Real-time Security Anomaly Detection System powered by AI.

Securify AI is a modern, event-driven security platform that ingests high-velocity logs, detects anomalies in real-time using Machine Learning, and visualizes threats on a live dashboard.

The system follows a microservices architecture powered by Redis Streams for asynchronous communication.

graph TD
    subgraph "External World"
        User[User/Attacker]
        Gen[Data Generator]
    end

    subgraph "Securify AI Platform"
        Ingest[Event Ingest API]
        Redis[(Redis Streams)]
        ML[ML Anomaly Service]
        DB[(PostgreSQL)]
        Dash[Security Dashboard]
    end

    User -->|Login/File Access| Ingest
    Gen -->|Mock Traffic| Ingest
    Ingest -->|1. Push Event| Redis
    Ingest -->|Persist| DB
    
    Redis -->|2. Consume| ML
    ML -->|3. Detect Anomaly| ML
    ML -->|4. Report Threat| Ingest
    
    Dash -->|5. Fetch Anomalies| Ingest

• High-Performance Ingestion: FastAPI-based ingestion layer capable of handling high throughput.
• AI-Powered Detection: Uses Isolation Forests / Statistical models to detect anomalous login patterns and file access.
• Event-Driven: Fully asynchronous processing using Redis Streams.
• Live Dashboard: Interactive Streamlit dashboard for Security Operations Centers (SOC).
• Secure by Design: JWT Authentication enforced for all internal and external communication.
• Dockerized: Ready to deploy with a single command.

• Services: Python, FastAPI, Streamlit
• ML Engine: Scikit-learn, Pandas
• Broker: Redis (Streams)
• Database: PostgreSQL
• Infrastructure: Docker Compose, Kubernetes (Manifests included)

• Docker and Docker Compose installed.
• (Optional) Python 3.10+ for local development.

git clone https://github.com/Shafiyullah/securify-ai.git

cd securify-ai

Create a .env file in the root directory. You can copy the example below:

POSTGRES_PASSWORD=password
JWT_SECRET_KEY=secret-key

Security Note: Never commit your .env file. The JWT_SECRET_KEY is used to sign tokens for internal service communication.

Build and start all services:

docker-compose --env-file .env up --build

Access the services:

• Dashboard: http://localhost:8501
• API Docs: http://localhost:8000/docs

Open http://localhost:8501

• Username: admin
• Password: password

The project includes a data generator to simulate traffic (logins, file changes). It runs automatically in Docker, but you can trigger it manually:

Run inside the generator container

docker-compose exec data-generator python generate.py

As the generator sends data:

1. Ingest Service receives logs.
2. ML Service analyzes them in the background.
3. If a "Brute Force" attack or "Suspicious File Access" is detected, it appears on the Dashboard.

├── automation/          # Data generators and tests
├── infrastructure/      # K8s manifests and deploy scripts
├── services/
│   ├── event-ingest-stream/  # FastAPI Ingestion Service
│   ├── ml-anomaly-service/   # ML Worker (Redis Consumer)
│   └── security-dashboard/   # Streamlit UI
├── docker-compose.yml   # Local orchestration
└── .gitignore           # Git ignore rules

Contributions are welcome! Please follow these steps:

1. Fork the repo.
2. Create a feature branch (git checkout -b feature/amazing-feature).
3. Commit your changes.
4. Open a Pull Request.

Distributed under the MIT License. See LICENSE for more information.