A comprehensive machine learning framework for cyber-risk prediction using network traffic analysis on the CICIDS 2017 dataset. This project detects network intrusions, classifies attack types, and provides risk assessment for cybersecurity analysts.

• 🔍 Detect malicious network activities from traffic flow data
• 🎯 Classify network traffic into Normal vs Attack categories
• 📊 Map prediction probabilities to actionable risk levels (Low/Medium/High)
• 🤖 Provide explainable AI insights using SHAP
• 📈 Deliver real-time analysis through an interactive dashboard

CyberRiskPrediction/
│
├── 📂 data/
│   ├── raw/                 # Original CICIDS 2017 CSV files
│   ├── processed/           # Cleaned and feature-engineered data
│   └── README.md
│
├── 📂 notebooks/
│   ├── 01_data_exploration.ipynb
│   ├── 02_preprocessing.ipynb
│   ├── 03_feature_engineering.ipynb
│   ├── 04_model_training.ipynb
│   └── 05_evaluation_and_shap.ipynb
│
├── 📂 src/
│   ├── data_preprocessing.py    # Data cleaning and preparation
│   ├── feature_engineering.py   # Feature selection and creation
│   ├── train_model.py           # Model training pipeline
│   ├── evaluate.py              # Model evaluation metrics
│   ├── risk_mapping.py          # Probability to risk conversion
│   ├── shap_explain.py          # SHAP explainability
│   └── utils.py                 # Utility functions
│
├── 📂 models/              # Saved trained models
├── 📂 dashboard/           # Streamlit web application
├── 📂 results/             # Evaluation plots and reports
├── 📂 logs/                # Training logs
│
├── requirements.txt
├── run_dashboard.bat       # Windows dashboard launcher
├── run_pipeline.bat        # Full pipeline runner
└── README.md

• 🐍 Python 3.8 or higher
• 🪟 Windows 10/11 (for .bat scripts)
• 💾 8GB+ RAM recommended

1. Clone the repository

git clone https://github.com/yourusername/CyberRiskPrediction.git
cd CyberRiskPrediction

2. Create virtual environment

python -m venv venv
venv\Scripts\activate

3. Install dependencies

pip install -r requirements.txt

4. Download CICIDS 2017 Dataset
   • Download from: CICIDS 2017
   • Place CSV files in data/raw/ directory

Option 1: Run Complete Pipeline

run_pipeline.bat

Option 2: Run Individual Steps

python src/data_preprocessing.py
python src/feature_engineering.py
python src/train_model.py
python src/evaluate.py
python src/shap_explain.py

run_dashboard.bat

Or:

streamlit run dashboard/app.py

• Source: Canadian Institute for Cybersecurity
• Records: 2.8+ million network flows
• Features: 80+ network traffic attributes
• Attack Types: DDoS, Port Scan, Brute Force, Web Attacks, etc.

def map_to_risk(probability):
    """Map prediction probability to risk level"""
    if probability < 0.25:
        return "🟢 Low"
    elif probability < 0.60:
        return "🟡 Medium"
    else:
        return "🔴 High"

• 🔍 Real-time Predictions: Upload network logs for instant analysis
• 📊 Risk Visualization: Interactive charts and gauges
• ⚡ Batch Processing: Analyze multiple records at once
• 🤖 Explainability: SHAP-based feature explanations
• 📥 Export Results: Download predictions as CSV

• Problem statement
• Objectives
• Scope

• Related work
• Existing solutions

• Data collection
• Preprocessing
• Feature engineering
• Model selection

• System architecture
• Algorithm details
• Dashboard design

• Performance metrics
• Comparison analysis
• Risk assessment

• Key findings
• Future work

Edit risk thresholds in src/risk_mapping.py:

risk_thresholds = {
    'low': 0.25,
    'medium': 0.60,
    'high': 1.0
}

1. Sharafaldin, I., et al. (2018). "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization"
2. CICIDS 2017 Dataset Documentation
3. XGBoost Documentation
4. SHAP Library Documentation

• Your Name - Developer

This project is licensed under the MIT License - see the LICENSE file for details.