whatisgithub

What is sm4_detection?

luoyue789/sm4_detection — explained in plain English

Analysis updated 2026-05-18

104PythonAudience · researcherComplexity · 5/5Setup · hard

In one sentence

A Python research prototype that detects network intrusions inside SM4-encrypted traffic using statistical features and deep learning, deployable via Docker or Kubernetes.

Mindmap

mindmap
  root((SM4 detection))
    What it does
      Detects intrusions
      Encrypted traffic
      No decryption needed
    Features extracted
      Entropy
      Length ratios
      FFT statistics
    Deployment paths
      Offline batch
      Docker microservices
      Kubernetes probes
    Output
      Flask dashboard
      Alert feed
      Grafana metrics
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Train and evaluate an ML model for detecting anomalies in SM4-encrypted network flows without decrypting traffic

USE CASE 2

Deploy a cloud-native microservice pipeline for real-time encrypted traffic monitoring using Docker Compose and Kafka

USE CASE 3

Set up a Kubernetes DaemonSet probe to detect suspicious encrypted traffic on every node in a cluster

USE CASE 4

Use the Flask dashboard to visualize intrusion detection alerts from live or replayed campus network traffic

What is it built with?

PythonPyTorchFlaskDockerKubernetesKafkaPrometheusGrafana

How does it compare?

luoyue789/sm4_detectionrulyone/simple-react-agentbvzrays/forza-painter-fh6
Stars104103106
LanguagePythonPythonPython
Setup difficultyhardeasymoderate
Complexity5/52/53/5
Audienceresearcherdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires Kubernetes or Docker Compose, Kafka, Prometheus, and GPU access for model training.

So what is it?

SM4 is a symmetric encryption standard widely used in Chinese government and commercial networks. This repository is a research and engineering prototype for detecting network intrusions inside SM4-encrypted traffic flows, where reading packet contents directly is not possible. The project is written in Python and includes a web-based dashboard for monitoring detection results. The detection method works by extracting statistical features from the encrypted data itself rather than inspecting what the data says. After simulating encryption using SM4-GCM on network traffic samples from public datasets, the system computes features such as entropy, statistical distribution moments, byte-length ratios, and frequency-domain values. A deep learning binary classifier is then trained on these features to separate normal traffic from anomalous flows. Training used the UNSW-NB15 public dataset, with cross-dataset testing on TON-IoT to check how well the model generalizes. The project extends this offline research pipeline into three production-ready deployment paths. The first is a batch analysis workflow for replaying captured packet files from a real campus network. The second is a cloud-native microservice pipeline using Docker Compose, where separate services handle capture, feature extraction, graph construction, detection, and alerting, and communicate over Kafka with metrics tracked in Prometheus and Grafana. The third is a Kubernetes DaemonSet that places a detection probe on every node in a cluster, using the Kubernetes API to map network addresses to pod and service identities. A Flask API serves a situational-awareness dashboard that shows detection statistics and alerts in near real time. This project would be most useful to researchers or security engineers working on intrusion detection in networks that use the SM4 cipher, and who want a system that operates without decrypting the traffic. The entire README is written in Chinese. The repository does not state a license.

Copy-paste prompts

Prompt 1
I want to train an anomaly detection model on SM4-encrypted traffic using the SM4_detection project. Explain how the feature extraction pipeline works and what inputs the binary classifier expects.
Prompt 2
Walk me through deploying the SM4_detection Docker Compose microservice pipeline. What services run, how do they connect via Kafka, and how do I view alerts in Grafana?
Prompt 3
How do I set up the SM4_detection Kubernetes DaemonSet probe? What does it need from the Kubernetes API, and how does it map IP addresses to pod identities?
Prompt 4
I have a PCAP file from a campus network. How do I run it through the SM4_detection offline batch pipeline and view the results in the Flask dashboard?

Frequently asked questions

What is sm4_detection?

A Python research prototype that detects network intrusions inside SM4-encrypted traffic using statistical features and deep learning, deployable via Docker or Kubernetes.

What language is sm4_detection written in?

Mainly Python. The stack also includes Python, PyTorch, Flask.

How hard is sm4_detection to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is sm4_detection for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.