Skip to content

samkv2/IDS-PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.vscode
.vscode
 
 
src/main
src/main
 
 
target
target
 
 
README.md
README.md
 
 
instructions.md
instructions.md
 
 
pom.xml
pom.xml
 
 
web-interface.png
web-interface.png
 
 

Repository files navigation

Java Network Intrusion Detection System (IDS)

A lightweight, real-time Intrusion Detection System built with Java (Spring Boot) and Pcap4j. It captures network traffic directly from the network interface, analyzes packets for suspicious patterns, and displays alerts on a polished web dashboard.

IDS Dashboard

🛡️ Features & Detections

The system inspects traffic in real-time and detects the following threats:

1. SYN Flood Attack (DoS)

  • Severity: 🔴 CRITICAL
  • Detection: Flags any source IP sending more than 100 SYN packets/second.
  • Description: Detects potential Denial-of-Service attempts where an attacker floods the server to exhaust resources.

2. Cleartext Credentials

  • Severity: 🟠 HIGH
  • Detection: Scans TCP payloads for patterns like password= or pass=.
  • Description: Identifies when sensitive credentials are being transmitted without encryption (e.g., HTTP).

3. Oversized Packets (Ping of Death)

  • Severity: 🟡 MEDIUM
  • Detection: Flags any packet exceeding 1500 bytes.
  • Description: Detects malformed or atypically large packets that could cause buffer overflows or crashes.

🚀 Getting Started

Prerequisites

  • Java 17+
  • Maven (sudo apt install maven)
  • libpcap (sudo apt install libpcap-dev)
  • Root Privileges (Required for promiscuous mode packet capture)

Installation

  1. Clone/Navigate to the directory:

    cd /home/captain/Documents/AntiGravity/IDS

  2. Build the Project:

    mvn clean package -DskipTests

  3. Run the Application:

    sudo java -jar target/ids-poc-1.0.0.jar

  4. Access Dashboard: Open http://localhost:8080 in your browser.

  5. For microsfot windows: Recompile and repack it with appropriate commands.

    java -jar target/ids-poc-1.0.0.jar

🧪 How to Test / Simulate Attacks

You can trigger alerts on the dashboard by simulating attacks from a separate terminal window.

Test 1: Simulate SYN Flood

Uses nmap to send a rapid burst of SYN packets.

sudo nmap -sS -p 80 --min-rate 1000 localhost

Expectation: A CRITICAL alert "SYN Flood Detected" appears on the dashboard.

Test 2: Simulate Cleartext Password

Sends a fake login request over plain HTTP.

curl -X POST -d "username=admin&password=secret123" http://localhost:8080/test-login

Expectation: A HIGH alert "Cleartext Password Found" appears on the dashboard.

Test 3: Simulate Oversized Packet

Sends a large ICMP ping packet.

ping -s 2000 -c 1 localhost

Expectation: A MEDIUM alert "Oversized Packet" appears on the dashboard.

📁 Project Structure

  • src/main/java/com/samkv2/ids/service/PacketCaptureService.java: Pcap4j integration.
  • src/main/java/com/samkv2/ids/service/RuleEngineService.java: Threat detection logic.
  • src/main/resources/static/: Web frontend (HTML/CSS/JS).

About

A Java-based proof-of-concept IDS analyzing network packets for suspicious patterns.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages