SARAHAI-NETWORK

Introduction
SARAHAI-NIDSv6 is a Network Intrusion Detection System that employs refined “pattern-of-life” analysis using a Kernel Density Estimation (KDE) model. It offers a simple yet enhanced web-based UI, automatic dependency setup, and easy integration with a SIEM or Amazon S3.
SARAHAI-NIDSv6 references U.S. Patent No. 11,308,384 for advanced anomaly detection technologies, specifically focusing on pattern-of-life analysis—taking into account day-of-week, hour-of-day, and other features for more accurate anomaly detection.
________________________________________
2. Key Features
1. Pattern-of-Life Analysis
o Learns normal traffic behavior by incorporating day-of-week, hour-of-day, packet length, protocol, and basic IP attributes.
o Discovers anomalies via a KDE-based probability density model.
2. Enhanced UI/UX
o Dashboard for real-time traffic plots (TCP, UDP, DNS counts).
o Alerts page for viewing suspicious events.
o Report generation page for on-demand ODS reports.
3. Automated Installation
o On launch, the script attempts to install missing Python dependencies (odfpy, scapy, pandas, etc.) to simplify setup.
4. Multi-Threaded Architecture
o One thread for packet capture (via scapy).
o Another thread for packet processing and anomaly detection.
o The Flask server runs in the main thread.