- Date: 29/06/2025
- Categories: Project
Team
Mohamed El Ghazi & Faissal Marzouki
Institution
ENSET Mohammedia – Filière Cybersécurité et Confiance Numérique (II-CCN)
Supervisor
Date
17/06/2025
Project Overview
As part of our final engineering year, we developed an AI-powered Security Operations Center (SOC) tailored for IoT environments. The objective was to detect and respond to cyber threats in real time by integrating machine learning and automated defense mechanisms into network monitoring.
This project emphasizes how artificial intelligence can enhance security in highly connected systems like smart homes, industrial IoT, and critical infrastructures.
Key Technologies Used
- Machine Learning: Gradient Boosting model (Scikit-learn)
- Real-Time Monitoring: ELK Stack (Elasticsearch, Logstash, Kibana)
- Intrusion Prevention: nftables (IPS automation)
- Dataset: CIC IDS 2018 + custom-generated IoT traffic
- Additional Tools: Suricata, Python, Numpy, Pandas
Threats Detected by Our IDS
- DDoS / DoS attacks
- Mirai botnet activity
- Spoofing (ARP, DNS)
- Reconnaissance scans (Nmap)
- Brute Force login attempts
- Web attacks (SQL injection, XSS)
- Benign/normal traffic
All traffic is parsed, analyzed, and visualized via the ELK stack, while confirmed threats are automatically mitigated using nftables-based IPS rules.
Project Outcome
This project delivered a working prototype of a smart, self-defending SOC for IoT. It showcases our ability to combine AI with cybersecurity tools to build practical, scalable defense systems. It also demonstrates our full-cycle involvement — from data collection and model training to system deployment and visualization.
Links
- ✍️ My Blog
#CyberSecurity #IoTSecurity #MachineLearning #SOC #ENSET #IDS #IPS #ELKStack #PFA #nftables #CyberDefense #FinalYearProject