Welcome to the ML_Cybersec wiki!
ML_Cybersec is a collection of machine learning implementations focused on cybersecurity use cases. This repository explores how supervised and unsupervised learning can be applied to detect threats, classify attacks, and enhance defensive strategies in modern digital environments.
This repository includes:
- 🔍 Anomaly Detection – Unsupervised learning for intrusion detection
- 🛡️ Malware Classification – ML models trained on malware behavior/data
- 🌐 Network Traffic Analysis – Feature extraction and classification of network flows
- 📊 Visualization Tools – For exploring datasets and model predictions
- 🔧 Model Evaluation Pipelines – Accuracy, confusion matrix, ROC, etc.
-
Clone the repository:
git clone https://github.com/mngugi/ML_Cybersec.git cd ML_Cybersec -
(Optional) Create a virtual environment:
python -m venv venv source venv/bin/activate -
Install dependencies:
pip install -r requirements.txt
-
Run a notebook or script inside
notebooks/ormodels/:jupyter notebook
notebooks/Anomaly_Detection.ipynb– Isolation Forest and One-Class SVMnotebooks/Malware_Classifier.ipynb– Using Random Forest and XGBoostnotebooks/Traffic_Feature_Extraction.ipynb– Parsing PCAP or NetFlow datasetsmodels/train_model.py– CLI training for selected datasets
Some examples include:
- NSL-KDD
- CICIDS 2017
- Custom malware samples
Note: Datasets not bundled due to size. See data/README.md for download links.
- Feature engineering (e.g., packet size stats, flags)
- Label encoding and normalization
- Train/test split, cross-validation
- Confusion matrix, ROC-AUC, precision-recall
- Model export via
joblib
Contributions are welcome! You can:
- Improve or optimize models
- Add support for new datasets
- Suggest new detection techniques
Fork the repo and open a pull request when ready.
This project is licensed under the MIT License.
Open Developer Tools:
Right-click anywhere on the webpage and select Inspect or press Ctrl+Shift+I (Windows/Linux) or Cmd+Option+I (Mac).
Go to the Console:
Once the Developer Tools are open, navigate to the Console tab. Insert and Run Code:
You can type or paste JavaScript code into the console and press Enter to run it.
Code:
alert("Hello, Some code inserted! 👍🏿 ");
Below is a few steps that can be deployed to enhance web security:
1. Content Security Policy (CSP)
Implementing a CSP helps mitigate Cross-Site Scripting (XSS) and other injection attacks by controlling what resources the browser can load.
Add this to the <head> section:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'">This policy allows resources (scripts, styles) only from your domain ('self') and prevents the loading of untrusted objects and scripts from third-party sources.
2. XSS Prevention To prevent Cross-Site Scripting (XSS), make sure you sanitize and validate all user inputs. If you are going to accept user input in future forms or fields, ensure that you escape or filter any user-generated content before rendering it on the page.
JavaScript Security Practices:
Avoid using innerHTML for content insertion as it may expose you to XSS attacks. Use textContent or innerText instead for plain text insertion.
Example:
document.getElementById('msg').textContent = 'Current tasks:';3. Use HTTPS Ensure that your website is served over HTTPS to encrypt communication between your server and the user's browser, preventing man-in-the-middle attacks. If you are not already using it, configure your server to support HTTPS.
4. Secure Cookies (If Applicable)
If you're using cookies for session management in the future, ensure they are set with the HttpOnly, Secure, and SameSite attributes to prevent them from being accessed via JavaScript or sent in cross-site requests.
Example:
Set-Cookie: sessionId=abc123; HttpOnly; Secure; SameSite=Strict;
5. JavaScript Best Practices
Strict Mode: You already have 'use strict'; in place, which is great. This helps catch common coding mistakes and unsafe actions.
Avoid Inline JavaScript: You're already loading external JavaScript (app.js) rather than including inline script tags, which is good security practice. Keep scripts in external files and apply a CSP to restrict the sources.
6. Refine CSP for External Resources If your site ever uses external resources (e.g., Google Fonts, CDN libraries), you can refine the CSP to allow specific sources:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src https://fonts.googleapis.com; script-src 'self'; style-src 'self' https://fonts.googleapis.com;">7. Anti-CSRF Tokens (If applicable) For forms and any user input that modifies server-side data, implement Cross-Site Request Forgery (CSRF) protection by generating and validating CSRF tokens.