Browsing by Author "Muhammad Zeeshan Zahid, Sunain Aijaz, Muhammad Bilal, Owais Ahmad Khan and Abdul Moeez Ali"

Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    Sentinel hive
    (UMT, Lahore, 2025) Muhammad Zeeshan Zahid, Sunain Aijaz, Muhammad Bilal, Owais Ahmad Khan and Abdul Moeez Ali
    In the modern world of the constantly changing threat, cyberattacks are growing more advanced, widespread, and autonomous. The conventional reactive security systems have in most instances been ineffective in terms of real-time intrusion detection and active protection. Sentinel Hive is a predictive cybersecurity platform it seeks to fill this gap by analyzing the data which honeypots generate, with sophisticated machine learning models that model, detect, classify and predict malicious activity. To speed up the process, the system collects and processes the high volume of network traffic logs of various honeypot sensors, which are SSH, Redis, ADB, DDoS, and Log4Shell etc., the ones that mimic real-world attack vectors. To provide high level detection and classification of threats, Sentinel Hive takes advantage of four of the latest machine learning models Random Forest, XGBoost, LightGBM (LGBM) Classifier, and CatBoost. XGBoost was the best-performing of these and recorded a classification percentage of more than 99.4, followed by the rest.In addition to real-time identification, the system can also predict the behavior, that is, prompting the next probable move of the attacker depending on the already detected patterns. The predictions enable the security analysts to work ahead and prevent the threats before they can grow. The platform is provided through a safe and interactive web interface that is built on Flask and contemporary technologies in the frontend. It has file uploading functionality, visual threat dashboards, user-based login and data segregation based on the company, and automatically generated PDF threat reports. The user data is encrypted and is therefore, assured of privacy and compliance. During extensive testing related to the development of the solution, such as unit, integration, performance and security tests, Sentinel Hive proved to be stable, scalable, and viable in the real world. It was able to run up to 500,000 rows of data, provide predictions in the span of seconds, and went through security auditing with no serious vulnerabilities with OWASP-based security auditing. The feedback of users (cybersecurity professionals and students) highly appreciated the platform based on their opinions regarding the usability, readability, and their practical applications. To sum up, Sentinel Hive is an astonishing combination of honeypot data analytics with machine learning, which provides predictive capabilities to Security Operations Centers (SOCs). It allows more to be done to prevent attacks with a move to predictive threat detection and establishes the platform upon which future smart automated cybersecurity platforms are to be built.