Dashboard / Repos / Llm Nids

Llm Nids

C 68 completed
Security
web_app / json · small
180
Files
372,586
LOC
2
Frameworks
8
Languages
OverviewFiles & MetricsGit ActivityCall GraphSecurityReports

Pipeline State

completed
Run ID
#353296
Phase
done
Progress
1%
Started
Finished
2026-04-13 01:31:02
LLM tokens
0

Pipeline Metadata

Stage
Cataloged
Decision
proceed
Novelty
74.67
Framework unique
Isolation
Last stage change
2026-05-10 03:35:28
Deduplication group #54704
Member of a group with 1 similar repo(s) — this repo is canonical view group →
Top concepts (2)
Project DescriptionWeb Frontend
Provenance: Repobility (https://repobility.com) — every score reproducible from /scan/

AI Prompt

Create an LLM-augmented Network Intrusion Detection System (NIDS) that analyzes NetFlow data. The system should use the Model Context Protocol (MCP) to enhance threat identification. I need to implement tools for IP Geolocation, which should return country, city, ISP, and ASN, and IP Threat Intelligence, checking against feeds like Feodo Tracker. Additionally, include functionality to query the MITRE ATT&CK Framework for specific techniques or map attacks. The system should process the CICIDS2018 NetFlow v3 dataset, which is split into development, validation, and test sets. Use Python for the core logic, especially for the MCP server and analysis scripts.
python llm nids netflow security mcp react json machine-learning
Generated by gemma4:latest

Catalog Information

An LLM‑augmented network intrusion detection system that analyzes NetFlow data to identify and classify security threats using external intelligence and reasoning.

Description

This system processes NetFlow records to detect and classify network intrusions by combining external intelligence tools—IP geolocation, threat reputation, and MITRE ATT&CK mapping—with large‑language‑model reasoning. It uses a Model Context Protocol server to orchestrate these tools and generate context‑aware threat assessments and explanations. The solution is designed for security analysts and network engineers who need deeper insight into anomalous traffic patterns. It addresses the lack of actionable context in traditional NIDS by providing human‑readable explanations and prioritization. The project demonstrates how LLMs can enhance detection accuracy and operational efficiency.

الوصف

يعمل هذا النظام على تحليل سجلات NetFlow لتحديد وتصنيف التهديدات الأمنية باستخدام نماذج اللغة الكبيرة. يعتمد على أدوات خارجية مثل تحديد موقع العناوين IP، والتحقق من سمعة العناوين، ومطابقة سلوك الشبكة مع إطار MITRE ATT&CK. يدمج هذه البيانات مع استنتاجات معتمدة على الذكاء الاصطناعي لتقديم تقييمات مفصلة للتهديدات. يهدف النظام إلى مساعدة محللي الأمن على فهم السياق وتحديد أولويات التهديدات بسرعة. يحل مشكلة نقص التفسيرات الدقيقة في أنظمة كشف التسلل التقليدية. يميز نفسه بقدرة LLM على توضيح الأسباب وتقديم توصيات قابلة للتنفيذ.

Novelty

8/10

Tags

network-security intrusion-detection anomaly-detection threat-intelligence ip-geolocation mitre-att&ck-mapping llm-reasoning netflow-analysis

Technologies

anthropic chromadb flask numpy pandas

Claude Models

claude-opus-4.6

Quality Score

C
67.7/100
Structure
64
Code Quality
72
Documentation
78
Testing
70
Practices
50
Security
72
Dependencies
60

Strengths

  • Good test coverage (53% test-to-source ratio)
  • Consistent naming conventions (snake_case)

Weaknesses

  • No LICENSE file \u2014 legal ambiguity for contributors
  • No CI/CD configuration \u2014 manual testing and deployment
  • 2 files with critical complexity need refactoring
  • Potential hardcoded secrets in 2 files
  • 1258 duplicate lines detected \u2014 consider DRY refactoring
  • 3 'god files' with >500 LOC need decomposition

Recommendations

  • Set up CI/CD (GitHub Actions recommended) to automate testing and deployment
  • Add a linter configuration to enforce code style consistency
  • Add a LICENSE file (MIT recommended for open source)
  • Move hardcoded secrets to environment variables or a secrets manager

Security & Health

8.1h
Tech Debt (A)
A
OWASP (100%)
PASS
Quality Gate
A
Risk (0)
Repobility — the code-quality scanner for AI-generated software · https://repobility.com
Unknown
License
5.6%
Duplication
Full Security Report AI Fix Prompts SARIF SBOM

Languages

json
93.9%
markdown
2.8%
python
2.3%
javascript
1.0%
xml
0.0%
shell
0.0%
text
0.0%
html
0.0%

Frameworks

React Vite

Concepts (2)

Analysis by Repobility (https://repobility.com) · MCP-ready
CategoryNameDescriptionConfidence
Repobility · code-quality intelligence · https://repobility.com
auto_descriptionProject Description> A thesis project exploring LLM-augmented network intrusion detection using Model Context Protocol (MCP) and the CICIDS2018 dataset.80%
auto_categoryWeb Frontendweb-frontend70%

Quality Timeline

1 quality score recorded.

View File Metrics

Embed Badge

Add to your README:

![Quality](https://repos.aljefra.com/badge/77409.svg)
Quality BadgeSecurity Badge
Export Quality CSVDownload SBOMExport Findings CSV