luoyue789/sm4_detection — explained in plain English
Analysis updated 2026-05-18
Train and evaluate an ML model for detecting anomalies in SM4-encrypted network flows without decrypting traffic
Deploy a cloud-native microservice pipeline for real-time encrypted traffic monitoring using Docker Compose and Kafka
Set up a Kubernetes DaemonSet probe to detect suspicious encrypted traffic on every node in a cluster
Use the Flask dashboard to visualize intrusion detection alerts from live or replayed campus network traffic
| luoyue789/sm4_detection | rulyone/simple-react-agent | bvzrays/forza-painter-fh6 | |
|---|---|---|---|
| Stars | 104 | 103 | 106 |
| Language | Python | Python | Python |
| Setup difficulty | hard | easy | moderate |
| Complexity | 5/5 | 2/5 | 3/5 |
| Audience | researcher | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Requires Kubernetes or Docker Compose, Kafka, Prometheus, and GPU access for model training.
SM4 is a symmetric encryption standard widely used in Chinese government and commercial networks. This repository is a research and engineering prototype for detecting network intrusions inside SM4-encrypted traffic flows, where reading packet contents directly is not possible. The project is written in Python and includes a web-based dashboard for monitoring detection results. The detection method works by extracting statistical features from the encrypted data itself rather than inspecting what the data says. After simulating encryption using SM4-GCM on network traffic samples from public datasets, the system computes features such as entropy, statistical distribution moments, byte-length ratios, and frequency-domain values. A deep learning binary classifier is then trained on these features to separate normal traffic from anomalous flows. Training used the UNSW-NB15 public dataset, with cross-dataset testing on TON-IoT to check how well the model generalizes. The project extends this offline research pipeline into three production-ready deployment paths. The first is a batch analysis workflow for replaying captured packet files from a real campus network. The second is a cloud-native microservice pipeline using Docker Compose, where separate services handle capture, feature extraction, graph construction, detection, and alerting, and communicate over Kafka with metrics tracked in Prometheus and Grafana. The third is a Kubernetes DaemonSet that places a detection probe on every node in a cluster, using the Kubernetes API to map network addresses to pod and service identities. A Flask API serves a situational-awareness dashboard that shows detection statistics and alerts in near real time. This project would be most useful to researchers or security engineers working on intrusion detection in networks that use the SM4 cipher, and who want a system that operates without decrypting the traffic. The entire README is written in Chinese. The repository does not state a license.
A Python research prototype that detects network intrusions inside SM4-encrypted traffic using statistical features and deep learning, deployable via Docker or Kubernetes.
Mainly Python. The stack also includes Python, PyTorch, Flask.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.