🚀 Initial upload of my app

.gitattributes

@@ -33,3 +33,4 @@ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text
+demo/demo.mp4 filter=lfs diff=lfs merge=lfs -text

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Eslam Tarek
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,12 +1,128 @@
+# NetworkAttackDetector — Real‑time Network Threat Detection 🛡️
+
+Lightweight Gradio app to predict and explain potential network scan types from request metadata. Built with a scikit‑learn pipeline, ready to run locally. 🚀
+
 ---
-title: NetShield
-emoji: 🔥
-colorFrom: yellow
-colorTo: green
-sdk: gradio
-sdk_version: 5.47.2
-app_file: app.py
-pinned: false
+
+## Badges
+
+[![Python](https://img.shields.io/badge/Python-3.10%2B-blue.svg)](https://www.python.org/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE)
+
+---
+
+## Table of Contents
+
+- [Demo](#demo)
+- [Features](#features)
+- [Installation / Setup](#installation--setup)
+- [Usage](#usage)
+- [Configuration / Options](#configuration--options)
+- [Contributing](#contributing)
+- [License](#license)
+- [Acknowledgements / Credits](#acknowledgements--credits)
+
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+## Demo
+
+The repository includes real demo assets under `./demo/`.
+
+- Image preview:
+
+  ![Demo UI](./demo/demo.png)
+
+- Short walkthrough (MP4):
+
+  <video src="./demo/demo.mp4" controls width="640"></video>
+
+---
+
+## Features
+
+- **Interactive UI** using `gradio` via `ui.py` → `build_ui()`.
+- **Pretrained artifacts** loaded from `./models/` via `utils.py` → `load_artifacts()`.
+- **Fast inference** using a serialized scikit‑learn pipeline (`joblib`).
+- **Human‑readable prediction** by decoding labels with a fitted encoder.
+
+---
+
+## Installation / Setup
+
+Use a virtual environment for isolation.
+
+```bash
+# Create a virtual environment
+python -m venv .venv
+
+# Activate it
+# On Linux/Mac:
+source .venv/bin/activate
+# On Windows:
+.venv\Scripts\activate
+
+# Install dependencies
+pip install -r requirements.txt
+```
+
+---
+
+## Usage
+
+Run the Gradio app from the project root:
+
+```bash
+python app.py
+```
+
+Then open the local URL printed by Gradio (e.g., http://127.0.0.1:7860/).
+
+### Input fields
+- `Port` (number)
+- `Request Type` (e.g., GET, POST)
+- `Protocol` (e.g., HTTP, HTTPS)
+- `Payload Size` (number)
+- `User Agent` (string)
+- `Status` (e.g., 200, 404)
+
+### Output
+- A predicted scan type (human‑readable label) returned by `predict_intrusion()`.
+
+---
+
+## Configuration / Options
+
+- **Model artifacts**: The app expects the following files to exist:
+  - `models/network_logs_pipeline.joblib`
+  - `models/target_encoder.joblib`
+
+- **Changing artifact paths**: Update `utils.py` → `load_artifacts()` if your models live elsewhere.
+
+- **Environment**: Ensure your Python version satisfies the version in the badge above.
+
+---
+
+## Contributing
+
+Contributions are welcome! Suggestions, issues, and PRs help improve the project.
+
+1. Fork the repo
+2. Create a feature branch: `git checkout -b feat/your-feature`
+3. Commit changes: `git commit -m "feat: add your feature"`
+4. Push to branch: `git push origin feat/your-feature`
+5. Open a Pull Request
+
+Please keep PRs focused and include context, screenshots when relevant, and tests if logic changes.
+
+---
+
+## License
+
+This project is licensed under the MIT License — see [LICENSE](./LICENSE) for details.
+
+---
+
+## Acknowledgements / Credits
+
+- Model training and experimentation are illustrated in `network-threat-detection-with-f1-99.ipynb` using `pandas`, `numpy`, `scikit‑learn`, `xgboost`, and `shap`.
+- UI is built with `gradio` and model artifacts are loaded with `joblib`.

app.py

@@ -0,0 +1,7 @@
+from utils import load_artifacts, predict_intrusion
+from ui import build_ui
+
+if __name__ == "__main__":
+    pipeline, target_encoder = load_artifacts()
+    demo = build_ui(pipeline, target_encoder, predict_intrusion)
+    demo.launch()

demo/demo.mp4

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7e81738cf227de7897bc357f7870856115b42415de3a3bdc5c3c092cc3b9a1a1
+size 777470

models/network_logs_pipeline.joblib

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:58be20bb9d93ad31a5261aba53ce90f494a56bfc6b2ec387d50ee00629a2c340
+size 7331

models/target_encoder.joblib

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4ff864e97bd0583f47b07c44ca9a83c4d316978e562d1558a52ac6c0c2d074aa
+size 504

requirements.txt

@@ -0,0 +1,9 @@
+gradio==3.50.2
+joblib==1.3.2
+pandas==2.2.2
+numpy==1.26.4
+seaborn==0.13.2
+matplotlib==3.8.4
+scikit-learn==1.4.2
+xgboost==2.0.3
+shap==0.44.1

ui.py

@@ -0,0 +1,37 @@
+import gradio as gr
+
+def build_ui(pipeline, target_encoder, predict_fn):
+    """Build Gradio UI for intrusion detection."""
+    
+    with gr.Blocks() as demo:
+        gr.Markdown("## 🔍 Network Threat Detection")
+
+        with gr.Row():
+            port = gr.Number(label="Port", value=80)
+            request_type = gr.Textbox(label="Request Type (e.g., GET, POST)")
+            protocol = gr.Textbox(label="Protocol (e.g., HTTP, HTTPS)")
+            payload_size = gr.Number(label="Payload Size", value=200)
+            user_agent = gr.Textbox(label="User Agent (e.g., Mozilla/5.0)")
+            status = gr.Textbox(label="Status (e.g., 200, 404)")
+
+        predict_btn = gr.Button("🚀 Predict Scan Type")
+        output = gr.Textbox(label="Prediction")
+
+        def on_predict(port, request_type, protocol, payload_size, user_agent, status):
+            features = {
+                "Port": port,
+                "Request_Type": request_type,
+                "Protocol": protocol,
+                "Payload_Size": payload_size,
+                "User_Agent": user_agent,
+                "Status": status,
+            }
+            return predict_fn(pipeline, target_encoder, features)
+
+        predict_btn.click(
+            on_predict,
+            inputs=[port, request_type, protocol, payload_size, user_agent, status],
+            outputs=[output],
+        )
+
+    return demo

utils.py

@@ -0,0 +1,26 @@
+import joblib
+import pandas as pd
+
+def load_artifacts():
+    """Load the trained pipeline and target encoder."""
+    pipeline = joblib.load("models/network_logs_pipeline.joblib")
+    target_encoder = joblib.load("models/target_encoder.joblib")
+    return pipeline, target_encoder
+
+
+def predict_intrusion(pipeline, target_encoder, features: dict):
+    """
+    Predict Scan_Type from input features.
+    
+    Args:
+        pipeline: sklearn pipeline with preprocessing + model
+        target_encoder: LabelEncoder for Scan_Type
+        features: dict of input features
+
+    Returns:
+        str: Predicted Scan_Type
+    """
+    input_df = pd.DataFrame([features])  # single row DataFrame
+    pred_label = pipeline.predict(input_df)[0]
+    scan_type = target_encoder.inverse_transform([pred_label])[0]
+    return scan_type