fwd,
+            totlen_bwd,
+            fwd_mean,
+            bwd_mean,
+            flow_iat_mean,
+            self.fwd_psh,
+            self.fwd_urg,
+            fwd_iat_mean
+        ]
+
+    def _fwd_iat_mean(self):
+        # approximate forward-only IATs by splitting inter_arrivals roughly (coarse)
+        # If we had per-direction timestamps we would measure precisely;
+        # here we approximate as global mean when forward packets exist.
+        if self.inter_arrivals and self.packets_fwd > 0:
+            return float(np.mean(self.inter_arrivals))
+        return 0.0
+
+# -------------------------
+# helpers: flow key
+# -------------------------
+def make_flow_key(pkt):
+    try:
+        ip = pkt[IP]
+        proto = 6 if pkt.haslayer(TCP) else (17 if pkt.haslayer(UDP) else 0)
+        sport = pkt.sport if hasattr(pkt, 'sport') else 0
+        dport = pkt.dport if hasattr(pkt, 'dport') else 0
+        # canonicalize tuple order to consider direction
+        return (ip.src, ip.dst, sport, dport, proto)
+    except Exception:
+        return None
+
+# -------------------------
+# queueing / sniff simple wrappers
+# -------------------------
+def _enqueue(pkt):
+    try:
+        _packet_queue.put_nowait((pkt, time.time()))
+    except queue.Full:
+        return
+
+def _packet_capture_worker(iface=None):
+    sniff(iface=iface, prn=_enqueue, store=False, filter=BPF_FILTER)
+
+# -------------------------
+# Expiry thread: periodically expire idle flows
+# -------------------------
+def _expiry_worker():
+    while _running.is_set():
+        time.sleep(0.5)
+        now = time.time()
+        to_flush = []
+        with _flows_lock:
+            keys = list(_flows.keys())
+            for k in keys:
+                f = _flows.get(k)
+                if f is None:
+                    continue
+                if f.is_idle(now, FLOW_IDLE_TIMEOUT) or f.packets_total >= FLOW_PACKET_THRESHOLD:
+                    to_flush.append(k)
+
+        if to_flush:
+            _process_and_emit_flows(to_flush)
+
+# -------------------------
+# core: process queue, update flows, flush when needed
+# -------------------------
+def _processor_worker():
+    global _last_emit
+    # lazy load initial model bundle
+    active = get_active_model()
+    model_bundle = load_model(active)
+    processor_model = model_bundle.get("model")
+    processor_scaler = model_bundle.get("scaler") or (model_bundle.get("artifacts") and model_bundle["artifacts"].get("scaler"))
+    processor_encoder = model_bundle.get("encoder") or (model_bundle.get("artifacts") and model_bundle["artifacts"].get("label_encoder"))
+
+    batch = []
+    while _running.is_set():
+        # refresh model if switched
+        new_active = get_active_model()
+        if new_active != active:
+            active = new_active
+            model_bundle = load_model(active)
+            processor_model = model_bundle.get("model")
+            processor_scaler = model_bundle.get("scaler") or (model_bundle.get("artifacts") and model_bundle["artifacts"].get("scaler"))
+            processor_encoder = model_bundle.get("encoder") or (model_bundle.get("artifacts") and model_bundle["artifacts"].get("label_encoder"))
+            print(f"[live_capture] switched active model to {active}")
+
+        try:
+            pkt, ts = _packet_queue.get(timeout=0.5)
+        except queue.Empty:
+            # flush small batches if exist (not required)
+            continue
+
+        # sampling, ignore some traffic
+        if np.random.rand() > SAMPLE_RATE:
+            continue
+        if not pkt.haslayer(IP):
+            continue
+
+        # BCC path: still do per-packet predictions if active 'bcc'
+        if active == "bcc":
+            batch.append((pkt, ts))
+            if len(batch) >= PROCESS_BATCH_SIZE or _packet_queue.empty():
+                _process_bcc_batch(batch, processor_model, processor_scaler, processor_encoder)
+                batch.clear()
+            continue
+
+        # CICIDS path: update flow table
+        key = make_flow_key(pkt)
+        if key is None:
+            continue
+
+        # Prevent runaway flows table
+        with _flows_lock:
+            if len(_flows) > FLOW_MAX_TRACKED:
+                # flush oldest flows (heuristic) to free space
+                # choose keys ordered by last_seen
+                items = list(_flows.items())
+                items.sort(key=lambda kv: kv[1].last_seen)
+                n_to_remove = int(len(items) * 0.1) or 100
+                keys_to_flush = [k for k, _ in items[:n_to_remove]]
+                # flush asynchronously
+                threading.Thread(target=_process_and_emit_flows, args=(keys_to_flush,), daemon=True).start()
+
+            flow = _flows.get(key)
+            if flow is None:
+                # new flow
+                flow = Flow(pkt, ts)
+                _flows[key] = flow
+
+        # update outside big lock (Flow.update is mostly per-flow)
+        flow.update(pkt, ts)
+
+        # flush immediately if surpass threshold
+        if flow.packets_total >= FLOW_PACKET_THRESHOLD:
+            _process_and_emit_flows([key])
+
+    # when stopped, flush all
+    with _flows_lock:
+        keys = list(_flows.keys())
+    if keys:
+        _process_and_emit_flows(keys)
+
+
+# -------------------------
+# Process BCC batch (existing behavior)
+# -------------------------
+def _process_bcc_batch(batch, model, scaler, encoder):
+    events = []
+    features_list = []
+    for pkt, ts in batch:
+        # reuse earlier extraction (simple)
+        features = _extract_bcc_vector(pkt)
+        features_list.append(features)
+
+    X = np.asarray(features_list, dtype=float)
+    if scaler is not None:
+        try:
+            Xs = scaler.transform(X)
+        except Exception:
+            Xs = X
+    else:
+        Xs = X
+
+    if model is not None:
+        try:
+            preds = model.predict(Xs)
+            probs = model.predict_proba(Xs) if hasattr(model, "predict_proba") else None
+        except Exception as e:
+            preds = [None] * len(Xs)
+            probs = None
+            print("[live_capture] BCC model predict failed:", e)
+    else:
+        preds = [None] * len(Xs)
+        probs = None
+
+    for i, (pkt, ts) in enumerate(batch):
+        pred = preds[i]
+        conf = float(np.max(probs[i])) if (probs is not None and len(probs) > i) else None
+        try:
+            decoded = encoder.inverse_transform([int(pred)])[0] if encoder else str(pred)
+        except Exception:
+            decoded = str(pred)
+
+        evt = {
+            "time": datetime.now().strftime("%H:%M:%S"),
+            "src_ip": pkt[IP].src,
+            "dst_ip": pkt[IP].dst,
+            "sport": (pkt.sport if (pkt.haslayer(TCP) or pkt.haslayer(UDP)) else 0),
+            "dport": (pkt.dport if (pkt.haslayer(TCP) or pkt.haslayer(UDP)) else 0),
+            "proto": "TCP" if pkt.haslayer(TCP) else ("UDP" if pkt.haslayer(UDP) else "OTHER"),
+            "prediction": decoded,
+            "confidence": conf if conf is None or isinstance(conf, float) else float(conf),
+            "packet_meta": extract_packet_metadata(pkt)   # <-- NEW
+}
+
+        try:
+            push_event(evt)
+        except Exception:
+            pass
+        events.append(evt)
+
+    # emit once per batch
+    if events:
+        try:
+            emit_new_event({"items": events, "count": len(events)})
+        except Exception:
+            pass
+
+
+def _extract_bcc_vector(pkt):
+    # this matches your old extract_bcc_features but kept minimal and robust
+    try:
+        proto = 6 if pkt.haslayer(TCP) else (17 if pkt.haslayer(UDP) else 1)
+        src_port = pkt.sport if pkt.haslayer(TCP) or pkt.haslayer(UDP) else 0
+        dst_port = pkt.dport if pkt.haslayer(TCP) or pkt.haslayer(UDP) else 0
+
+        payload = bytes(pkt.payload) if pkt.payload else b""
+        plen = len(payload)
+        header = max(len(pkt) - plen, 0)
+
+        syn = 1 if pkt.haslayer(TCP) and pkt[TCP].flags & 0x02 else 0
+        ack = 1 if pkt.haslayer(TCP) and pkt[TCP].flags & 0x10 else 0
+        rst = 1 if pkt.haslayer(TCP) and pkt[TCP].flags & 0x04 else 0
+        fin = 1 if pkt.haslayer(TCP) and pkt[TCP].flags & 0x01 else 0
+
+        return [
+            proto,
+            src_port,
+            dst_port,
+            0.001,
+            1,
+            1,
+            0,
+            plen,
+            header,
+            plen / 0.002 if 0.002 else plen,
+            1 / 0.002 if 0.002 else 1,
+            syn,
+            ack,
+            rst,
+            fin
+        ]
+    except Exception:
+        return [0] * 15
+
+
+# -------------------------
+# Packet-level metadata extractor
+# -------------------------
+def extract_packet_metadata(pkt):
+    """Extract detailed packet-level metadata for frontend display."""
+    meta = {}
+
+    # IP-level metadata
+    try:
+        meta["ttl"] = pkt[IP].ttl if pkt.haslayer(IP) else None
+        meta["pkt_len"] = len(pkt)
+    except:
+        meta["ttl"] = None
+        meta["pkt_len"] = None
+
+    # TCP metadata
+    if pkt.haslayer(TCP):
+        tcp = pkt[TCP]
+        try:
+            meta["seq"] = int(tcp.seq)
+            meta["ack"] = int(tcp.ack)
+            meta["window"] = int(tcp.window)
+            meta["flags"] = str(tcp.flags)
+            meta["header_len"] = tcp.dataofs * 4  # Data offset (words)
+        except:
+            meta["seq"] = None
+            meta["ack"] = None
+            meta["window"] = None
+            meta["flags"] = None
+            meta["header_len"] = None
+    else:
+        meta["seq"] = None
+        meta["ack"] = None
+        meta["window"] = None
+        meta["flags"] = None
+        meta["header_len"] = None
+
+    # Payload length
+    try:
+        payload = bytes(pkt.payload)
+        meta["payload_len"] = len(payload)
+    except:
+        meta["payload_len"] = None
+
+    return meta
+
+# -------------------------
+# flush flows and emit/predict
+# -------------------------
+def _process_and_emit_flows(keys):
+    # keys: list of flow_keys to flush; safe to call from any thread
+    # collect features for predict, delete flows
+    to_predict = []
+    mapping = []  # keep (flow_key, flow_obj) for events
+    with _flows_lock:
+        for k in keys:
+            f = _flows.pop(k, None)
+            if f:
+                mapping.append((k, f))
+
+    if not mapping:
+        return
+
+    # create features list
+    for k, f in mapping:
+        feat = f.build_cicids_features()
+        to_predict.append((k, f, feat))
+
+    X = np.array([t[2] for t in to_predict], dtype=float)
+    # lazy load latest model bundle (in case switching)
+    active = get_active_model()
+    bundle = load_model(active)
+    model = bundle.get("model")
+    scaler = None
+    artifacts = bundle.get("artifacts")
+
+    # try to get scaler from bundle/artifacts
+    if bundle.get("scaler") is not None:
+        scaler = bundle.get("scaler")
+    elif artifacts and artifacts.get("scaler") is not None:
+        scaler = artifacts.get("scaler")
+
+    if scaler is not None:
+        try:
+            # If scaler expects dataframe shape, it should still accept ndarray
+            Xs = scaler.transform(X)
+        except Exception as e:
+            print("[live_capture] cicids scaler transform failed:", e)
+            Xs = X
+    else:
+        Xs = X
+
+    preds = []
+    probs = None
+    if model is not None:
+        try:
+            preds = model.predict(Xs)
+            if hasattr(model, "predict_proba"):
+                try:
+                    probs = model.predict_proba(Xs)
+                except Exception:
+                    probs = None
+        except Exception as e:
+            print("[live_capture] cicids model predict failed:", e)
+            preds = [None] * len(Xs)
+            probs = None
+    else:
+        preds = [None] * len(Xs)
+
+    # build events and emit/push
+    events = []
+    for i, (k, f, feat) in enumerate(to_predict):
+        pred = preds[i]
+        conf = float(np.max(probs[i])) if (probs is not None and len(probs) > i) else None
+
+        # -------------------------
+        # SIMPLIFIED LABEL DECODING
+        # -------------------------
+        # Your RF pipeline outputs string labels directly (e.g. 'DoS attacks-Hulk', 'BENIGN').
+        # So keep it simple and safe:
+        try:
+            label = str(pred)
+        except Exception:
+            label = repr(pred)
+
+        evt = {
+            "time": datetime.now().strftime("%H:%M:%S"),
+            "src_ip": f.client_ip,
+            "dst_ip": f.server_ip,
+            "sport": f.client_port,
+            "dport": f.server_port,
+            "proto": "TCP" if f.protocol == 6 else ("UDP" if f.protocol == 17 else "OTHER"),
+            "prediction": label,
+            "confidence": conf if conf is None or isinstance(conf, float) else float(conf),
+            "features": feat,
+            "flow_summary": {
+                "packets_fwd": f.packets_fwd,
+                "packets_bwd": f.packets_bwd,
+                "bytes_fwd": f.bytes_fwd,
+                "bytes_bwd": f.bytes_bwd,
+                "duration": f.last_seen - f.first_seen,
+                "fwd_mean_len": float(np.mean(f.fwd_lens)) if f.fwd_lens else 0.0
+    }
+}
+
+        try:
+            push_event(evt)
+        except Exception:
+            pass
+        events.append(evt)
+
+    if events:
+        try:
+            emit_new_event({"items": events, "count": len(events)})
+        except Exception:
+            pass
+
+# -------------------------
+# start/stop API (keeps your old signatures)
+# -------------------------
+def start_live_capture_packet_mode(iface=None):
+    """Start packet capture + processor + expiry threads."""
+    global _processor_thr, _capture_thr, _expiry_thr
+    if _running.is_set():
+        print("Already running")
+        return
+    _running.set()
+    _processor_thr = threading.Thread(target=_processor_worker, daemon=True)
+    _capture_thr = threading.Thread(target=_packet_capture_worker, kwargs={"iface": iface}, daemon=True)
+    _expiry_thr = threading.Thread(target=_expiry_worker, daemon=True)
+    _processor_thr.start()
+    _capture_thr.start()
+    _expiry_thr.start()
+    print("Live capture started (flow-aware)")
+
+def stop_live_capture():
+    _running.clear()
+    time.sleep(0.2)
+    # flush all flows and stop
+    with _flows_lock:
+        keys = list(_flows.keys())
+    if keys:
+        _process_and_emit_flows(keys)
+    print("Stopping capture...")
+
+def is_running():
+    return _running.is_set()
+
+# -------------------------
+# Small test helpers (simulate simple flow packets)
+# -------------------------
+def _make_fake_pkt(src, dst, sport, dport, proto='TCP', payload_len=100, flags=0x18):
+    """Return a tiny object resembling scapy packet for testing without scapy."""
+    # If scapy present prefer to build actual IP/TCP
+    try:
+        if proto.upper() == 'TCP':
+            from scapy.all import IP, TCP
+            pkt = IP(src=src, dst=dst)/TCP(sport=sport, dport=dport, flags=flags)/("X"*payload_len)
+            return pkt
+        elif proto.upper() == 'UDP':
+            from scapy.all import IP, UDP
+            pkt = IP(src=src, dst=dst)/UDP(sport=sport, dport=dport)/("X"*payload_len)
+            return pkt
+    except Exception:
+        # fallback plain namespace
+        class SimplePkt:
+            def __init__(self):
+                self.payload = b"X"*payload_len
+                self.len = payload_len + 40
+            def haslayer(self, cls):
+                return False
+        return SimplePkt()
+
+def simulate_flow(src="10.0.0.1", dst="10.0.0.2", sport=1234, dport=80, count=6, interval=0.1):
+    """Quick local simulator: pushes `count` fake packets for a flow into the queue."""
+    for i in range(count):
+        pkt = _make_fake_pkt(src, dst, sport, dport, proto='TCP', payload_len=100, flags=0x18)
+        _enqueue((pkt, time.time())) if False else _packet_queue.put_nowait((pkt, time.time()))
+        time.sleep(interval)
+
+# ----------------------------------------------------------------------------
+# If you want to test this module interactively:
+# 1) from backend.capture import live_capture
+# 2) live_capture.start_live_capture_packet_mode()
+# 3) call live_capture.simulate_flow(...) or send real packets
+# 4) view server logs, or GET /api/live/recent to see events (existing route)
+# ----------------------------------------------------------------------------
+
+

backend/capture/live_manager.py

@@ -0,0 +1,57 @@
+# live_manager.py (Optimized)
+# -------------------------------------------------------------
+import threading
+import time
+from typing import Optional
+from .live_capture import start_live_capture_packet_mode, stop_live_capture, is_running
+from utils.logger import get_recent_events, get_model_stats, get_active_model
+
+
+class LiveSniffer:
+    def __init__(self):
+        self._thr: Optional[threading.Thread] = None
+        self._lock = threading.Lock()
+        self._iface = None
+        self._last_start_time = None
+
+    def start(self, iface=None, packet_limit=0):
+        with self._lock:
+            if is_running():
+                print("Already running.")
+                return
+            self._iface = iface
+            self._last_start_time = time.strftime("%H:%M:%S")
+
+        def _worker():
+            print(f"LiveSniffer started on interface={iface or 'default'}")
+            try:
+                # FIX: start_live_capture_packet_mode signature accepts iface only
+                start_live_capture_packet_mode(iface=self._iface)
+            except Exception as e:
+                print("Sniffer error:", e)
+            print("LiveSniffer thread exit.")
+
+        self._thr = threading.Thread(target=_worker, daemon=True)
+        self._thr.start()
+
+    def stop(self):
+        with self._lock:
+            if not is_running():
+                print("Already stopped.")
+                return
+        stop_live_capture()
+
+        if self._thr and self._thr.is_alive():
+            self._thr.join(timeout=3)
+        print("Sniffer fully stopped.")
+
+    def is_running(self) -> bool:
+        return is_running()
+
+    
+    def recent(self, n=200):
+        return get_recent_events(get_active_model(), n)
+    def stats(self):
+        return get_model_stats(get_active_model())
+
+sniffer = LiveSniffer()

backend/extensions.py

@@ -0,0 +1,4 @@
+# backend/extensions.py
+from flask_mail import Mail
+
+mail = Mail()

backend/flow_builder.py

@@ -0,0 +1,35 @@
+# flow_builder.py
+from collections import defaultdict
+
+def build_flows(events):
+    flows = defaultdict(lambda: {
+        "src_ip": "",
+        "dst_ip": "",
+        "sport": "",
+        "dport": "",
+        "proto": "",
+        "packets": 0,
+        "bytes": 0,
+        "first_seen": "",
+        "last_seen": "",
+    })
+
+    for e in events:
+        key = (e["src_ip"], e["dst_ip"], e["sport"], e["dport"], e["proto"])
+        f = flows[key]
+
+        f["src_ip"] = e["src_ip"]
+        f["dst_ip"] = e["dst_ip"]
+        f["sport"] = e["sport"]
+        f["dport"] = e["dport"]
+        f["proto"] = e["proto"]
+
+        f["packets"] += 1
+        f["bytes"] += 1500   # approximation (or use real payload length if available)
+
+        # Update timestamps
+        if not f["first_seen"]:
+            f["first_seen"] = e.get("time")
+        f["last_seen"] = e.get("time")
+
+    return list(flows.values())

backend/generated_reports/traffic_logs.csv

@@ -0,0 +1,8 @@
+date,VPN,TOR,I2P,DDoS
+2025-11-06,3,1,0,5
+2025-11-07,4,3,1,7
+2025-11-08,7,2,0,6
+2025-11-09,5,4,2,8
+2025-11-10,2,3,1,4
+2025-11-11,6,2,1,6
+2025-11-12,3,1,0,5

backend/list_groq_models.py

@@ -0,0 +1,13 @@
+import os
+import requests
+
+API_KEY = os.getenv("GROQ_API_KEY")
+if not API_KEY:
+    raise RuntimeError("Set env GROQ_API_KEY")
+
+resp = requests.get(
+    "https://api.groq.com/v1/models",
+    headers={"Authorization": f"Bearer {API_KEY}"}
+)
+print("Status:", resp.status_code)
+print("Response:", resp.text)

backend/reporting/pdf_report.py

@@ -0,0 +1,58 @@
+from fpdf import FPDF
+import pandas as pd, os
+from utils.logger import log_path
+
+class NIDSReportPDF(FPDF):
+    def header(self):
+        self.set_font("Helvetica", "B", 18)
+        self.cell(0, 10, "NIDS - Network Intrusion Detection Report", ln=True, align="C")
+        self.ln(5)
+
+    def footer(self):
+        self.set_y(-15)
+        self.set_font("Helvetica", "I", 9)
+        self.cell(0, 10, f"Page {self.page_no()}/{{nb}}", align="C")
+
+def generate_pdf_bytes(n=300):
+    """Generate PDF summary of recent events."""
+    df = pd.read_csv(log_path) if os.path.exists(log_path) else pd.DataFrame()
+
+    pdf = NIDSReportPDF()
+    pdf.alias_nb_pages()
+    pdf.add_page()
+    pdf.set_font("Helvetica", "", 12)
+
+    pdf.cell(0, 10, f"Last {n} Events Summary", ln=True)
+    pdf.ln(5)
+
+    if len(df) == 0:
+        pdf.cell(0, 10, "No data available.", ln=True)
+    else:
+        df = df.tail(n)
+        counts = df["prediction"].value_counts().to_dict() if "prediction" in df.columns else {}
+
+        pdf.cell(0, 10, "Prediction Distribution:", ln=True)
+        pdf.ln(4)
+        for label, count in counts.items():
+            pdf.cell(0, 10, f"{label}: {count}", ln=True)
+
+        pdf.ln(8)
+        pdf.cell(0, 10, "Sample Events:", ln=True)
+        pdf.ln(4)
+
+        # limit to 10 sample rows
+        cols = ["time", "src", "dst", "proto", "prediction"]
+        cols = [c for c in cols if c in df.columns]
+        for _, row in df.tail(10).iterrows():
+            line = " | ".join(str(row[c]) for c in cols)
+            if len(line) > 150:
+                line = line[:147] + "..."
+                pdf.multi_cell(0, 8, line)
+
+    # return as bytes
+    output = pdf.output(dest="S")
+    if isinstance(output, (bytes, bytearray)):
+        return bytes(output)
+    else:
+        return bytes(output.encode("latin1", "ignore"))
+

backend/requirements.txt

@@ -0,0 +1,34 @@
+appdirs==1.4.4
+blinker==1.9.0
+click==8.3.0
+colorama==0.4.6
+contourpy==1.3.3
+cycler==0.12.1
+Flask==3.1.2
+flask-cors==6.0.1
+fonttools==4.60.1
+itsdangerous==2.2.0
+Jinja2==3.1.6
+joblib==1.5.2
+kiwisolver==1.4.9
+lightgbm==4.6.0
+lxml==6.0.2
+MarkupSafe==3.0.3
+matplotlib==3.10.7
+numpy==2.3.4
+packaging==25.0
+pandas==2.3.3
+pillow==12.0.0
+pyparsing==3.2.5
+pyshark==0.6
+python-dateutil==2.9.0.post0
+pytz==2025.2
+scapy==2.6.1
+scikit-learn==1.7.2
+scipy==1.16.3
+seaborn==0.13.2
+six==1.17.0
+termcolor==3.2.0
+threadpoolctl==3.6.0
+tzdata==2025.2
+Werkzeug==3.1.3

backend/retrain_requests.jsonl

@@ -0,0 +1 @@
+{"model": "cicids", "expected": "Brute Force -XSS", "predicted": "DoS attacks-Slowloris", "values": [6, 80, 5000000, 2, 2, 120, 120, 60, 60, 2000000, 0, 0, 2000000], "note": "Model is wrong"}

backend/routes/ai_route.py

@@ -0,0 +1,40 @@
+# routes/ai_route.py
+# --------------------------------------
+from flask import Blueprint, request, jsonify
+from utils.ai_engine import explain_threat, summarize_events
+from utils.logger import get_recent_events, get_active_model
+
+ai_bp = Blueprint("ai_bp", __name__)
+
+
+@ai_bp.route("/explain", methods=["POST"])
+def ai_explain():
+    """
+    Body: JSON event (one row from table)
+    Returns: {"explanation": "..."}
+    """
+    data = request.get_json() or {}
+    try:
+        text = explain_threat(data)
+        return jsonify({"ok": True, "explanation": text})
+    except Exception as e:
+        print("AI explain error:", e)
+        return jsonify({"ok": False, "error": str(e)}), 500
+
+
+@ai_bp.route("/summary", methods=["GET"])
+def ai_summary():
+    """
+    Query: ?model=bcc&n=200
+    Returns: {"ok": True, "summary": "..."}
+    """
+    model = request.args.get("model", get_active_model())
+    n = int(request.args.get("n", 200))
+
+    try:
+        events = get_recent_events(model, n)
+        text = summarize_events(events, model=model)
+        return jsonify({"ok": True, "summary": text, "count": len(events), "model": model})
+    except Exception as e:
+        print("AI summary error:", e)
+        return jsonify({"ok": False, "error": str(e)}), 500

backend/routes/alerts_route.py

@@ -0,0 +1,82 @@
+from flask import Blueprint, jsonify
+from flask_cors import cross_origin
+from utils.logger import get_recent_events
+from utils.risk_engine import compute_risk_score
+from datetime import datetime
+
+alerts_bp = Blueprint("alerts", __name__)
+
+# ---------------------------------------------------------
+# Deduce risk based on prediction (simple + stable)
+# ---------------------------------------------------------
+def classify_risk(prediction):
+    if prediction in ["TOR", "I2P", "ZERONET", "FREENET"]:
+        return "High"
+    if prediction in ["VPN"]:
+        return "Medium"
+    return "Low"
+
+
+@alerts_bp.route("/alerts", methods=["GET"])
+@cross_origin()
+def get_alerts():
+    """
+    Returns ONLY real alerts (Medium + High)
+    with stable risk scoring and time sorting.
+    Fully compatible with optimized logger.
+    """
+    try:
+        raw_events = get_recent_events()
+        alerts = []
+
+        for e in raw_events:
+            pred = e.get("prediction", "Unknown")
+
+            # -------------------------------
+            # Recompute Risk
+            # -------------------------------
+            risk = classify_risk(pred)
+
+            if risk == "Low":
+                continue  # do NOT include normal traffic
+
+            # -------------------------------
+            # Stable risk score (0-100)
+            # -------------------------------
+            try:
+                risk_score = compute_risk_score(e)
+            except:
+                # fallback scoring
+                risk_score = 90 if risk == "High" else 60
+
+            # -------------------------------
+            # Build alert payload
+            # -------------------------------
+            alerts.append({
+                "timestamp": datetime.now().strftime("%H:%M:%S"),
+                "time": e.get("time"),
+                "src_ip": e.get("src_ip"),
+                "dst_ip": e.get("dst_ip"),
+                "sport": e.get("sport", "—"),
+                "dport": e.get("dport", "—"),
+                "proto": e.get("proto", "-"),
+                "prediction": pred,
+                "risk_level": risk,
+                "risk_score": risk_score,
+            })
+
+        # ------------------------------------------------
+        # Sort newest first (based on event time)
+        # ------------------------------------------------
+        alerts = sorted(alerts, key=lambda x: x["time"], reverse=True)
+
+        return jsonify({
+            "count": len(alerts),
+            "alerts": alerts[:150],  # limit for UI performance
+            "timestamp": datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        })
+
+    except Exception as err:
+        print("❌ Alerts API error:", err)
+        return jsonify({"error": str(err)}), 500
+

backend/routes/chat_route.py

@@ -0,0 +1,26 @@
+from flask import Blueprint, request, jsonify
+from groq import Groq
+import os
+
+chat_bp = Blueprint("chat_bp", __name__)
+client = Groq(api_key=os.getenv("GROQ_API_KEY"))
+
+@chat_bp.route("/chat", methods=["POST"])
+def chat():
+    try:
+        data = request.get_json()
+        msg = data.get("message", "")
+
+        result = client.chat.completions.create(
+            model="llama-3.1-8b-instant",
+            messages=[{"role": "user", "content": msg}]
+        )
+
+        reply = result.choices[0].message.content
+
+        return jsonify({"reply": reply})
+
+    except Exception as e:
+        print("Chat error:", e)
+        return jsonify({"error": str(e)}), 500
+

backend/routes/geo_route.py

@@ -0,0 +1,33 @@
+# ==========================================
+# 🌍 GEO ROUTE — Adaptive AI NIDS
+# ------------------------------------------
+# ✅ /api/geo/resolve?ip=<ip>
+# ✅ /api/geo/recent
+# ==========================================
+
+from flask import Blueprint, jsonify, request
+from utils.geo_lookup import get_geo_info, enrich_event_with_geo
+from utils.logger import get_recent_events
+
+geo_bp = Blueprint("geo", __name__)
+
+# 🔹 Resolve a single IP (for IPInfoModal)
+@geo_bp.route("/resolve")
+def resolve_ip():
+    ip = request.args.get("ip")
+    if not ip:
+        return jsonify({"error": "Missing IP parameter"}), 400
+    info = get_geo_info(ip)
+    return jsonify(info), 200
+
+
+# 🔹 Return recent events enriched with geo (for map)
+@geo_bp.route("/recent")
+def geo_recent():
+    try:
+        events = get_recent_events()
+        geo_events = [enrich_event_with_geo(e) for e in events[-200:]]
+        return jsonify(geo_events), 200
+    except Exception as e:
+        print("⚠️ Geo recent error:", e)
+        return jsonify({"error": str(e)}), 500

backend/routes/ip_lookup_route.py

@@ -0,0 +1,148 @@
+import requests
+import ipaddress
+from flask import Blueprint, jsonify, request
+from flask_cors import cross_origin
+from datetime import datetime
+
+ip_lookup_bp = Blueprint("ip_lookup", __name__)
+
+# 🔹 Cache lookups to reduce API load
+_ip_cache = {}
+
+# ======================================
+# 🚨 RISK CLASSIFIER
+# ======================================
+def _guess_risk(org_name: str):
+    org = (org_name or "").lower()
+    if any(k in org for k in ["tor", "anonym", "i2p"]):
+        return {"level": "High", "score": 95, "reason": "Anonymizing service (TOR/I2P detected)"}
+    if any(k in org for k in ["vpn", "proxy", "tunnel"]):
+        return {"level": "Medium", "score": 80, "reason": "VPN or proxy-based routing"}
+    if any(k in org for k in ["aws", "gcp", "digitalocean", "azure", "oracle"]):
+        return {"level": "Medium", "score": 70, "reason": "Cloud-hosted server (possible C2 or proxy)"}
+    return {"level": "Low", "score": 40, "reason": "Likely clean residential or enterprise IP"}
+
+
+# ======================================
+# ⚙️ IP DATA NORMALIZATION
+# ======================================
+def _normalize_data(ip, d: dict, api_source: str):
+    """Unify structure across ipapi.co and ipwho.is"""
+    if not d:
+        return {"error": "No data"}
+
+    try:
+        if api_source == "ipapi":
+            org = d.get("org", "")
+            return {
+                "ip": ip,
+                "city": d.get("city"),
+                "region": d.get("region"),
+                "country_name": d.get("country_name"),
+                "continent_code": d.get("continent_code"),
+                "org": org,
+                "asn": d.get("asn"),
+                "version": d.get("version", "IPv4"),
+                "latitude": float(d.get("latitude", 0)),
+                "longitude": float(d.get("longitude", 0)),
+                "timezone": d.get("timezone"),
+                "risk": _guess_risk(org),
+                "flag": f"https://flagsapi.com/{d.get('country_code','US')}/flat/32.png"
+            }
+        elif api_source == "ipwhois":
+            org = d.get("connection", {}).get("isp", "")
+            return {
+                "ip": ip,
+                "city": d.get("city"),
+                "region": d.get("region"),
+                "country_name": d.get("country"),
+                "continent_code": d.get("continent"),
+                "org": org,
+                "asn": d.get("connection", {}).get("asn"),
+                "version": d.get("type", "IPv4"),
+                "latitude": float(d.get("latitude", 0)),
+                "longitude": float(d.get("longitude", 0)),
+                "timezone": d.get("timezone"),
+                "risk": _guess_risk(org),
+                "flag": f"https://flagsapi.com/{d.get('country_code','US')}/flat/32.png"
+            }
+    except Exception:
+        pass
+
+    return {"error": "Normalization failed"}
+
+
+# ======================================
+# 🔍 LOOKUP (PRIVATE or PUBLIC)
+# ======================================
+def lookup_ip_data(ip: str):
+    """Internal helper for backend components (non-JSON)."""
+    try:
+        if not ip:
+            return {"error": "Empty IP"}
+
+        # Check cache first
+        if ip in _ip_cache:
+            return _ip_cache[ip]
+
+        # Handle local/private IPs
+        if ipaddress.ip_address(ip).is_private:
+            info = {
+                "ip": ip,
+                "city": "Bengaluru",
+                "region": "Private Range",
+                "country_name": "India",
+                "org": "Local Device",
+                "asn": "LAN",
+                "version": "IPv4",
+                "latitude": 12.9716,
+                "longitude": 77.5946,
+                "risk": {"level": "Low", "score": 20, "reason": "Private/local IP"},
+                "flag": "https://flagsapi.com/IN/flat/32.png"
+            }
+            _ip_cache[ip] = info
+            return info
+
+        # === Try ipapi.co ===
+        try:
+            r = requests.get(f"https://ipapi.co/{ip}/json/", timeout=4)
+            if r.ok:
+                d = r.json()
+                if not d.get("error"):
+                    info = _normalize_data(ip, d, "ipapi")
+                    _ip_cache[ip] = info
+                    return info
+        except Exception:
+            pass
+
+        # === Fallback: ipwho.is ===
+        try:
+            r = requests.get(f"https://ipwho.is/{ip}", timeout=4)
+            d = r.json()
+            if d.get("success"):
+                info = _normalize_data(ip, d, "ipwhois")
+                _ip_cache[ip] = info
+                return info
+        except Exception:
+            pass
+
+    except Exception as e:
+        return {"error": str(e)}
+
+    return {"error": "Could not fetch IP info"}
+
+
+# ======================================
+# 🌍 EXTERNAL API ENDPOINT
+# ======================================
+@ip_lookup_bp.route("/lookup/<ip>", methods=["GET"])
+@cross_origin()
+def lookup_ip(ip):
+    """Public API: Look up an IP's geolocation + threat risk."""
+    data = lookup_ip_data(ip)
+    if "error" in data:
+        return jsonify(data), 404
+
+    data["lookup_time"] = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+    return jsonify(data)
+

backend/routes/live_route.py

@@ -0,0 +1,53 @@
+# ==============================================================
+# live_route.py — Flask routes for controlling live capture
+# ==============================================================
+
+from flask import Blueprint, jsonify, request
+from capture.live_manager import sniffer
+import numpy as np
+import math
+
+
+live_bp = Blueprint("live_bp", __name__)
+
+@live_bp.route("/start")
+def start_live():
+    iface = request.args.get("iface")
+    sniffer.start(iface=iface)
+    return jsonify({"status": "started", "running": sniffer.is_running()})
+
+@live_bp.route("/stop")
+def stop_live():
+    sniffer.stop()
+    return jsonify({"status": "stopped", "running": sniffer.is_running()})
+
+@live_bp.route("/status")
+def status():
+    return jsonify({"running": sniffer.is_running()})
+
+@live_bp.route("/recent")
+def recent():
+    events = sniffer.recent()
+
+    safe_events = []
+    for e in events:
+        safe = {}
+        for k, v in e.items():
+            
+            # convert numpy ints/floats to python native
+            if isinstance(v, (np.generic,)):
+                v = v.item()
+
+            # replace None / NaN with string
+            if v is None or (isinstance(v, float) and math.isnan(v)):
+                v = "Unknown"
+
+            safe[str(k)] = v
+
+        safe_events.append(safe)
+
+    return jsonify({"events": safe_events}), 200
+
+@live_bp.route("/stats")
+def stats():
+    return jsonify(sniffer.stats())

backend/routes/logs_route.py

@@ -0,0 +1,137 @@
+from flask import Blueprint, send_file, jsonify, request
+import os
+from utils.logger import (
+    BCC_LOG_FILE,
+    CICIDS_LOG_FILE,
+    LOG_FILE,
+    get_recent_events,
+    get_model_stats,
+    clear_last_events,
+    delete_by_prediction,
+    delete_by_index,
+    get_active_model
+)
+
+logs_bp = Blueprint("logs", __name__)
+
+
+# -------------------------------
+# DOWNLOAD CSV LOG FILE (global)
+# -------------------------------
+@logs_bp.route("/download", methods=["GET"])
+def download_logs():
+    model = request.args.get("model")
+
+    # MODEL-SPECIFIC CSVs
+    if model == "bcc":
+        path = BCC_LOG_FILE
+    elif model == "cicids":
+        path = CICIDS_LOG_FILE
+    else:
+        # fallback — global CSV
+        path = LOG_FILE
+
+    if not os.path.exists(path):
+        return jsonify({"error": "Log file not found"}), 404
+
+    return send_file(
+        path,
+        as_attachment=True,
+        download_name=f"{model}_logs.csv" if model else "traffic_logs.csv",
+        mimetype="text/csv",
+    )
+
+
+
+# -------------------------------
+# DOWNLOAD MODEL-SPECIFIC JSON
+# -------------------------------
+@logs_bp.route("/download/json", methods=["GET"])
+def download_json_logs():
+    try:
+        model = request.args.get("model", get_active_model())
+        events = get_recent_events(model)
+        return jsonify({"model": model, "count": len(events), "events": events})
+    except Exception as e:
+        print("❌ JSON log fetch error:", e)
+        return jsonify({"error": "Failed to fetch logs"}), 500
+
+
+# -------------------------------
+# CLEAR MODEL-WISE LAST N EVENTS
+# -------------------------------
+@logs_bp.route("/clear", methods=["POST"])
+def clear_logs():
+    try:
+        model = request.args.get("model", get_active_model())
+        n = int(request.args.get("n", 50))
+
+        clear_last_events(model, n)
+
+        print(f"🧹 Cleared last {n} events for model={model}")
+        return jsonify({"status": "ok", "deleted": n, "model": model})
+    except Exception as e:
+        print("❌ Clear logs error:", e)
+        return jsonify({"error": str(e)}), 500
+
+
+# -------------------------------
+# CLEAR MODEL-WISE BY PREDICTION
+# -------------------------------
+@logs_bp.route("/clear_pred", methods=["POST"])
+def clear_pred():
+    pred = request.args.get("pred")
+    model = request.args.get("model", get_active_model())
+
+    if not pred:
+        return jsonify({"error": "Missing 'pred' parameter"}), 400
+
+    try:
+        delete_by_prediction(model, pred)
+        print(f"🧹 Deleted all events for prediction={pred} in model={model}")
+        return jsonify({"status": "ok", "deleted_pred": pred, "model": model})
+    except Exception as e:
+        print("❌ Clear prediction error:", e)
+        return jsonify({"error": str(e)}), 500
+
+
+# -------------------------------
+# DELETE ONE ROW MODEL-WISE
+# -------------------------------
+@logs_bp.route("/delete_one", methods=["POST"])
+def delete_one():
+    try:
+        model = request.args.get("model", get_active_model())
+        idx = int(request.args.get("index", -1))
+
+        ok = delete_by_index(model, idx)
+
+        if ok:
+            print(f"🗑️ Deleted row index={idx} from model={model}")
+            return jsonify({"status": "ok", "index": idx, "model": model})
+        else:
+            return jsonify({"status": "invalid index", "index": idx}), 400
+    except Exception as e:
+        print("❌ Delete row error:", e)
+        return jsonify({"error": str(e)}), 500
+
+
+# -------------------------------
+# MODEL-WISE LOG STATUS
+# -------------------------------
+@logs_bp.route("/status", methods=["GET"])
+def log_status():
+    try:
+        model = request.args.get("model", get_active_model())
+        counts = get_model_stats(model)
+        total = sum(counts.values())
+
+        return jsonify({
+            "model": model,
+            "total_events": total,
+            "by_class": counts
+        })
+    except Exception as e:
+        print("❌ Log status error:", e)
+        return jsonify({"error": str(e)}), 500
+

backend/routes/manual_predict_route.py

@@ -0,0 +1,384 @@
+from flask import Blueprint, request, jsonify
+from utils.model_selector import get_active_model, load_model
+import numpy as np
+import traceback
+import math
+import json
+
+manual_predict = Blueprint("manual_predict", __name__)
+
+
+def _reliability_score_from_count(count):
+    # simple monotonic score: log-scale so diminishing returns for many samples
+    # returns 0-100
+    if count is None:
+        return None
+    try:
+        c = float(count)
+        score = 20 + min(75, math.log10(c + 1) * 18)  # tuned curve
+        return round(min(100, score), 1)
+    except Exception:
+        return None
+
+
+@manual_predict.route("/predict_manual", methods=["POST"])
+def predict_manual():
+    data = request.get_json(force=True, silent=True) or {}
+
+    model_name = data.get("model")
+    values = data.get("values")   # expecting a LIST (array)
+    if not model_name or not isinstance(values, list):
+        return jsonify({
+            "error": "Expect JSON: { model: 'cicids'|'bcc', values: [v1, v2, ...] }"
+        }), 400
+
+    bundle = load_model(model_name)
+    model = bundle.get("model")
+    artifacts = bundle.get("artifacts") or {}
+
+    if model is None:
+        return jsonify({"error": "Model not loaded"}), 500
+
+    try:
+        # Common metadata
+        model_info = {
+            "model_name": model_name,
+            "features": artifacts.get("features") or artifacts.get("feature_list") or bundle.get("features") or None,
+            "classes": None,
+            "train_counts": artifacts.get("train_counts") or artifacts.get("class_counts") or None,
+            "scaler_present": bool(artifacts.get("scaler")) or bool(bundle.get("scaler")),
+        }
+
+        # helper to decode label_map / encoder (checks artifacts first, then bundle)
+        def decode_label(raw):
+            try:
+                # artifacts label_map (mapping value->name)
+                if artifacts.get("label_map"):
+                    inv = {v: k for k, v in artifacts["label_map"].items()}
+                    return inv.get(int(raw), str(raw))
+
+                # artifacts label_encoder
+                if artifacts.get("label_encoder"):
+                    return artifacts["label_encoder"].inverse_transform([int(raw)])[0]
+
+                # bundle-level encoder (e.g. realtime_encoder.pkl loaded in bundle)
+                if bundle.get("encoder"):
+                    return bundle["encoder"].inverse_transform([int(raw)])[0]
+            except Exception as e:
+                # decoding failed; log and fallback to str
+                print("[decode_label] ERROR:", e)
+            # fallback: if raw already a string return it, else stringified raw
+            return str(raw)
+
+        # CICIDS (13 features expected)
+        if model_name == "cicids":
+            feature_list = model_info["features"]
+            if not feature_list:
+                return jsonify({"error": "CICIDS artifacts missing 'features' list"}), 500
+
+            if len(values) != len(feature_list):
+                return jsonify({
+                    "error": f"CICIDS needs {len(feature_list)} features, received {len(values)}"
+                }), 400
+
+            X = np.array([[float(x) for x in values]], dtype=float)
+
+            # apply scaler if present in artifacts or bundle
+            scaler = artifacts.get("scaler") or bundle.get("scaler")
+            scaled_row = None
+            try:
+                if scaler is not None:
+                    scaled = scaler.transform(X)
+                    scaled_row = np.array(scaled).tolist()
+                    Xs = scaled
+                else:
+                    Xs = X
+            except Exception as e:
+                # fallback to raw X if scaler fails
+                print("[predict_manual][CICIDS] scaler error:", e)
+                Xs = X
+
+            # predict
+            pred_raw = model.predict(Xs)[0]
+            pred_label = decode_label(pred_raw)
+
+            # probabilities
+            proba_max = None
+            probs = None
+            try:
+                if hasattr(model, "predict_proba"):
+                    p = model.predict_proba(Xs)[0]
+                    probs = [float(x) for x in p]
+                    proba_max = float(max(p))
+            except Exception:
+                pass
+
+            # fill model_info.classes if possible (prefer encoder classes)
+            try:
+                if artifacts.get("label_encoder"):
+                    model_info["classes"] = list(artifacts["label_encoder"].classes_)
+                elif bundle.get("encoder"):
+                    model_info["classes"] = list(bundle["encoder"].classes_)
+                elif hasattr(model, "classes_"):
+                    model_info["classes"] = [str(c) for c in model.classes_]
+            except Exception:
+                pass
+
+            # compute reliability
+            train_counts = model_info.get("train_counts")
+            reliability = None
+            if train_counts and isinstance(train_counts, dict):
+                # try to get count for the predicted label (string keys)
+                reliability = _reliability_score_from_count(
+                    train_counts.get(str(pred_label)) or train_counts.get(pred_raw)
+                )
+            elif train_counts and isinstance(train_counts, list):
+                reliability = _reliability_score_from_count(sum(train_counts) / len(train_counts))
+            else:
+                reliability = None
+
+            resp = {
+                "prediction": pred_label,
+                "pred_raw": str(pred_raw),
+                "confidence": proba_max,
+                "proba_max": proba_max,
+                "probs": probs,
+                "raw_row": X.tolist()[0],
+                "scaled_row": scaled_row,
+                "model_info": model_info,
+                "reliability": reliability
+            }
+            return jsonify(resp)
+
+        # BCC (15 features expected)
+        elif model_name == "bcc":
+            EXPECTED = 15
+            if len(values) != EXPECTED:
+                return jsonify({
+                    "error": f"BCC needs {EXPECTED} features, received {len(values)}"
+                }), 400
+
+            X = np.array([[float(x) for x in values]], dtype=float)
+
+            scaler = bundle.get("scaler") or artifacts.get("scaler")
+            scaled_row = None
+            try:
+                if scaler is not None:
+                    scaled = scaler.transform(X)
+                    scaled_row = np.array(scaled).tolist()
+                    Xs = scaled
+                else:
+                    Xs = X
+            except Exception as e:
+                print("[predict_manual][BCC] scaler error:", e)
+                Xs = X
+
+            pred_raw = model.predict(Xs)[0]
+            pred_label = decode_label(pred_raw)
+
+            proba_max = None
+            probs = None
+            try:
+                if hasattr(model, "predict_proba"):
+                    p = model.predict_proba(Xs)[0]
+                    probs = [float(x) for x in p]
+                    proba_max = float(max(p))
+            except Exception:
+                pass
+
+            # model_info classes: prefer encoder classes if present
+            try:
+                encoder = bundle.get("encoder") or artifacts.get("label_encoder")
+                if encoder is not None:
+                    model_info["classes"] = list(encoder.classes_)
+                elif hasattr(model, "classes_"):
+                    # fallback - often these are numeric indices
+                    model_info["classes"] = [str(c) for c in model.classes_]
+            except Exception:
+                pass
+
+            train_counts = model_info.get("train_counts")
+            reliability = None
+            if train_counts and isinstance(train_counts, dict):
+                reliability = _reliability_score_from_count(
+                    train_counts.get(str(pred_label)) or train_counts.get(pred_raw)
+                )
+            elif train_counts:
+                reliability = _reliability_score_from_count(sum(train_counts) / len(train_counts))
+
+            resp = {
+                "prediction": pred_label,
+                "pred_raw": str(pred_raw),
+                "confidence": proba_max,
+                "proba_max": proba_max,
+                "probs": probs,
+                "raw_row": X.tolist()[0],
+                "scaled_row": scaled_row,
+                "model_info": model_info,
+                "reliability": reliability
+            }
+            return jsonify(resp)
+
+        else:
+            return jsonify({"error": "unsupported model"}), 400
+
+    except Exception as e:
+        print("[predict_manual] Exception:", e)
+        return jsonify({"error": str(e)}), 500
+
+
+@manual_predict.route("/predict_debug", methods=["POST"])
+def predict_debug():
+    """
+    Debug endpoint: returns raw ordered vector, scaled vector (if scaler),
+    model classes, prediction, predict_proba (if available), and artifacts info.
+    Use this to compare what you *intend* to send vs what model receives.
+    """
+    try:
+        data = request.get_json(force=True, silent=True) or {}
+        model_name = data.get("model")
+        feats = data.get("features")
+        if not model_name or not isinstance(feats, dict):
+            return jsonify({"error": "Provide JSON {model: 'cicids'|'bcc', features: {...}}"}), 400
+
+        bundle = load_model(model_name)
+        model = bundle.get("model")
+        artifacts = bundle.get("artifacts") or {}
+
+        if model is None:
+            return jsonify({"error": "Model not loaded"}), 500
+
+        debug = {"model_name": model_name}
+
+        if model_name == "cicids":
+            feature_list = artifacts.get("features")
+            debug["artifact_features"] = feature_list
+            # Build ordered row (float)
+            row = [float(feats.get(f, 0.0)) for f in (feature_list or [])]
+            debug["raw_row"] = row
+
+            X = np.array([row], dtype=float)
+
+            scaler = artifacts.get("scaler") or bundle.get("scaler")
+            if scaler is not None:
+                try:
+                    Xs = scaler.transform(X)
+                    debug["scaled_row"] = np.array(Xs).tolist()
+                except Exception as e:
+                    debug["scaler_error"] = str(e)
+                    Xs = X
+            else:
+                Xs = X
+                debug["scaled_row"] = None
+
+            # predict
+            try:
+                pred_raw = model.predict(Xs)[0]
+                debug["pred_raw"] = repr(pred_raw)
+                # classes
+                try:
+                    debug["model_classes"] = [str(c) for c in getattr(model, "classes_", [])]
+                except Exception:
+                    debug["model_classes"] = None
+                # proba
+                if hasattr(model, "predict_proba"):
+                    try:
+                        probs = model.predict_proba(Xs)[0].tolist()
+                        debug["probs"] = probs
+                        debug["proba_max"] = max(probs)
+                    except Exception as e:
+                        debug["proba_error"] = str(e)
+                # decode label
+                label = str(pred_raw)
+                try:
+                    if artifacts.get("label_map"):
+                        inv = {v: k for k, v in artifacts["label_map"].items()}
+                        label = inv.get(int(pred_raw), str(pred_raw))
+                    elif artifacts.get("label_encoder"):
+                        label = artifacts["label_encoder"].inverse_transform([int(pred_raw)])[0]
+                    elif bundle.get("encoder"):
+                        label = bundle["encoder"].inverse_transform([int(pred_raw)])[0]
+                except Exception as e:
+                    debug["label_decode_error"] = str(e)
+
+                debug["label"] = label
+            except Exception as e:
+                debug["predict_error"] = str(e)
+                debug["predict_tb"] = traceback.format_exc()
+
+            return jsonify(debug)
+
+        elif model_name == "bcc":
+            # BCC: we will attempt to build 15-element row from expected keys or values
+            BCC_FEATURES = [
+                "proto", "src_port", "dst_port", "flow_duration", "total_fwd_pkts",
+                "total_bwd_pkts", "flags_numeric", "payload_len", "header_len",
+                "rate", "iat", "syn", "ack", "rst", "fin"
+            ]
+            debug["expected_bcc_features"] = BCC_FEATURES
+            if all(k in feats for k in BCC_FEATURES):
+                row = [float(feats.get(k, 0.0)) for k in BCC_FEATURES]
+            else:
+                vals = list(feats.values())
+                vals = [float(v) if (v is not None and str(v).strip() != "") else 0.0 for v in vals]
+                if len(vals) < 15:
+                    vals = vals + [0.0] * (15 - len(vals))
+                row = vals[:15]
+            debug["raw_row"] = row
+            X = np.array([row], dtype=float)
+
+            # try scaler from bundle or artifacts
+            scaler = bundle.get("scaler") or artifacts.get("scaler")
+            if scaler is not None:
+                try:
+                    Xs = scaler.transform(X)
+                    debug["scaled_row"] = np.array(Xs).tolist()
+                except Exception as e:
+                    debug["scaler_error"] = str(e)
+                    Xs = X
+            else:
+                Xs = X
+                debug["scaled_row"] = None
+
+            try:
+                pred_raw = model.predict(Xs)[0]
+                debug["pred_raw"] = repr(pred_raw)
+                # model raw classes (may be numeric)
+                debug["model_classes"] = [str(c) for c in getattr(model, "classes_", [])]
+                if hasattr(model, "predict_proba"):
+                    try:
+                        probs = model.predict_proba(Xs)[0].tolist()
+                        debug["probs"] = probs
+                        debug["proba_max"] = max(probs)
+                    except Exception as e:
+                        debug["proba_error"] = str(e)
+                # decode using encoder if present (bundle or artifacts)
+                label = str(pred_raw)
+                try:
+                    encoder = bundle.get("encoder") or artifacts.get("label_encoder")
+                    if encoder:
+                        label = encoder.inverse_transform([int(pred_raw)])[0]
+                except Exception as e:
+                    debug["label_decode_error"] = str(e)
+                debug["label"] = label
+            except Exception as e:
+                debug["predict_error"] = str(e)
+                debug["predict_tb"] = traceback.format_exc()
+
+            return jsonify(debug)
+
+        else:
+            return jsonify({"error": "unsupported model"}), 400
+
+    except Exception as e:
+        return jsonify({"error": str(e), "tb": traceback.format_exc()}), 500
+
+
+@manual_predict.route("/retrain_request", methods=["POST"])
+def retrain_request():
+    data = request.get_json() or {}
+    # Save retrain request to a file for later processing
+    with open("retrain_requests.jsonl", "a") as f:
+        f.write(json.dumps(data) + "\n")
+
+    return jsonify({"status": "saved", "msg": "Retrain request recorded"})

backend/routes/ml_route.py

@@ -0,0 +1,297 @@
+# ==========================================================
+# backend/routes/ml_route.py
+# Adaptive AI Framework - ML Route for NIDS Intelligence
+# ==========================================================
+
+from flask import Blueprint, request, jsonify
+import threading
+import time
+import os
+import joblib
+import random
+from datetime import datetime
+from flask_cors import cross_origin
+import numpy as np
+
+ml_bp = Blueprint("ml_bp", __name__)
+
+ML_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "ml_models"))
+
+# In-memory global stores
+MODELS = {}
+RETRAIN_STATUS = {"running": False, "progress": 0, "message": "", "last_result": None}
+METRICS_CACHE = {}
+
+# Your NIDS feature list (15)
+FEATURE_NAMES = [
+    "protocol", "src_port", "dst_port", "duration", "packets_count",
+    "fwd_packets_count", "bwd_packets_count", "total_payload_bytes",
+    "total_header_bytes", "bytes_rate", "packets_rate",
+    "syn_flag_counts", "ack_flag_counts", "rst_flag_counts", "fin_flag_counts"
+]
+
+# ==========================================================
+# 🧠 Model Management
+# ==========================================================
+
+def try_load_models():
+    """Load models from disk (if available)."""
+    global MODELS
+    MODELS = {}
+    try:
+        files = os.listdir(ML_DIR)
+    except Exception:
+        files = []
+
+    for fname in files:
+        if fname.endswith(".pkl"):
+            name = os.path.splitext(fname)[0]
+            try:
+                m = joblib.load(os.path.join(ML_DIR, fname))
+                MODELS[name] = {"obj": m, "name": name, "path": os.path.join(ML_DIR, fname)}
+            except Exception as e:
+                MODELS[name] = {"obj": None, "name": name, "path": os.path.join(ML_DIR, fname), "load_error": str(e)}
+
+try_load_models()
+
+def model_summary(name, entry):
+    obj = entry.get("obj")
+    info = {
+        "id": name,
+        "name": name,
+        "type": type(obj).__name__ if obj is not None else "Unknown",
+        "accuracy": None,
+        "f1_score": None,
+        "dataset": "unknown",
+        "status": "Active" if obj is not None else "Unavailable",
+        "last_trained": None,
+    }
+    meta = getattr(obj, "metadata", None)
+    if isinstance(meta, dict):
+        info.update({
+            "accuracy": meta.get("accuracy"),
+            "f1_score": meta.get("f1_score"),
+            "dataset": meta.get("dataset"),
+            "last_trained": meta.get("last_trained"),
+        })
+    return info
+
+# ==========================================================
+# 📦 ROUTES
+# ==========================================================
+
+@ml_bp.route("/ml/models", methods=["GET"])
+def list_models():
+    """Return all available models."""
+    try_load_models()
+    out = [model_summary(name, entry) for name, entry in MODELS.items()]
+
+    if not out:
+        out = [{
+            "id": "placeholder_model",
+            "name": "Placeholder Detector",
+            "type": "Simulated",
+            "accuracy": 92.1,
+            "f1_score": 0.90,
+            "dataset": "Simulated-NIDS",
+            "status": "Active",
+            "last_trained": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+        }]
+    return jsonify(out)
+
+
+@ml_bp.route("/ml/metrics", methods=["GET"])
+def get_metrics():
+    """Return metrics like accuracy history & class distribution."""
+    if METRICS_CACHE:
+        return jsonify(METRICS_CACHE)
+
+    accuracy_history = [
+        {"epoch": i + 1, "accuracy": round(0.8 + i * 0.04 + random.random() * 0.01, 3)}
+        for i in range(10)
+    ]
+    class_distribution = {
+        "Normal": 1500,
+        "DDoS": 420,
+        "PortScan": 260,
+        "Botnet": 140,
+        "VPN": 120,
+        "TOR": 90
+    }
+    METRICS_CACHE.update({
+        "accuracy_history": accuracy_history,
+        "class_distribution": class_distribution
+    })
+    return jsonify(METRICS_CACHE)
+
+# ==========================================================
+# 🔮 PREDICTION ENDPOINT
+# ==========================================================
+
+def safe_predict_with_model(model_entry, features):
+    """Try to predict with a loaded model."""
+    obj = model_entry.get("obj")
+    if obj is None:
+        return None
+    try:
+        if isinstance(features, dict):
+            features_list = [features.get(k, 0) for k in FEATURE_NAMES]
+        else:
+            features_list = features
+        X = [features_list]
+
+        if hasattr(obj, "predict_proba"):
+            probs = obj.predict_proba(X)[0]
+            pred_idx = int(np.argmax(probs))
+            pred_label = obj.classes_[pred_idx] if hasattr(obj, "classes_") else str(pred_idx)
+            return {"prediction": str(pred_label), "confidence": float(round(probs[pred_idx], 4))}
+        else:
+            pred = obj.predict(X)[0]
+            return {"prediction": str(pred), "confidence": 1.0}
+    except Exception:
+        return None
+
+
+@ml_bp.route("/ml/predict-test", methods=["POST"])
+def predict_test():
+    """Accept feature dict and return prediction result."""
+    data = request.get_json() or {}
+    features = data.get("features") or data.get("sample")
+    model_name = data.get("model")
+
+    try:
+        if not features:
+            return jsonify({"error": "No features provided"}), 400
+
+        try_load_models()
+        chosen = None
+        if model_name and model_name in MODELS:
+            chosen = MODELS[model_name]
+        else:
+            for k, e in MODELS.items():
+                if e.get("obj") is not None:
+                    chosen = e
+                    break
+
+        if chosen:
+            res = safe_predict_with_model(chosen, features)
+            if res:
+                res.update({"model_used": chosen.get("name")})
+                return jsonify(res)
+
+        # Fallback simulated prediction
+        classes = ["Normal", "DDoS", "PortScan", "Botnet", "VPN", "TOR"]
+        pred = random.choice(classes)
+        confidence = round(random.uniform(0.7, 0.99), 3)
+        return jsonify({
+            "prediction": pred,
+            "confidence": confidence,
+            "model_used": "SimulatedDetector",
+            "used_features": FEATURE_NAMES
+        })
+
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500
+
+# ==========================================================
+# ⚙️ RETRAIN SIMULATION
+# ==========================================================
+
+def _retrain_job(model_id=None, epochs=6):
+    RETRAIN_STATUS["running"] = True
+    RETRAIN_STATUS["progress"] = 0
+    RETRAIN_STATUS["message"] = "Starting retrain..."
+    best_acc = 0.0
+    try:
+        for e in range(1, epochs + 1):
+            RETRAIN_STATUS["message"] = f"Epoch {e}/{epochs}..."
+            for p in range(5):
+                time.sleep(0.45)
+                RETRAIN_STATUS["progress"] = int(((e - 1) * 100 / epochs) + (p + 1) * (100 / (epochs * 5)))
+            best_acc = round(0.85 + (e * 0.02) + random.random() * 0.01, 4)
+            RETRAIN_STATUS["message"] = f"Epoch {e} finished. acc: {best_acc}"
+        RETRAIN_STATUS["message"] = "Finalizing..."
+        time.sleep(0.6)
+        RETRAIN_STATUS["last_result"] = {
+            "accuracy": best_acc,
+            "timestamp": datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        }
+        METRICS_CACHE.setdefault("accuracy_history", []).append({
+            "epoch": len(METRICS_CACHE.get("accuracy_history", [])) + 1,
+            "accuracy": best_acc
+        })
+    except Exception as e:
+        RETRAIN_STATUS["message"] = f"Error: {e}"
+    finally:
+        RETRAIN_STATUS["running"] = False
+        RETRAIN_STATUS["progress"] = 100
+
+
+@ml_bp.route("/ml/retrain", methods=["POST"])
+def retrain():
+    """Start retraining in background thread."""
+    if RETRAIN_STATUS.get("running"):
+        return jsonify({"error": "Retrain already in progress"}), 409
+    payload = request.get_json() or {}
+    model_id = payload.get("model")
+    epochs = int(payload.get("epochs", 6))
+    t = threading.Thread(target=_retrain_job, args=(model_id, epochs), daemon=True)
+    t.start()
+    return jsonify({"message": "Retrain started", "epochs": epochs})
+
+
+@ml_bp.route("/ml/retrain/status", methods=["GET"])
+def retrain_status():
+    """Get retrain progress."""
+    return jsonify(RETRAIN_STATUS)
+
+# ==========================================================
+# 🧩 FEATURE IMPORTANCE
+# ==========================================================
+
+@ml_bp.route("/feature-importance/<model_id>", methods=["GET"])
+@cross_origin()
+def feature_importance(model_id):
+    """Return actual or simulated feature importances."""
+    try:
+        try_load_models()
+        entry = MODELS.get(model_id)
+        mdl = entry.get("obj") if entry else None
+
+        fi = []
+        if mdl is not None and hasattr(mdl, "feature_importances_"):
+            arr = np.array(getattr(mdl, "feature_importances_")).flatten()
+            arr = arr[:len(FEATURE_NAMES)]
+            for i, v in enumerate(arr):
+                fi.append({"feature": FEATURE_NAMES[i], "importance": float(v)})
+        elif mdl is not None and hasattr(mdl, "coef_"):
+            arr = np.abs(np.array(getattr(mdl, "coef_")).flatten())
+            arr = arr[:len(FEATURE_NAMES)]
+            total = float(np.sum(arr)) or 1.0
+            for i, v in enumerate(arr):
+                fi.append({"feature": FEATURE_NAMES[i], "importance": float(v / total * 100.0)})
+        else:
+            simulated = {
+                "protocol": 8.2,
+                "src_port": 7.1,
+                "dst_port": 6.4,
+                "duration": 10.5,
+                "packets_count": 7.8,
+                "fwd_packets_count": 6.9,
+                "bwd_packets_count": 6.5,
+                "total_payload_bytes": 9.8,
+                "total_header_bytes": 8.6,
+                "bytes_rate": 9.9,
+                "packets_rate": 9.1,
+                "syn_flag_counts": 5.3,
+                "ack_flag_counts": 4.9,
+                "rst_flag_counts": 3.8,
+                "fin_flag_counts": 3.2
+            }
+            fi = [{"feature": f, "importance": float(v)} for f, v in simulated.items()]
+
+        return jsonify({"model_id": model_id, "feature_importance": fi})
+
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500
+

backend/routes/ml_switch_route.py

@@ -0,0 +1,105 @@
+# backend/routes/ml_switch_route.py
+from flask import Blueprint, request, jsonify
+from utils.model_selector import set_active_model, get_active_model, load_model
+
+ml_switch = Blueprint("ml_switch", __name__)
+
+@ml_switch.route("/active", methods=["GET"])
+def active():
+    return jsonify({"active_model": get_active_model()})
+
+@ml_switch.route("/select", methods=["POST"])
+def select():
+    data = request.get_json(force=True, silent=True) or {}
+    model = data.get("model")
+    if model not in ("bcc", "cicids"):
+        return jsonify({"error": "model must be 'bcc' or 'cicids'"}), 400
+    try:
+        set_active_model(model)
+        # attempt load to give quick feedback
+        info = load_model(model)
+        return jsonify({"message": f"Active model set to {model}", "loaded": bool(info)})
+
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500
+    
+
+@ml_switch.route("/health", methods=["GET"])
+def health():
+    import numpy as np
+    import pandas as pd
+
+    active = get_active_model()
+    bundle = load_model(active)
+
+    model = bundle.get("model")
+    artifacts = bundle.get("artifacts")
+
+    # Default responses
+    artifact_keys = list(artifacts.keys()) if artifacts else []
+    features = None
+    feature_count = 0
+    test_prediction = "N/A"
+
+    # ------------------------------------------
+    # CICIDS HEALTH CHECK
+    # ------------------------------------------
+    if active == "cicids":
+        if artifacts and "features" in artifacts:
+            features = artifacts["features"]
+            feature_count = len(features)
+
+        try:
+            # generate a zero vector
+            X = np.zeros((1, feature_count))
+            scaler = artifacts.get("scaler")
+            if scaler:
+                X = scaler.transform(X)
+
+            pred = model.predict(X)[0]
+            test_prediction = str(pred)
+
+        except Exception as e:
+            test_prediction = f"Error: {str(e)}"
+
+    # ------------------------------------------
+    # BCC HEALTH CHECK
+    # ------------------------------------------
+    elif active == "bcc":
+        try:
+            # Create minimal fake BCC packet feature vector: 15 values
+            X = np.zeros((1, 15))
+
+            scaler = bundle.get("scaler")
+            encoder = bundle.get("encoder")
+
+            if scaler:
+                Xs = scaler.transform(X)
+            else:
+                Xs = X
+
+            pred_raw = model.predict(Xs)[0]
+
+            if encoder:
+                pred = encoder.inverse_transform([int(pred_raw)])[0]
+            else:
+                pred = str(pred_raw)
+
+            test_prediction = f"OK: {pred}"
+
+        except Exception as e:
+            test_prediction = f"Error: {str(e)}"
+
+    # ------------------------------------------
+    # Build response
+    # ------------------------------------------
+    return {
+        "active_model": active,
+        "model_loaded": model is not None,
+        "artifact_keys": artifact_keys,
+        "feature_count": feature_count,
+        "features": features,
+        "test_prediction": test_prediction
+    }
+
+

backend/routes/offline_detection.py

@@ -0,0 +1,139 @@
+import os
+import pandas as pd
+from flask import Blueprint, request, jsonify, send_file
+from werkzeug.utils import secure_filename
+from datetime import datetime
+import joblib
+from fpdf import FPDF
+from utils.pcap_to_csv import convert_pcap_to_csv
+
+offline_bp = Blueprint("offline_bp", __name__)
+
+UPLOAD_DIR = "uploads"
+SAMPLE_DIR = "sample"
+os.makedirs(UPLOAD_DIR, exist_ok=True)
+os.makedirs(SAMPLE_DIR, exist_ok=True)
+
+ALLOWED_EXT = {"csv", "pcap"}
+
+# Features
+BCC_FEATURES = [
+    "proto","src_port","dst_port","flow_duration","total_fwd_pkts","total_bwd_pkts",
+    "flags_numeric","payload_len","header_len","rate","iat","syn","ack","rst","fin"
+]
+
+CICIDS_FEATURES = [
+    "Protocol","Dst Port","Flow Duration","Tot Fwd Pkts","Tot Bwd Pkts",
+    "TotLen Fwd Pkts","TotLen Bwd Pkts","Fwd Pkt Len Mean","Bwd Pkt Len Mean",
+    "Flow IAT Mean","Fwd PSH Flags","Fwd URG Flags","Fwd IAT Mean"
+]
+
+# Models
+bcc_model = joblib.load("ml_models/realtime_model.pkl")
+bcc_encoder = joblib.load("ml_models/realtime_encoder.pkl")
+bcc_scaler = joblib.load("ml_models/realtime_scaler.pkl")
+
+cicids_model = joblib.load("ml_models/rf_pipeline.joblib")
+
+
+def allowed(filename):
+    return "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_EXT
+
+
+# 📌 Sample CSV Download
+@offline_bp.route("/sample/<model>", methods=["GET"])
+def download_sample(model):
+    file_path = None
+    if model == "bcc":
+        file_path = os.path.join(SAMPLE_DIR, "bcc_sample.csv")
+    elif model == "cicids":
+        file_path = os.path.join(SAMPLE_DIR, "cicids_sample.csv")
+    else:
+        return jsonify(success=False, message="Invalid model"), 400
+
+    if not os.path.exists(file_path):
+        return jsonify(success=False, message="Sample file missing"), 404
+
+    return send_file(file_path, as_attachment=True)
+
+
+# 📌 Prediction API
+@offline_bp.route("/predict", methods=["POST"])
+def offline_predict():
+    if "file" not in request.files:
+        return jsonify(success=False, message="No file uploaded"), 400
+
+    file = request.files["file"]
+    model_type = request.form.get("model", "bcc")
+
+    if not allowed(file.filename):
+        return jsonify(success=False, message="Unsupported file type"), 400
+
+    filename = secure_filename(file.filename)
+    saved_path = os.path.join(UPLOAD_DIR, filename)
+    file.save(saved_path)
+
+    # PCAP Conversion
+    if filename.lower().endswith(".pcap"):
+        saved_path = convert_pcap_to_csv(saved_path)
+    
+
+    df = pd.read_csv(saved_path)
+    # Prevent empty CSV prediction
+    if df.shape[0] == 0:
+        return jsonify(success=False, message="CSV has no data rows to analyze!"), 400
+    
+    expected = BCC_FEATURES if model_type == "bcc" else CICIDS_FEATURES
+
+    missing = [c for c in expected if c not in df.columns]
+    if missing:
+        return jsonify(success=False, message=f"Missing features: {missing}")
+
+    df = df[expected]
+
+    if model_type == "bcc":
+        scaled = bcc_scaler.transform(df)
+        preds = bcc_model.predict(scaled)
+        labels = bcc_encoder.inverse_transform(preds)
+    else:
+        labels = cicids_model.predict(df)
+
+    df["prediction"] = labels
+    class_counts = df["prediction"].value_counts().to_dict()
+
+    results = [{"index": i, "class": lbl} for i, lbl in enumerate(labels)]
+
+    result_file = os.path.join(UPLOAD_DIR, "last_results.csv")
+    df.to_csv(result_file, index=False)
+
+    return jsonify(success=True, classCounts=class_counts, results=results)
+
+
+# 📌 PDF Report Generation
+@offline_bp.route("/report", methods=["GET"])
+def offline_report():
+    result_file = os.path.join(UPLOAD_DIR, "last_results.csv")
+    if not os.path.exists(result_file):
+        return jsonify(success=False, message="Run prediction first"), 400
+
+    df = pd.read_csv(result_file)
+    class_counts = df["prediction"].value_counts().to_dict()
+
+    pdf_path = os.path.join(UPLOAD_DIR, "offline_report.pdf")
+
+    pdf = FPDF()
+    pdf.add_page()
+    pdf.set_font("Arial", "B", 16)
+    pdf.cell(0, 10, "AI-NIDS Offline Threat Analysis Report", ln=True)
+
+    pdf.set_font("Arial", size=12)
+    pdf.cell(0, 10, f"Generated: {datetime.now()}", ln=True)
+    pdf.ln(5)
+
+    for c, v in class_counts.items():
+        pdf.cell(0, 8, f"{c}: {v}", ln=True)
+
+    pdf.output(pdf_path)
+    return send_file(pdf_path, as_attachment=True)
+
+

backend/routes/predict_route.py

@@ -0,0 +1,132 @@
+# backend/routes/predict_route.py
+from flask import Blueprint, request, jsonify
+import time
+import numpy as np
+import pandas as pd
+from utils.model_selector import load_model, get_active_model
+from utils.logger import classify_risk
+
+predict_bp = Blueprint("predict", __name__)
+
+@predict_bp.route("/", methods=["GET"])
+def info():
+    active = get_active_model()
+    return jsonify({
+        "message": "POST JSON to /api/predict/ to get model prediction.",
+        "active_model": active,
+        "note": "For 'bcc' model send ordered features or dict; for 'cicids' send named features matching artifacts['features']."
+    })
+
+@predict_bp.route("/", methods=["POST"])
+def predict():
+    active = get_active_model()
+    mdl = load_model(active)
+
+    if active == "bcc":
+        model = mdl.get("model")
+        scaler = mdl.get("scaler")
+        encoder = mdl.get("encoder")
+
+        if model is None or scaler is None or encoder is None:
+            return jsonify({"error": "BCC model/scaler/encoder not loaded on server."}), 500
+
+        data = request.get_json(force=True, silent=True)
+        if data is None:
+            return jsonify({"error": "No JSON body provided"}), 400
+
+        # Accept either list/array or dict of features
+        # You must keep the same feature order as used in training (15 values)
+        if isinstance(data, dict):
+            # if the client provides named keys, try to coerce to ordered list
+            # fallback: take values in insertion order
+            vals = list(data.values())
+        else:
+            vals = list(data)
+
+        try:
+            X = np.array([float(v) for v in vals], dtype=float).reshape(1, -1)
+        except Exception as e:
+            return jsonify({"error": f"Failed to coerce input to numeric vector: {e}"}), 400
+
+        try:
+            Xs = scaler.transform(X)
+        except Exception:
+            # fallback: try prediction without scaler
+            Xs = X
+
+        try:
+            pred_idx = model.predict(Xs)[0]
+            conf = None
+            if hasattr(model, "predict_proba"):
+                conf = float(np.max(model.predict_proba(Xs))) * 100.0
+            label = encoder.inverse_transform([int(pred_idx)])[0]
+            risk = classify_risk(label)
+            return jsonify({
+                "prediction": str(label),
+                "confidence": round(conf, 2) if conf is not None else None,
+                "risk_level": risk
+            })
+        except Exception as e:
+            return jsonify({"error": f"Model predict failed: {str(e)}"}), 500
+
+    elif active == "cicids":
+        obj = mdl.get("artifacts", None)
+        model = mdl.get("model", None)
+        if model is None or obj is None:
+            return jsonify({"error": "CICIDS model or artifacts not available on server."}), 500
+
+        # artifacts expected to have 'features' and 'scaler'
+        features = obj.get("features") or obj.get("features_used") or obj.get("feature_list")
+        scaler = obj.get("scaler") or obj.get("scaler_object")
+
+        if not features or scaler is None:
+            return jsonify({"error": "CICIDS artifacts missing features or scaler."}), 500
+
+        data = request.get_json(force=True, silent=True)
+        if data is None:
+            return jsonify({"error": "No JSON body provided"}), 400
+
+        # Accept dict of named features or list
+        if isinstance(data, dict):
+            # build row using artifacts feature order (missing -> 0)
+            row = [float(data.get(f, 0)) for f in features]
+        else:
+            # list or array
+            try:
+                row = [float(x) for x in data]
+            except Exception as e:
+                return jsonify({"error": "Provided input must be array or dict of numbers."}), 400
+
+            if len(row) != len(features):
+                return jsonify({"error": f"Expecting {len(features)} features for cicids: {features}"}), 400
+
+        X_df = pd.DataFrame([row], columns=features)
+        try:
+            Xs = scaler.transform(X_df)
+        except Exception:
+            Xs = X_df.values
+
+        try:
+            pred = model.predict(Xs)[0]
+            conf = None
+            if hasattr(model, "predict_proba"):
+                conf = float(np.max(model.predict_proba(Xs))) * 100.0
+            # label may already be string; try safe conversion
+            try:
+                label = str(pred)
+            except Exception:
+                label = repr(pred)
+
+            risk = classify_risk(label)
+            return jsonify({
+                "prediction": label,
+                "confidence": round(conf, 2) if conf else None,
+                "risk_level": risk
+            })
+        except Exception as e:
+            return jsonify({"error": f"CICIDS predict failed: {str(e)}"}), 500
+
+    else:
+        return jsonify({"error": "Unknown active model"}), 500
+
+

backend/routes/reports_route.py

@@ -0,0 +1,172 @@
+# backend/routes/reports_route.py
+from flask import Blueprint, jsonify, request, send_file
+from fpdf import FPDF
+from io import BytesIO
+from datetime import datetime, timedelta
+from flask_mail import Message
+from extensions import mail
+import random
+
+reports_bp = Blueprint("reports_bp", __name__)
+
+# Fake (but structured) historical attack data
+CLASSES = ["DDoS", "VPN", "TOR", "I2P", "SQL Injection", "Malware"]
+
+def generate_fake_data(days=7):
+    today = datetime.now()
+    data = []
+    for i in range(days):
+        date = (today - timedelta(days=i)).strftime("%Y-%m-%d")
+        day_data = {cls: random.randint(20, 200) for cls in CLASSES}
+        day_data["date"] = date
+        data.append(day_data)
+    return list(reversed(data))
+
+ATTACK_DATA = generate_fake_data(14)
+
+# --------------------------------------------------------
+@reports_bp.route("/", methods=["GET"])
+def reports_overview():
+    total_attacks = sum(sum(v for k, v in day.items() if k != "date") for day in ATTACK_DATA)
+    recent = ATTACK_DATA[-1]
+    return jsonify({
+        "total_attacks": total_attacks,
+        "last_day": recent["date"],
+        "last_day_total": sum(v for k, v in recent.items() if k != "date"),
+    })
+
+# --------------------------------------------------------
+@reports_bp.route("/trend", methods=["GET"])
+def attack_trend():
+    trend = [{"date": d["date"], "attacks": sum(v for k, v in d.items() if k != "date")} for d in ATTACK_DATA]
+    return jsonify(trend)
+
+# --------------------------------------------------------
+@reports_bp.route("/distribution", methods=["GET"])
+def attack_distribution():
+    total = {cls: sum(day.get(cls, 0) for day in ATTACK_DATA) for cls in CLASSES}
+    return jsonify(total)
+
+# --------------------------------------------------------
+@reports_bp.route("/generate", methods=["GET"])
+def generate_report_pdf():
+    pdf = FPDF()
+    pdf.add_page()
+    pdf.set_font("Helvetica", "B", 16)
+    pdf.cell(0, 10, "Adaptive AI NIDS - Attack Report", ln=True, align="C")
+
+    pdf.set_font("Helvetica", "", 12)
+    pdf.ln(8)
+    pdf.cell(0, 10, f"Generated on {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}", ln=True)
+    pdf.ln(6)
+
+    pdf.set_font("Helvetica", "B", 13)
+    pdf.cell(0, 10, "Summary:", ln=True)
+    pdf.set_font("Helvetica", "", 11)
+    total = {cls: sum(day.get(cls, 0) for day in ATTACK_DATA) for cls in CLASSES}
+    for cls, val in total.items():
+        pdf.cell(0, 8, f" • {cls}: {val} attacks", ln=True)
+
+    pdf.ln(8)
+    pdf.set_font("Helvetica", "I", 10)
+    pdf.multi_cell(0, 8,
+        "This report summarizes attack activity captured by the Adaptive AI NIDS system. "
+        "It includes class-wise distribution and historical trend for the past two weeks.")
+
+    # Output to memory
+    buffer = BytesIO()
+    pdf.output(buffer)
+    buffer.seek(0)
+    filename = f"NIDS_Report_{datetime.now().strftime('%Y%m%d_%H%M%S')}.pdf"
+    return send_file(buffer, as_attachment=True, download_name=filename, mimetype="application/pdf")
+
+# --------------------------------------------------------
+@reports_bp.route("/email", methods=["POST"])
+def send_report_email():
+    data = request.get_json()
+    recipient = data.get("email")
+    if not recipient:
+        return jsonify({"error": "No recipient email provided"}), 400
+
+    # Generate detailed PDF
+    pdf_buffer = BytesIO()
+    pdf = FPDF()
+    pdf.add_page()
+    pdf.set_font("Helvetica", "B", 16)
+    pdf.cell(0, 10, "Adaptive AI NIDS - Full System Report", ln=True, align="C")
+    pdf.ln(8)
+    pdf.set_font("Helvetica", "", 12)
+    pdf.cell(0, 10, "Summary of recent network activity:", ln=True)
+    pdf.ln(5)
+
+    pdf.set_font("Helvetica", "B", 12)
+    pdf.cell(0, 8, "Attack Distribution:", ln=True)
+    total = {cls: sum(day.get(cls, 0) for day in ATTACK_DATA) for cls in CLASSES}
+    pdf.set_font("Helvetica", "", 11)
+    for cls, val in total.items():
+        pdf.cell(0, 8, f" - {cls}: {val} attacks", ln=True)
+
+    pdf.ln(6)
+    pdf.set_font("Helvetica", "B", 12)
+    pdf.cell(0, 8, "Recent Trend (last 7 days):", ln=True)
+    pdf.set_font("Helvetica", "", 11)
+    for d in ATTACK_DATA[-7:]:
+        pdf.cell(0, 8, f"{d['date']}: {sum(v for k, v in d.items() if k != 'date')} total", ln=True)
+
+    pdf.ln(10)
+    pdf.set_font("Helvetica", "I", 10)
+    pdf.multi_cell(0, 8, "This automated report is generated by Adaptive AI NIDS. "
+                         "It summarizes live detections, system diagnostics, and "
+                         "AI-identified attack classes.")
+
+    pdf.output(pdf_buffer)
+    pdf_buffer.seek(0)
+
+    try:
+        msg = Message(
+            subject="Adaptive AI NIDS - Full Report",
+            recipients=[recipient],
+            body="Attached is your Adaptive AI NIDS summary report with recent attack data.",
+        )
+        msg.attach("Adaptive_NIDS_Report.pdf", "application/pdf", pdf_buffer.read())
+        mail.send(msg)
+        return jsonify({"success": True, "message": f"Email sent to {recipient}"})
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500
+
+
+
+@reports_bp.route("/list", methods=["GET"])
+def list_reports():
+    reports = [
+        {
+            "id": 1,
+            "name": "System Health Summary",
+            "type": "System Health",
+            "size": "420 KB",
+            "date": datetime.now().strftime("%Y-%m-%d %H:%M"),
+            "endpoint": "/api/reports/generate"
+        },
+        {
+            "id": 2,
+            "name": "Network Attack Analysis",
+            "type": "Network Analysis",
+            "size": "1.2 MB",
+            "date": datetime.now().strftime("%Y-%m-%d %H:%M"),
+            "endpoint": "/api/reports/generate"
+        },
+        {
+            "id": 3,
+            "name": "Threat Intelligence Summary",
+            "type": "Threat Intelligence",
+            "size": "620 KB",
+            "date": datetime.now().strftime("%Y-%m-%d %H:%M"),
+            "endpoint": "/api/reports/generate"
+        },
+    ]
+    return jsonify(reports)
+
+
+
+
+

backend/routes/system_info.py

@@ -0,0 +1,211 @@
+from flask import Blueprint, jsonify
+import psutil
+import platform
+import socket
+from datetime import datetime
+import random
+import time
+import random
+import io
+from fpdf import FPDF
+from flask import send_file
+
+
+
+
+system_bp = Blueprint("system", __name__)
+
+@system_bp.route("/system/status", methods=["GET"])
+def system_status():
+    try:
+        hostname = socket.gethostname()
+        ip_address = socket.gethostbyname(hostname)
+        os_info = platform.platform()
+        cpu_name = platform.processor()
+
+        # --- Metrics ---
+        cpu_percent = psutil.cpu_percent(interval=0.5)
+        ram = psutil.virtual_memory()
+        disk = psutil.disk_usage('/')
+        net_io = psutil.net_io_counters()
+
+        # --- Temperature ---
+        try:
+            temps = psutil.sensors_temperatures()
+            cpu_temp = (
+                temps.get("coretemp")[0].current
+                if "coretemp" in temps
+                else random.uniform(45.0, 75.0)  # fallback
+            )
+        except Exception:
+            cpu_temp = random.uniform(45.0, 75.0)
+
+        # --- AI Health Score ---
+        # Weighted average (higher = better)
+        usage = (cpu_percent * 0.4 + ram.percent * 0.3 + disk.percent * 0.3)
+        health_score = max(0, 100 - usage)
+
+        data = {
+            "hostname": hostname,
+            "ip_address": ip_address,
+            "os": os_info,
+            "cpu_name": cpu_name,
+            "cpu_usage": round(cpu_percent, 2),
+            "ram_usage": round(ram.percent, 2),
+            "disk_usage": round(disk.percent, 2),
+            "ram_total": round(ram.total / (1024 ** 3), 2),
+            "disk_total": round(disk.total / (1024 ** 3), 2),
+            "network_sent": round(net_io.bytes_sent / (1024 ** 2), 2),
+            "network_recv": round(net_io.bytes_recv / (1024 ** 2), 2),
+            "cpu_temp": round(cpu_temp, 2),
+            "health_score": round(health_score, 2),
+            "timestamp": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+        }
+        return jsonify(data)
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500
+
+@system_bp.route("/system/diagnostic", methods=["GET"])
+def run_diagnostic():
+    """Simulate a full AI-powered system stability diagnostic."""
+    try:
+        # Simulated stress test (CPU, memory response)
+        cpu_load = random.uniform(60, 98)
+        ram_stress = random.uniform(50, 95)
+        disk_io = random.uniform(40, 90)
+        latency = random.uniform(15, 100)
+
+        # AI stability score (100 = perfect)
+        stability = 100 - ((cpu_load * 0.3) + (ram_stress * 0.3) + (disk_io * 0.2) + (latency * 0.2)) / 2
+        stability = round(max(0, min(100, stability)), 2)
+
+        # Fake attack summary data
+        attacks = {
+            "total_attacks": random.randint(1200, 4200),
+            "blocked": random.randint(1100, 4000),
+            "missed": random.randint(5, 20),
+            "recent_threats": [
+                {"type": "DDoS Flood", "risk": "High", "ip": "45.77.23.9"},
+                {"type": "SQL Injection", "risk": "Medium", "ip": "103.54.66.120"},
+                {"type": "VPN Evasion", "risk": "Low", "ip": "198.168.12.45"},
+            ],
+        }
+
+        diagnostic = {
+            "cpu_load": round(cpu_load, 2),
+            "ram_stress": round(ram_stress, 2),
+            "disk_io": round(disk_io, 2),
+            "latency": round(latency, 2),
+            "stability_score": stability,
+            "attacks": attacks,
+            "timestamp": time.strftime("%Y-%m-%d %H:%M:%S"),
+        }
+        return jsonify(diagnostic)
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500
+    
+    
+    
+@system_bp.route("/system/report", methods=["GET"])
+def generate_system_report():
+    """Generate a downloadable PDF system report."""
+    try:
+        # --- Simulated data or pull from live sources ---
+        system_status = {
+            "OS": "Windows 10 Pro",
+            "CPU": "Intel i5-12700H",
+            "Memory": "16 GB",
+            "Disk": "512 GB SSD",
+            "IP": "127.0.0.1",
+            "Health Score": "89%",
+            "Last Diagnostic": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+        }
+
+        # --- Create PDF report ---
+        pdf = FPDF()
+        pdf.add_page()
+        pdf.set_auto_page_break(auto=True, margin=15)
+
+        # Title
+        pdf.set_font("Helvetica", "B", 18)
+        pdf.cell(0, 10, "Adaptive AI NIDS - System Report", ln=True, align="C")
+        pdf.ln(10)
+
+        # Subtitle
+        pdf.set_font("Helvetica", "", 12)
+        pdf.cell(0, 10, f"Generated on: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}", ln=True)
+        pdf.ln(8)
+
+        # Section: System Status
+        pdf.set_font("Helvetica", "B", 14)
+        pdf.cell(0, 10, "System Information", ln=True)
+        pdf.set_font("Helvetica", "", 12)
+        pdf.ln(5)
+
+        for key, value in system_status.items():
+            pdf.cell(0, 8, f"{key}: {value}", ln=True)
+
+        pdf.ln(10)
+        pdf.set_font("Helvetica", "B", 14)
+        pdf.cell(0, 10, "Attack Summary (Last 24h)", ln=True)
+        pdf.set_font("Helvetica", "", 12)
+        pdf.ln(5)
+
+        pdf.cell(0, 8, "Total Attacks Detected: 3471", ln=True)
+        pdf.cell(0, 8, "High Risk: 512", ln=True)
+        pdf.cell(0, 8, "Medium Risk: 948", ln=True)
+        pdf.cell(0, 8, "Low Risk: 2011", ln=True)
+
+        pdf.ln(10)
+        pdf.set_font("Helvetica", "I", 10)
+        pdf.cell(0, 8, "This report is automatically generated by Adaptive AI NIDS.", ln=True, align="C")
+
+        # Save to memory
+        buffer = io.BytesIO()
+        pdf.output(buffer)
+        buffer.seek(0)
+
+        filename = f"System_Report_{datetime.now().strftime('%Y%m%d_%H%M%S')}.pdf"
+        return send_file(buffer, as_attachment=True, download_name=filename, mimetype="application/pdf")
+
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500
+    
+
+@system_bp.route("/system/processes")
+def system_processes():
+    try:
+        processes = []
+        for proc in psutil.process_iter(['name', 'cpu_percent', 'memory_percent', 'status']):
+            info = proc.info
+            processes.append({
+                "name": info.get("name", "Unknown"),
+                "cpu": round(info.get("cpu_percent", 0), 2),
+                "mem": round(info.get("memory_percent", 0), 2),
+                "status": info.get("status", "N/A"),
+            })
+        # ✅ Sort by CPU usage and keep top 6
+        top_processes = sorted(processes, key=lambda p: p["cpu"], reverse=True)[:6]
+        return jsonify(top_processes)
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500
+
+
+
+@system_bp.route("/system/connections")
+def system_connections():
+    try:
+        conns = []
+        for c in psutil.net_connections(kind='inet'):
+            if c.laddr:
+                conns.append({
+                    "ip": c.laddr.ip,
+                    "port": c.laddr.port,
+                    "proto": "TCP" if c.type == socket.SOCK_STREAM else "UDP",
+                    "state": c.status,
+                })
+        # ✅ Only top 6 most recent/active connections
+        top_conns = conns[:6]
+        return jsonify(top_conns)
+    except Exception as e:
+        return jsonify({"error": str(e)}), 500

backend/routes/traffic_routes.py

@@ -0,0 +1,49 @@
+# traffic_routes.py
+from flask import Blueprint, jsonify
+from utils.logger import get_recent_events, summarize_counts
+from flow_builder import build_flows
+
+traffic_bp = Blueprint("traffic_bp", __name__)
+
+@traffic_bp.route("traffic/flows")
+def flows():
+    """Return aggregated flows from recent network events."""
+    events = get_recent_events(2000)
+    flows = build_flows(events)
+    return jsonify({"flows": flows})
+
+
+@traffic_bp.route("traffic/protocols")
+def protocols():
+    """Return protocol distribution."""
+    events = get_recent_events(2000)
+    counts = {"TCP": 0, "UDP": 0, "Other": 0}
+
+    for e in events:
+        proto = e.get("proto", "").upper()
+        if proto == "TCP":
+            counts["TCP"] += 1
+        elif proto == "UDP":
+            counts["UDP"] += 1
+        else:
+            counts["Other"] += 1
+
+    return jsonify(counts)
+
+
+@traffic_bp.route("traffic/bandwidth")
+def bandwidth():
+    """
+    Returns packet count per second for the last ~30 records.
+    Used for bandwidth line chart.
+    """
+    events = get_recent_events(200)
+    timeline = {}
+
+    for e in events:
+        t = e.get("time")
+        timeline[t] = timeline.get(t, 0) + 1
+
+    graph = [{"time": k, "value": v} for k, v in timeline.items()]
+
+    return jsonify(graph)

backend/sample/bcc_sample.csv

@@ -0,0 +1,2 @@
+proto,src_port,dst_port,flow_duration,total_fwd_pkts,total_bwd_pkts,flags_numeric,payload_len,header_len,rate,iat,syn,ack,rst,fin
+6,12345,443,100000,20,5,2,5000,800,50,20000,1,1,0,0

backend/sample/cicids_sample.csv

@@ -0,0 +1,2 @@
+Protocol,Dst Port,Flow Duration,Tot Fwd Pkts,Tot Bwd Pkts,TotLen Fwd Pkts,TotLen Bwd Pkts,Fwd Pkt Len Mean,Bwd Pkt Len Mean,Flow IAT Mean,Fwd PSH Flags,Fwd URG Flags,Fwd IAT Mean
+6,443,120000,12,2,4000,1500,350,700,60000,1,0,30000

backend/socket_manager.py

@@ -0,0 +1,80 @@
+# socket_manager.py (Optimized)
+# - Non-blocking emit queue with background worker
+# - Rate-limited batching for frequent events
+# - Backwards-compatible init_socketio & emit_new_event API
+
+import threading
+import time
+import queue
+
+_emit_q = queue.Queue(maxsize=2000)
+_socketio = None
+_emit_lock = threading.Lock()
+_worker_thr = None
+_stop_worker = threading.Event()
+
+# batch/rate config
+_BATCH_INTERVAL = 0.5  # seconds between worker sends
+_BATCH_MAX = 10        # max events to bundle per emit
+
+
+def init_socketio(socketio):
+    """Initialize global socketio and start background emit worker."""
+    global _socketio, _worker_thr
+    _socketio = socketio
+    print("✅ SocketIO initialized (thread-safe)")
+    if _worker_thr is None or not _worker_thr.is_alive():
+        _worker_thr = threading.Thread(target=_emit_worker, daemon=True)
+        _worker_thr.start()
+
+
+def _emit_worker():
+    """Background worker: drains _emit_q and emits aggregated payloads at intervals."""
+    last_send = 0.0
+    buffer = []
+    while not _stop_worker.is_set():
+        try:
+            evt = _emit_q.get(timeout=_BATCH_INTERVAL)
+            buffer.append(evt)
+        except Exception:
+            # timeout, flush if buffer exists
+            pass
+
+        now = time.time()
+        if buffer and (now - last_send >= _BATCH_INTERVAL or len(buffer) >= _BATCH_MAX):
+            payload = {"count": len(buffer), "items": buffer[:_BATCH_MAX]}
+            try:
+                if _socketio:
+                    # emit in background so worker isn't blocked on network
+                    _socketio.start_background_task(lambda: _socketio.emit("new_event", payload, namespace="/"))
+            except Exception as e:
+                print("⚠️ emit worker error:", e)
+            buffer.clear()
+            last_send = now
+
+    # final flush on shutdown
+    if buffer and _socketio:
+        try:
+            _socketio.start_background_task(lambda: _socketio.emit("new_event", {"count": len(buffer), "items": buffer}, namespace="/"))
+        except Exception:
+            pass
+
+
+def emit_new_event(evt):
+    """Enqueue event for background emit. Non-blocking.
+
+    Compatible with previous API: callers can pass full event dicts.
+    """
+    try:
+        _emit_q.put_nowait(evt)
+    except queue.Full:
+        # drop silently (prefer availability over backlog)
+        return
+
+
+def shutdown_socket_manager(timeout=2):
+    """Stop background worker gracefully."""
+    _stop_worker.set()
+    if _worker_thr and _worker_thr.is_alive():
+        _worker_thr.join(timeout=timeout)
+

backend/uploads/bcc_sample.csv

@@ -0,0 +1,2 @@
+proto,src_port,dst_port,flow_duration,total_fwd_pkts,total_bwd_pkts,flags_numeric,payload_len,header_len,rate,iat,syn,ack,rst,fin
+6,12345,443,100000,20,5,2,5000,800,50,20000,1,1,0,0

backend/uploads/cicids_sample.csv

@@ -0,0 +1,2 @@
+Protocol,Dst Port,Flow Duration,Tot Fwd Pkts,Tot Bwd Pkts,TotLen Fwd Pkts,TotLen Bwd Pkts,Fwd Pkt Len Mean,Bwd Pkt Len Mean,Flow IAT Mean,Fwd PSH Flags,Fwd URG Flags,Fwd IAT Mean
+

backend/uploads/cicids_sample_1.csv

@@ -0,0 +1,2 @@
+Protocol,Dst Port,Flow Duration,Tot Fwd Pkts,Tot Bwd Pkts,TotLen Fwd Pkts,TotLen Bwd Pkts,Fwd Pkt Len Mean,Bwd Pkt Len Mean,Flow IAT Mean,Fwd PSH Flags,Fwd URG Flags,Fwd IAT Mean
+6,443,120000,12,2,4000,1500,350,700,60000,1,0,30000

backend/uploads/iris.csv

@@ -0,0 +1,151 @@
+150,4,setosa,versicolor,virginica
+5.1,3.5,1.4,0.2,0
+4.9,3.0,1.4,0.2,0
+4.7,3.2,1.3,0.2,0
+4.6,3.1,1.5,0.2,0
+5.0,3.6,1.4,0.2,0
+5.4,3.9,1.7,0.4,0
+4.6,3.4,1.4,0.3,0
+5.0,3.4,1.5,0.2,0
+4.4,2.9,1.4,0.2,0
+4.9,3.1,1.5,0.1,0
+5.4,3.7,1.5,0.2,0
+4.8,3.4,1.6,0.2,0
+4.8,3.0,1.4,0.1,0
+4.3,3.0,1.1,0.1,0
+5.8,4.0,1.2,0.2,0
+5.7,4.4,1.5,0.4,0
+5.4,3.9,1.3,0.4,0
+5.1,3.5,1.4,0.3,0
+5.7,3.8,1.7,0.3,0
+5.1,3.8,1.5,0.3,0
+5.4,3.4,1.7,0.2,0
+5.1,3.7,1.5,0.4,0
+4.6,3.6,1.0,0.2,0
+5.1,3.3,1.7,0.5,0
+4.8,3.4,1.9,0.2,0
+5.0,3.0,1.6,0.2,0
+5.0,3.4,1.6,0.4,0
+5.2,3.5,1.5,0.2,0
+5.2,3.4,1.4,0.2,0
+4.7,3.2,1.6,0.2,0
+4.8,3.1,1.6,0.2,0
+5.4,3.4,1.5,0.4,0
+5.2,4.1,1.5,0.1,0
+5.5,4.2,1.4,0.2,0
+4.9,3.1,1.5,0.2,0
+5.0,3.2,1.2,0.2,0
+5.5,3.5,1.3,0.2,0
+4.9,3.6,1.4,0.1,0
+4.4,3.0,1.3,0.2,0
+5.1,3.4,1.5,0.2,0
+5.0,3.5,1.3,0.3,0
+4.5,2.3,1.3,0.3,0
+4.4,3.2,1.3,0.2,0
+5.0,3.5,1.6,0.6,0
+5.1,3.8,1.9,0.4,0
+4.8,3.0,1.4,0.3,0
+5.1,3.8,1.6,0.2,0
+4.6,3.2,1.4,0.2,0
+5.3,3.7,1.5,0.2,0
+5.0,3.3,1.4,0.2,0
+7.0,3.2,4.7,1.4,1
+6.4,3.2,4.5,1.5,1
+6.9,3.1,4.9,1.5,1
+5.5,2.3,4.0,1.3,1
+6.5,2.8,4.6,1.5,1
+5.7,2.8,4.5,1.3,1
+6.3,3.3,4.7,1.6,1
+4.9,2.4,3.3,1.0,1
+6.6,2.9,4.6,1.3,1
+5.2,2.7,3.9,1.4,1
+5.0,2.0,3.5,1.0,1
+5.9,3.0,4.2,1.5,1
+6.0,2.2,4.0,1.0,1
+6.1,2.9,4.7,1.4,1
+5.6,2.9,3.6,1.3,1
+6.7,3.1,4.4,1.4,1
+5.6,3.0,4.5,1.5,1
+5.8,2.7,4.1,1.0,1
+6.2,2.2,4.5,1.5,1
+5.6,2.5,3.9,1.1,1
+5.9,3.2,4.8,1.8,1
+6.1,2.8,4.0,1.3,1
+6.3,2.5,4.9,1.5,1
+6.1,2.8,4.7,1.2,1
+6.4,2.9,4.3,1.3,1
+6.6,3.0,4.4,1.4,1
+6.8,2.8,4.8,1.4,1
+6.7,3.0,5.0,1.7,1
+6.0,2.9,4.5,1.5,1
+5.7,2.6,3.5,1.0,1
+5.5,2.4,3.8,1.1,1
+5.5,2.4,3.7,1.0,1
+5.8,2.7,3.9,1.2,1
+6.0,2.7,5.1,1.6,1
+5.4,3.0,4.5,1.5,1
+6.0,3.4,4.5,1.6,1
+6.7,3.1,4.7,1.5,1
+6.3,2.3,4.4,1.3,1
+5.6,3.0,4.1,1.3,1
+5.5,2.5,4.0,1.3,1
+5.5,2.6,4.4,1.2,1
+6.1,3.0,4.6,1.4,1
+5.8,2.6,4.0,1.2,1
+5.0,2.3,3.3,1.0,1
+5.6,2.7,4.2,1.3,1
+5.7,3.0,4.2,1.2,1
+5.7,2.9,4.2,1.3,1
+6.2,2.9,4.3,1.3,1
+5.1,2.5,3.0,1.1,1
+5.7,2.8,4.1,1.3,1
+6.3,3.3,6.0,2.5,2
+5.8,2.7,5.1,1.9,2
+7.1,3.0,5.9,2.1,2
+6.3,2.9,5.6,1.8,2
+6.5,3.0,5.8,2.2,2
+7.6,3.0,6.6,2.1,2
+4.9,2.5,4.5,1.7,2
+7.3,2.9,6.3,1.8,2
+6.7,2.5,5.8,1.8,2
+7.2,3.6,6.1,2.5,2
+6.5,3.2,5.1,2.0,2
+6.4,2.7,5.3,1.9,2
+6.8,3.0,5.5,2.1,2
+5.7,2.5,5.0,2.0,2
+5.8,2.8,5.1,2.4,2
+6.4,3.2,5.3,2.3,2
+6.5,3.0,5.5,1.8,2
+7.7,3.8,6.7,2.2,2
+7.7,2.6,6.9,2.3,2
+6.0,2.2,5.0,1.5,2
+6.9,3.2,5.7,2.3,2
+5.6,2.8,4.9,2.0,2
+7.7,2.8,6.7,2.0,2
+6.3,2.7,4.9,1.8,2
+6.7,3.3,5.7,2.1,2
+7.2,3.2,6.0,1.8,2
+6.2,2.8,4.8,1.8,2
+6.1,3.0,4.9,1.8,2
+6.4,2.8,5.6,2.1,2
+7.2,3.0,5.8,1.6,2
+7.4,2.8,6.1,1.9,2
+7.9,3.8,6.4,2.0,2
+6.4,2.8,5.6,2.2,2
+6.3,2.8,5.1,1.5,2
+6.1,2.6,5.6,1.4,2
+7.7,3.0,6.1,2.3,2
+6.3,3.4,5.6,2.4,2
+6.4,3.1,5.5,1.8,2
+6.0,3.0,4.8,1.8,2
+6.9,3.1,5.4,2.1,2
+6.7,3.1,5.6,2.4,2
+6.9,3.1,5.1,2.3,2
+5.8,2.7,5.1,1.9,2
+6.8,3.2,5.9,2.3,2
+6.7,3.3,5.7,2.5,2
+6.7,3.0,5.2,2.3,2
+6.3,2.5,5.0,1.9,2
+6.5,3.0,5.2,2.0,2
+6.2,3.4,5.4,2.3,2
+5.9,3.0,5.1,1.8,2

backend/utils/ai_engine.py

@@ -0,0 +1,164 @@
+# utils/ai_engine.py
+# -----------------------------------------
+# Lightweight "AI" engine using rules + templates
+# No heavy ML model – safe for your laptop 🙂
+
+from collections import Counter
+from datetime import datetime
+
+
+def _normalize_label(label: str) -> str:
+    return str(label or "Unknown").strip().upper()
+
+
+# 1️⃣ Explain a single threat/event
+def explain_threat(event: dict) -> str:
+    """
+    Takes a single event dict (from logger / recent())
+    and returns a human-readable explanation.
+    """
+
+    label = _normalize_label(event.get("prediction"))
+    risk_level = str(event.get("risk_level", "Low")).title()
+    src_ip = event.get("src_ip") or event.get("src") or "Unknown source"
+    dst_ip = event.get("dst_ip") or event.get("dst") or "Unknown destination"
+    proto = event.get("proto", "Unknown")
+    sport = event.get("sport") or event.get("src_port") or "?"
+    dport = event.get("dport") or event.get("dst_port") or "?"
+
+    # Simple knowledge base
+    explanations = {
+        "VPN": (
+            "Traffic from {src} to {dst} over {proto} looks like VPN usage. "
+            "VPN tunnels encrypt traffic and can hide the real origin of an attacker. "
+            "Review if this VPN endpoint is expected for this host."
+        ),
+        "TOR": (
+            "Traffic appears to be routed through the Tor anonymity network. "
+            "Tor is commonly used to hide attacker identity. "
+            "Investigate the host at {src} and check if Tor usage is allowed."
+        ),
+        "I2P": (
+            "Detected I2P (Invisible Internet Project) style traffic. "
+            "I2P is an anonymity network similar to Tor and can be abused for C2 channels."
+        ),
+        "FREENET": (
+            "Traffic resembles Freenet P2P anonymity network. "
+            "Such networks can be used to exchange illegal or malicious content."
+        ),
+        "ZERONET": (
+            "ZeroNet-like traffic detected. ZeroNet hosts sites over a P2P network. "
+            "This may bypass normal web filtering and logging."
+        ),
+        # CICIDS-style examples – extend as you like
+        "DOS HULK": (
+            "High-rate HTTP traffic typical of DoS-Hulk attack was detected. "
+            "This can exhaust web server resources and cause service disruption."
+        ),
+        "DOS SLOWLORIS": (
+            "Slowloris-style DoS traffic detected. It keeps many HTTP connections open "
+            "to slowly exhaust server connection limits."
+        ),
+        "BOT": (
+            "Behavior suggests the host may be part of a botnet. "
+            "Correlate with outbound connections and run malware scans on {src}."
+        ),
+        "BENIGN": (
+            "This flow is classified as BENIGN. No immediate malicious pattern detected, "
+            "but you should still monitor for anomalies over time."
+        ),
+    }
+
+    # Pick best match (exact or substring)
+    text = None
+    if label in explanations:
+        text = explanations[label]
+    else:
+        for k, v in explanations.items():
+            if k in label:
+                text = v
+                break
+
+    if text is None:
+        text = (
+            "The traffic is classified as '{label}' with a risk level of {risk}. "
+            "Review source {src} → destination {dst}, protocol {proto}, "
+            "and ports {sport} → {dport} for suspicious patterns."
+        )
+
+    return text.format(
+        label=label,
+        risk=risk_level,
+        src=src_ip,
+        dst=dst_ip,
+        proto=proto,
+        sport=sport,
+        dport=dport,
+    )
+
+
+# 2️⃣ Summarize multiple events (for report)
+def summarize_events(events, model: str = "bcc") -> str:
+    """
+    Takes a list of events and returns a high-level English summary.
+    """
+
+    if not events:
+        return "No recent events available for summary."
+
+    labels = [_normalize_label(e.get("prediction")) for e in events]
+    counts = Counter(labels)
+    total = len(events)
+
+    high_risk_keywords = [
+        "DDOS", "DOS", "BRUTE", "SQL", "BOT", "INFILTRATION", "HULK",
+        "SLOWLORIS", "SLOWHTTPTEST"
+    ]
+    high_risk = sum(
+        c for lbl, c in counts.items()
+        if any(k in lbl for k in high_risk_keywords)
+    )
+
+    tor_like = sum(
+        counts.get(lbl, 0) for lbl in ["TOR", "I2P", "ZERONET", "FREENET", "VPN"]
+    )
+
+    ts = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+
+    # Build readable summary
+    parts = [
+        f"AI Summary generated at {ts} for model '{model.upper()}'.",
+        f"Total analysed events: {total}.",
+    ]
+
+    if high_risk:
+        parts.append(
+            f"High-risk attacks detected: {high_risk} events "
+            f"({', '.join(k for k in counts.keys() if any(x in k for x in high_risk_keywords))})."
+        )
+    else:
+        parts.append("No high-risk attack pattern strongly detected in this window.")
+
+    if tor_like:
+        parts.append(
+            f"Anonymity or tunneling traffic (VPN/TOR/I2P/etc.) observed in {tor_like} events. "
+            "Verify if this usage is expected and authorized."
+        )
+
+    # top 3 labels
+    top3 = counts.most_common(3)
+    label_str = ", ".join(f"{lbl}: {cnt}" for lbl, cnt in top3)
+    parts.append(f"Top traffic classes: {label_str}.")
+
+    if model == "bcc":
+        parts.append(
+            "BCC model focuses on live packet patterns; consider correlating with host logs "
+            "for deeper forensic analysis."
+        )
+    else:
+        parts.append(
+            "CICIDS model analyses flow-level statistics; consider exporting flows for "
+            "offline investigation if anomalies increase."
+        )
+
+    return " ".join(parts)

backend/utils/geo_lookup.py

@@ -0,0 +1,133 @@
+# utils/geo_lookup.py
+# ==========================================
+# 🌍 GEO LOOKUP UTILITY — Robust version
+# - Uses ipwho.is
+# - Validates inputs
+# - Caches results
+# - Graceful fallback for bad/ private IPs
+# ==========================================
+
+import requests
+from functools import lru_cache
+import re
+import time
+
+# Public API (no API key)
+GEO_API = "https://ipwho.is/{ip}"
+
+# Regex for private/reserved IPv4 blocks + simple IPv4/IPv6 check
+_IPV4_RE = re.compile(r"^(?:\d{1,3}\.){3}\d{1,3}$")
+_IPV6_RE = re.compile(r"^[0-9a-fA-F:]+$")
+
+PRIVATE_IP_RANGES = [
+    re.compile(r"^127\."),               # localhost
+    re.compile(r"^10\."),                # private
+    re.compile(r"^192\.168\."),          # private
+    re.compile(r"^172\.(1[6-9]|2[0-9]|3[0-1])\."),  # private block
+    re.compile(r"^0\."),                 # invalid
+    re.compile(r"^255\."),               # broadcast/reserved
+]
+
+# Cache size tuned to common usage (increase if you have many distinct IPs)
+@lru_cache(maxsize=2000)
+def get_geo_info(ip: str) -> dict:
+    """Return geolocation info for an IP address (string-safe, cached, fallback)."""
+    # Normalize
+    try:
+        ip_raw = ip
+        if ip is None:
+            return _default_geo(ip, "Empty IP")
+        ip = str(ip).strip()
+    except Exception:
+        return _default_geo(ip, "Invalid IP")
+
+    # Quick checks
+    if ip == "" or ip.lower() in ("unknown", "n/a", "na", "local", "localhost"):
+        return _default_geo(ip, "Unknown")
+
+    # If it's clearly not an IPv4/IPv6 string, avoid calling external API
+    if not (_IPV4_RE.match(ip) or _IPV6_RE.match(ip)):
+        return _default_geo(ip, "Not an IP")
+
+    # Private/reserved check
+    if any(r.match(ip) for r in PRIVATE_IP_RANGES):
+        return {
+            "ip": ip,
+            "country": "Local",
+            "city": "Private Network",
+            "lat": 0.0,
+            "lon": 0.0,
+        }
+
+    # Query remote API (with timeout + basic retry)
+    try:
+        # simple single attempt with timeout; if you need reliability add a tiny backoff/retry
+        res = requests.get(GEO_API.format(ip=ip), timeout=4)
+        if res.status_code == 200:
+            data = res.json()
+            # ipwho.is returns {"success": false, "message": "..."} for invalid
+            if data.get("success", True) is False:
+                return _default_geo(ip, data.get("message", "Invalid IP"))
+            return {
+                "ip": ip,
+                "country": data.get("country", "Unknown"),
+                "city": data.get("city", "Unknown"),
+                "lat": float(data.get("latitude") or 0.0),
+                "lon": float(data.get("longitude") or 0.0),
+            }
+        # non-200 -> fallback
+        print(f"⚠️ Geo lookup failed for {ip} (status {res.status_code})")
+    except Exception as e:
+        # network errors, DNS issues, etc.
+        print(f"⚠️ Geo lookup error for {ip}: {e}")
+
+    return _default_geo(ip, "Unknown")
+
+
+def _default_geo(ip: str, reason="Unknown"):
+    """Return default location info when lookup fails."""
+    return {
+        "ip": ip,
+        "country": reason,
+        "city": "Unknown",
+        "lat": 0.0,
+        "lon": 0.0,
+    }
+
+
+def enrich_event_with_geo(evt: dict) -> dict:
+    """
+    Given an event dict that contains 'src_ip' and 'dst_ip' (or similar keys),
+    attach src/dst city, country, lat, lon fields.
+    This function is safe to call synchronously, but consider async enrichment
+    when running on a hot packet-processing loop (see optional snippet below).
+    """
+    try:
+        # Accept multiple possible keys (compatibility)
+        src_ip = evt.get("src_ip") or evt.get("src") or evt.get("srcIP") or ""
+        dst_ip = evt.get("dst_ip") or evt.get("dst") or evt.get("dstIP") or ""
+
+        # Normalize to string before calling get_geo_info
+        src_ip = str(src_ip).strip() if src_ip is not None else ""
+        dst_ip = str(dst_ip).strip() if dst_ip is not None else ""
+
+        # Get geo info (cached)
+        src_info = get_geo_info(src_ip)
+        dst_info = get_geo_info(dst_ip)
+
+        evt.update({
+            "src_country": src_info["country"],
+            "dst_country": dst_info["country"],
+            "src_city": src_info["city"],
+            "dst_city": dst_info["city"],
+            "src_lat": src_info["lat"],
+            "src_lon": src_info["lon"],
+            "dst_lat": dst_info["lat"],
+            "dst_lon": dst_info["lon"],
+        })
+    except Exception as e:
+        # Keep it quiet but informative
+        print(f"⚠️ Geo enrichment failed for event: {e}")
+
+    return evt
+

backend/utils/logger.py

@@ -0,0 +1,273 @@
+# logger.py (Model-separated, non-blocking logger, per-model CSVs)
+# -------------------------------------------------------------
+import os
+import csv
+import threading
+import time
+from datetime import datetime
+import numpy as np
+
+LOG_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "logs"))
+os.makedirs(LOG_DIR, exist_ok=True)
+
+BCC_LOG_FILE = os.path.join(LOG_DIR, "bcc_logs.csv")
+CICIDS_LOG_FILE = os.path.join(LOG_DIR, "cicids_logs.csv")
+
+_MAX_RECENT = 500
+_FLUSH_INTERVAL = 2.0
+_FLUSH_BATCH = 50
+
+_headers = [
+    "time", "src_ip", "sport", "dst_ip", "dport", "proto",
+    "prediction", "risk_level", "risk_score",
+    "src_country", "src_city", "src_lat", "src_lon",
+    "dst_country", "dst_city", "dst_lat", "dst_lon"
+]
+
+# In-memory per-model buffers & stats
+_model_events = {
+    "bcc": [],       # list of dicts
+    "cicids": []
+}
+
+_model_stats = {
+    "bcc": {},
+    "cicids": {}
+}
+
+# active model (default)
+_active_model_lock = threading.Lock()
+_active_model = "bcc"
+
+# writer buffers and locks
+_write_buffer = []   # list of dicts, each item must include "model" key
+_buffer_lock = threading.Lock()
+_events_lock = threading.Lock()
+
+_stop_writer = threading.Event()
+
+# -------------------------
+# Helpers: file name for model
+# -------------------------
+def _file_for_model(model):
+    if model == "cicids":
+        return CICIDS_LOG_FILE
+    return BCC_LOG_FILE
+
+# -------------------------
+# Full overwrite for a model CSV
+# -------------------------
+def _flush_full_overwrite_model(model):
+    """Rewrite the entire CSV for a specific model from its in-memory buffer."""
+    fname = _file_for_model(model)
+    try:
+        with _events_lock:
+            rows = list(_model_events.get(model, []))
+        with open(fname, "w", newline="", encoding="utf-8") as f:
+            writer = csv.DictWriter(f, fieldnames=_headers)
+            writer.writeheader()
+            for row in rows:
+                writer.writerow({k: row.get(k, "") for k in _headers})
+        # optional debug print
+        # print(f"[logger] {model} CSV fully rewritten: {len(rows)} rows -> {fname}")
+    except Exception as e:
+        print("[logger] Full overwrite failed:", e)
+
+# -------------------------
+# Flush small batches to disk (append)
+# -------------------------
+def _flush_to_disk():
+    global _write_buffer
+    with _buffer_lock:
+        if not _write_buffer:
+            return
+        batch = _write_buffer[:_FLUSH_BATCH]
+        _write_buffer = _write_buffer[len(batch):]
+
+    # group by model for efficient writes
+    groups = {}
+    for row in batch:
+        m = row.get("model", "bcc")
+        groups.setdefault(m, []).append(row)
+
+    for model, rows in groups.items():
+        fname = _file_for_model(model)
+        try:
+            file_empty = not os.path.exists(fname) or os.stat(fname).st_size == 0
+            with open(fname, "a", newline="", encoding="utf-8") as f:
+                writer = csv.DictWriter(f, fieldnames=_headers)
+                if file_empty:
+                    writer.writeheader()
+                for r in rows:
+                    # write only header keys (ignore extra)
+                    writer.writerow({k: r.get(k, "") for k in _headers})
+        except Exception as e:
+            print("[logger] Append write error for", model, ":", e)
+
+# -------------------------
+# Background writer thread
+# -------------------------
+def _writer_thread():
+    while not _stop_writer.is_set():
+        time.sleep(_FLUSH_INTERVAL)
+        _flush_to_disk()
+    # flush remaining on shutdown
+    _flush_to_disk()
+
+_writer_thr = threading.Thread(target=_writer_thread, daemon=True)
+_writer_thr.start()
+
+# -------------------------
+# Load existing CSVs into _model_events on startup (keep last _MAX_RECENT)
+# -------------------------
+def _load_recent_model(model):
+    fname = _file_for_model(model)
+    if not os.path.exists(fname):
+        return []
+    try:
+        with open(fname, "r", encoding="utf-8") as f:
+            reader = list(csv.DictReader(f))
+            return reader[-_MAX_RECENT:]
+    except Exception:
+        return []
+
+def _load_all_recent():
+    global _model_events
+    with _events_lock:
+        _model_events["bcc"] = _load_recent_model("bcc")
+        _model_events["cicids"] = _load_recent_model("cicids")
+
+_load_all_recent()
+
+# ===============================
+# Public API: push_event
+# ===============================
+def push_event(evt):
+    """
+    evt: dict containing event fields expected (prediction, src_ip, dst_ip, etc.)
+    Uses current active model to store event.
+    Also enqueues to write buffer for background flush.
+    """
+    global _write_buffer
+
+    # attach model at time of push
+    with _active_model_lock:
+        model = _active_model
+
+    e = dict(evt)
+    e.setdefault("time", datetime.now().strftime("%H:%M:%S"))
+    e.setdefault("risk_level", "Low")
+    e.setdefault("risk_score", 0)
+
+    # add to in-memory buffer for model
+    with _events_lock:
+        _model_events.setdefault(model, [])
+        _model_events[model].append(e)
+        if len(_model_events[model]) > _MAX_RECENT:
+            _model_events[model] = _model_events[model][-_MAX_RECENT:]
+
+        # update stats
+        pred = str(e.get("prediction", "Unknown"))
+        _model_stats.setdefault(model, {})
+        _model_stats[model][pred] = _model_stats[model].get(pred, 0) + 1
+
+    # add to write buffer with model tag for background writer
+    item = dict(e)
+    item["model"] = model
+    with _buffer_lock:
+        _write_buffer.append(item)
+        # if buffer grows big, flush asynchronously
+        if len(_write_buffer) > (_FLUSH_BATCH * 4):
+            threading.Thread(target=_flush_to_disk, daemon=True).start()
+
+# ===============================
+# Public API: get recent & stats
+# ===============================
+def get_recent_events(model="bcc", n=None):
+    with _events_lock:
+        data = list(_model_events.get(model, []))
+    if n:
+        return data[-n:]
+    return data
+
+def get_model_stats(model="bcc"):
+    with _events_lock:
+        # return a shallow copy to avoid external mutation
+        return dict(_model_stats.get(model, {}))
+
+# -------------------------
+# Convenience: summary across active model (legacy)
+# -------------------------
+def summarize_counts():
+    with _active_model_lock:
+        model = _active_model
+    return get_model_stats(model)
+
+# ===============================
+# Model selection API
+# ===============================
+def set_active_model(model):
+    if model not in ("bcc", "cicids"):
+        raise ValueError("invalid model")
+    with _active_model_lock:
+        global _active_model
+        _active_model = model
+    # no immediate clearing — in-memory buffers persist per model
+    return _active_model
+
+def get_active_model():
+    with _active_model_lock:
+        return _active_model
+
+# ===============================
+# CLEAR / DELETE (model-wise)
+# ===============================
+def clear_last_events(model="bcc", n=99999):
+    with _events_lock:
+        ev = _model_events.get(model, [])
+        if n >= len(ev):
+            _model_events[model] = []
+        else:
+            _model_events[model] = ev[:-n]
+        # reset stats for this model
+        _model_stats[model] = {}
+    # rewrite model CSV fully
+    _flush_full_overwrite_model(model)
+    return True
+
+def delete_by_index(model="bcc", idx=0):
+    with _events_lock:
+        ev = _model_events.get(model, [])
+        if 0 <= idx < len(ev):
+            ev.pop(idx)
+            _model_events[model] = ev
+            # recompute stats (simple recompute)
+            _model_stats[model] = {}
+            for e in ev:
+                pred = str(e.get("prediction", "Unknown"))
+                _model_stats[model][pred] = _model_stats[model].get(pred, 0) + 1
+            _flush_full_overwrite_model(model)
+            return True
+    return False
+
+def delete_by_prediction(model="bcc", pred=None):
+    if pred is None:
+        return False
+    with _events_lock:
+        ev = _model_events.get(model, [])
+        _model_events[model] = [e for e in ev if e.get("prediction") != pred]
+        # recompute stats
+        _model_stats[model] = {}
+        for e in _model_events[model]:
+            p = str(e.get("prediction", "Unknown"))
+            _model_stats[model][p] = _model_stats[model].get(p, 0) + 1
+    _flush_full_overwrite_model(model)
+    return True
+
+# ===============================
+# Shutdown
+# ===============================
+def shutdown_logger():
+    _stop_writer.set()
+    _writer_thr.join(timeout=3)
+

backend/utils/model_selector.py

@@ -0,0 +1,116 @@
+import os
+import joblib
+import threading
+import traceback
+
+# Global active model (default = bcc so your current flow remains unchanged)
+ACTIVE_MODEL = "bcc"
+_ACTIVE_LOCK = threading.Lock()
+
+# Cache loaded models to avoid repeated disk loads
+_MODEL_CACHE = {}
+ML_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "ml_models"))
+print("[model_selector] ML_DIR =", ML_DIR)
+try:
+    print("[model_selector] ML_DIR files:", os.listdir(ML_DIR))
+except Exception as e:
+    print("[model_selector] Could not list ML_DIR:", e)
+
+
+def _try_load(path):
+    """Try to joblib.load(path). On failure return None but print full traceback."""
+    if not os.path.exists(path):
+        print(f"[model_selector] SKIP (not found): {path}")
+        return None
+    try:
+        print(f"[model_selector] Attempting to load: {path}")
+        obj = joblib.load(path)
+        print(f"[model_selector] Successfully loaded: {os.path.basename(path)}")
+        return obj
+    except Exception as e:
+        print(f"[model_selector] FAILED to load {path}: {e}")
+        traceback.print_exc()
+        return None
+
+def load_model(model_key):
+    """Return a dict with keys depending on model. Caches result."""
+    if model_key in _MODEL_CACHE:
+        return _MODEL_CACHE[model_key]
+
+    if model_key == "bcc":
+        # original BCC artifact names (your working files)
+        model_path = os.path.join(ML_DIR, "realtime_model.pkl")
+        scaler_path = os.path.join(ML_DIR, "realtime_scaler.pkl")
+        encoder_path = os.path.join(ML_DIR, "realtime_encoder.pkl")
+
+        model = _try_load(model_path)
+        scaler = _try_load(scaler_path)
+        encoder = _try_load(encoder_path)
+
+        if model is None:
+            print(f"[model_selector] WARNING: bcc model not found at {model_path}")
+        _MODEL_CACHE["bcc"] = {"model": model, "scaler": scaler, "encoder": encoder}
+        return _MODEL_CACHE["bcc"]
+
+    if model_key == "cicids":
+        # Prefer the RF pipeline you requested; try common names in preferred order
+        candidate_models = [
+            "rf_pipeline.joblib",        # preferred - your RF pipeline
+            "cicids_rf.joblib",
+            "rf_pipeline.pkl",
+            "cicids_model.joblib",
+            "lgb_pipeline.joblib",
+            "cicids_rf.pkl",
+        ]
+        # prefer 'training_artifacts' or 'cicids_artifacts'
+        candidate_artifacts = [
+            "training_artifacts.joblib",
+            "training_artifacts.pkl",
+            "cicids_artifacts.joblib",
+            "cicids_artifacts.pkl",
+            "artifacts.joblib",
+            "artifacts.pkl"
+        ]
+
+        model = None
+        artifacts = None
+        for fn in candidate_models:
+            p = os.path.join(ML_DIR, fn)
+            model = _try_load(p)
+            if model is not None:
+                print(f"[model_selector] Loaded cicids model from {p}")
+                break
+
+        for fn in candidate_artifacts:
+            p = os.path.join(ML_DIR, fn)
+            artifacts = _try_load(p)
+            if artifacts is not None:
+                print(f"[model_selector] Loaded cicids artifacts from {p}")
+                break
+
+        if model is None:
+            print("[model_selector] WARNING: No cicids model found in ml_models.")
+        if artifacts is None:
+            print("[model_selector] WARNING: No cicids artifacts found in ml_models.")
+
+        # artifacts expected to include: 'scaler' and 'features' at minimum
+        _MODEL_CACHE["cicids"] = {
+            "model": model,
+            "artifacts": artifacts
+        }
+        return _MODEL_CACHE["cicids"]
+
+    raise ValueError("Unknown model_key")
+
+def set_active_model(key: str):
+    global ACTIVE_MODEL
+    if key not in ("bcc", "cicids"):
+        raise ValueError("Active model must be 'bcc' or 'cicids'")
+    with _ACTIVE_LOCK:
+        ACTIVE_MODEL = key
+    print(f"[model_selector] ACTIVE_MODEL set to: {ACTIVE_MODEL}")
+
+def get_active_model():
+    return ACTIVE_MODEL
+
+

backend/utils/pcap_to_csv.py

@@ -0,0 +1,23 @@
+import pandas as pd
+from scapy.all import rdpcap
+
+def convert_pcap_to_csv(input_pcap):
+    packets = rdpcap(input_pcap)
+    data = []
+
+    for pkt in packets:
+        try:
+            row = {
+                "src_port": pkt.sport if hasattr(pkt, "sport") else 0,
+                "dst_port": pkt.dport if hasattr(pkt, "dport") else 0,
+                "proto": pkt.proto if hasattr(pkt, "proto") else 0,
+                "payload_len": len(pkt.payload)
+            }
+            data.append(row)
+        except:
+            pass
+
+    df = pd.DataFrame(data)
+    out_csv = input_pcap + ".csv"
+    df.to_csv(out_csv, index=False)
+    return out_csv

backend/utils/risk_engine.py

@@ -0,0 +1,77 @@
+# risk_engine.py (Optimized)
+# - Accepts optional `recent_events` to avoid repeated disk/IO calls
+# - Uses light-weight counters and caching for frequency checks
+# - Returns (level, score) as before
+
+import random
+import time
+from utils.logger import get_recent_events
+
+# small in-memory cache for source counts to avoid repeated scans
+_SRC_CACHE = {
+    "ts": 0,
+    "counts": {},
+    "ttl": 2.0  # seconds
+}
+
+
+def _build_source_cache(recent_events):
+    counts = {}
+    for e in recent_events:
+        s = e.get("src_ip")
+        if s:
+            counts[s] = counts.get(s, 0) + 1
+    return counts
+
+
+def compute_risk_score(evt, recent_events=None):
+    """Compute adaptive risk score (0–100).
+
+    If `recent_events` is provided, it is used directly. Otherwise `get_recent_events()`
+    is called once (limited inside the function).
+    """
+    label = (evt.get("prediction") or "").upper()
+    src_ip = evt.get("src_ip") or ""
+
+    base_map = {
+        "TOR": 90,
+        "I2P": 85,
+        "ZERONET": 70,
+        "VPN": 55,
+        "FREENET": 60,
+        "HTTP": 30,
+        "DNS": 25,
+    }
+    base = base_map.get(label, 35)
+
+    # get recent events once if not provided
+    if recent_events is None:
+        recent_events = get_recent_events()
+
+    # try cached counts for short TTL
+    now = time.time()
+    if now - _SRC_CACHE.get("ts", 0) > _SRC_CACHE.get("ttl", 2.0) or not _SRC_CACHE.get("counts"):
+        _SRC_CACHE["counts"] = _build_source_cache(recent_events)
+        _SRC_CACHE["ts"] = now
+
+    freq = _SRC_CACHE["counts"].get(src_ip, 0)
+
+    freq_boost = 0
+    if freq >= 3:
+        freq_boost = 5
+    if freq >= 6:
+        freq_boost = 15
+
+    noise = random.randint(-3, 3)
+
+    score = min(100, max(0, base + freq_boost + noise))
+
+    if score >= 80:
+        level = "High"
+    elif score >= 50:
+        level = "Medium"
+    else:
+        level = "Low"
+
+    return level, score
+

frontend/.gitignore

@@ -0,0 +1,24 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

frontend/README.md

@@ -0,0 +1,16 @@
+# React + Vite
+
+This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
+
+Currently, two official plugins are available:
+
+- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) (or [oxc](https://oxc.rs) when used in [rolldown-vite](https://vite.dev/guide/rolldown)) for Fast Refresh
+- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
+
+## React Compiler
+
+The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see [this documentation](https://react.dev/learn/react-compiler/installation).
+
+## Expanding the ESLint configuration
+
+If you are developing a production application, we recommend using TypeScript with type-aware lint rules enabled. Check out the [TS template](https://github.com/vitejs/vite/tree/main/packages/create-vite/template-react-ts) for information on how to integrate TypeScript and [`typescript-eslint`](https://typescript-eslint.io) in your project.

frontend/components.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "https://ui.shadcn.com/schema.json",
+  "style": "default",
+  "rsc": false,
+  "tsx": false,
+  "tailwind": {
+    "config": "tailwind.config.js",
+    "css": "src/index.css",
+    "baseColor": "slate",
+    "cssVariables": true,
+    "prefix": ""
+  },
+  "iconLibrary": "lucide",
+  "aliases": {
+    "components": "@/components",
+    "utils": "@/lib/utils",
+    "ui": "@/components/ui",
+    "lib": "@/lib",
+    "hooks": "@/hooks"
+  },
+  "registries": {}
+}

frontend/eslint.config.js

@@ -0,0 +1,29 @@
+import js from '@eslint/js'
+import globals from 'globals'
+import reactHooks from 'eslint-plugin-react-hooks'
+import reactRefresh from 'eslint-plugin-react-refresh'
+import { defineConfig, globalIgnores } from 'eslint/config'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{js,jsx}'],
+    extends: [
+      js.configs.recommended,
+      reactHooks.configs['recommended-latest'],
+      reactRefresh.configs.vite,
+    ],
+    languageOptions: {
+      ecmaVersion: 2020,
+      globals: globals.browser,
+      parserOptions: {
+        ecmaVersion: 'latest',
+        ecmaFeatures: { jsx: true },
+        sourceType: 'module',
+      },
+    },
+    rules: {
+      'no-unused-vars': ['error', { varsIgnorePattern: '^[A-Z_]' }],
+    },
+  },
+])

frontend/index.html

@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="UTF-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+<link
+  rel="stylesheet"
+  href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css"
+/>
+<link rel="shortcut icon" href="/images.ico" />
+<title>NIDS Cyber Security</title>
+</head>
+<body>
+<div id="root"></div>
+<script type="module" src="/src/main.jsx"></script>
+</body>
+</html>

frontend/jsconfig.json

@@ -0,0 +1,8 @@
+{
+  "compilerOptions": {
+    "baseUrl": "./src",
+    "paths": {
+      "@/*": ["*"]
+    }
+  }
+}