A Python-based network security monitoring tool for detecting and logging suspicious network activity patterns.
- Real-time connection monitoring
- Detection of high-frequency connection attempts
- Unusual port access monitoring
- Suspicious pattern tracking
- Automated security reporting
- Detailed event logging
git clone https://github.com/dewitt4/network-security-monitor
cd network-security-monitor
pip install -r requirements.txt
Required dependencies:
- Python 3.8+
- pandas
- socket
- logging
Basic implementation:
from network_security_monitor import NetworkSecurityMonitor
# Initialize the monitor
monitor = NetworkSecurityMonitor()
# Monitor a connection
monitor.monitor_connection(
source_ip="192.168.1.100",
dest_port=80,
timestamp=datetime.datetime.now()
)
# Generate security report
report = monitor.generate_report()
print(report)
# Get suspicious activity summary
summary = monitor.get_suspicious_activity_summary()
print(summary)
The monitor tracks several types of suspicious patterns:
- Repeated authentication failures
- Connections to unusual ports (non-standard ports)
- High-frequency connection attempts (>5 requests/second)
Logs are stored in security_monitor.log
with the following format:
YYYY-MM-DD HH:MM:SS - LEVEL - MESSAGE
- This tool is for defensive monitoring only
- Ensure proper access controls for log files
- Regularly review and backup security reports
- Configure firewall rules to allow monitoring traffic
- Implement secure storage for IP addresses
- Fork the repository
- Create a feature branch
- Implement changes with tests
- Submit a pull request
MIT License - See LICENSE file for details.
For bugs and features, open an issue on the GitHub repository.
This tool is for legitimate security monitoring only. Users are responsible for complying with applicable laws and regulations regarding network monitoring.