Quick Links
πŸ“– Swagger UI Interactive API docs πŸ“š ReDoc API reference πŸ“Š Grafana Monitoring dashboards πŸ”₯ Prometheus Metrics explorer πŸ™ GitHub Source code πŸ“ Documentation Full docs
API Endpoints
πŸ”
Detection Service :8001
POST /api/v1/predict Classify network flow
POST /api/v1/predict/batch Batch prediction
GET /api/v1/model/info Current model info
GET /health Health check
🏷️
Labeling Service :8002
GET /api/v1/queue Get labeling queue
GET /api/v1/sample/{id} Get sample details
POST /api/v1/label Submit label
GET /api/v1/similar/{id} Find similar samples
GET /api/v1/stats Labeling statistics
πŸš€
Deployment Service :8003
GET /api/v1/models List all models
POST /api/v1/deploy Deploy model
POST /api/v1/canary/increment Increase canary traffic
POST /api/v1/rollback Rollback deployment
Architecture
πŸ“‘ Hubble (Cilium eBPF)
↓
πŸ“₯ Flow Collector
↓
βš™οΈ Feature Extractor
↓
🧠 ML Model (XGBoost)
↓
βœ“ Clean
⚠ Queue
βœ• Block
↓
πŸ’Ύ PostgreSQL
↓
πŸ“Š Prometheus + Grafana
ML Features (12)
1
method_encoded
categorical
2
status_code_int
numeric
3
source_encoded
categorical
4
count_normalized
numeric
5
endpoint_depth
numeric
6
has_api
boolean
7
has_auth
boolean
8
is_sensitive_file
boolean
9
is_error_status
boolean
10
is_server_error
boolean
11
log_count
numeric
12
relative_freq
numeric
Classification Thresholds
ATTACK
SUSPICIOUS
CLEAN
0.0 0.3 0.8 1.0
Attack
score < 0.3 BLOCK + ALERT
Suspicious
0.3 ≀ score < 0.8 QUEUE for review
Clean
score β‰₯ 0.8 PASS
Request Example
curl 
curl -X POST "http://localhost:8001/api/v1/predict" \
  -H "Content-Type: application/json" \
  -d '{
    "source": "frontend-pod",
    "target": "backend-api:8080",
    "method": "POST",
    "path": "/api/users/search",
    "status_code": 200,
    "request_body": {"query": "admin"},
    "timestamp": "2024-12-19T14:32:17Z"
  }'
Response Schema
{
"id": string required
"classification": enum [clean, suspicious, attack]
"score": float [0.0, 1.0]
"confidence": float [0.0, 1.0]
"attack_type": string | null
"explanation": {
"shap_values": object
"top_features": array
"text": string
}
"latency_ms": integer
"model_version": string
}
Tech Stack
ML / AI
🌲 XGBoost
πŸ“Š SHAP
🐼 Pandas
πŸ”’ NumPy
Backend
⚑ FastAPI
🐍 Python 3.11
πŸ”„ Uvicorn
βœ… Pydantic
Storage
🐘 PostgreSQL
πŸ”΄ Redis
πŸ“¦ MinIO (S3)
Infrastructure
☸️ Kubernetes
🐳 Docker
πŸ”’ Cilium
πŸ”­ Hubble
Monitoring
πŸ”₯ Prometheus
πŸ“ˆ Grafana
πŸ”” Alertmanager
CI/CD
πŸ™ GitHub Actions
πŸ“¦ Helm
πŸ”„ ArgoCD