import { useState, useEffect, useMemo } from 'react'; import { useNavigate } from 'react-router-dom'; import DataTable, { Column } from './ui/DataTable'; import { TIPS } from './ui/tooltips'; // ─── Types ──────────────────────────────────────────────────────────────────── interface MLAnomaly { ip: string; ja4: string; host: string; hits: number; fuzzing_index: number; hit_velocity: number; temporal_entropy: number; is_fake_navigation: boolean; ua_ch_mismatch: boolean; sni_host_mismatch: boolean; is_ua_rotating: boolean; path_diversity_ratio: number; anomalous_payload_ratio: number; asn_label: string; bot_name: string; attack_type: string; } interface RadarData { ip: string; fuzzing_score: number; velocity_score: number; fake_nav_score: number; ua_mismatch_score: number; sni_mismatch_score: number; orphan_score: number; path_repetition_score: number; payload_anomaly_score: number; } interface ScatterPoint { ip: string; ja4: string; fuzzing_index: number; hit_velocity: number; hits: number; attack_type: string; } // ─── Helpers ────────────────────────────────────────────────────────────────── function formatNumber(n: number): string { return n.toLocaleString(navigator.language || undefined); } function attackTypeEmoji(type: string): string { switch (type) { case 'brute_force': return '🔑'; case 'flood': return '🌊'; case 'scraper': return '🕷️'; case 'spoofing': return '🎭'; case 'scanner': return '🔍'; default: return '❓'; } } function attackTypeColor(type: string): string { switch (type) { case 'brute_force': return '#ef4444'; case 'flood': return '#3b82f6'; case 'scraper': return '#a855f7'; case 'spoofing': return '#f97316'; case 'scanner': return '#eab308'; default: return '#6b7280'; } } function fuzzingBadgeClass(value: number): string { if (value >= 200) return 'bg-threat-critical/20 text-threat-critical'; if (value >= 100) return 'bg-threat-high/20 text-threat-high'; if (value >= 50) return 'bg-threat-medium/20 text-threat-medium'; return 'bg-background-card text-text-secondary'; } // ─── Sub-components ─────────────────────────────────────────────────────────── function LoadingSpinner() { return (
); } function ErrorMessage({ message }: { message: string }) { return (
⚠️ {message}
); } // ─── Radar Chart (SVG octagonal) ───────────────────────────────────────────── const RADAR_AXES = [ { key: 'fuzzing_score', label: 'Fuzzing', tip: TIPS.fuzzing }, { key: 'velocity_score', label: 'Vélocité', tip: TIPS.velocity }, { key: 'fake_nav_score', label: 'Fausse nav', tip: TIPS.fake_nav }, { key: 'ua_mismatch_score', label: 'UA/CH mismatch', tip: TIPS.ua_mismatch }, { key: 'sni_mismatch_score', label: 'SNI mismatch', tip: TIPS.sni_mismatch }, { key: 'orphan_score', label: 'Orphan ratio', tip: TIPS.orphan_ratio }, { key: 'path_repetition_score', label: 'Répétition URL', tip: TIPS.path_repetition }, { key: 'payload_anomaly_score', label: 'Payload anormal', tip: TIPS.payload_anomaly }, ] as const; type RadarKey = typeof RADAR_AXES[number]['key']; function RadarChart({ data }: { data: RadarData }) { const size = 280; const cx = size / 2; const cy = size / 2; const maxR = 100; const n = RADAR_AXES.length; const angleOf = (i: number) => (i * 2 * Math.PI) / n - Math.PI / 2; const pointFor = (i: number, r: number): [number, number] => { const a = angleOf(i); return [cx + r * Math.cos(a), cy + r * Math.sin(a)]; }; // Background rings (at 25%, 50%, 75%, 100%) const rings = [25, 50, 75, 100]; const dataPoints = RADAR_AXES.map((axis, i) => { const val = Math.min((data[axis.key as RadarKey] ?? 0), 100); return pointFor(i, (val / 100) * maxR); }); const polygonPoints = dataPoints.map(([x, y]) => `${x},${y}`).join(' '); return ( {/* Background rings */} {rings.map((r) => { const pts = RADAR_AXES.map((_, i) => { const [x, y] = pointFor(i, (r / 100) * maxR); return `${x},${y}`; }).join(' '); return ( ); })} {/* Axis lines */} {RADAR_AXES.map((_, i) => { const [x, y] = pointFor(i, maxR); return ( ); })} {/* Data polygon */} {/* Data dots */} {dataPoints.map(([x, y], i) => ( ))} {/* Axis labels — survolez pour la définition */} {RADAR_AXES.map((axis, i) => { const [x, y] = pointFor(i, maxR + 18); const anchor = x < cx - 5 ? 'end' : x > cx + 5 ? 'start' : 'middle'; return ( {axis.tip} {axis.label} ); })} {/* Percentage labels on vertical axis */} {rings.map((r) => { const [, y] = pointFor(0, (r / 100) * maxR); return ( {r} ); })} ); } // ─── Scatter plot ───────────────────────────────────────────────────────────── function ScatterPlot({ points }: { points: ScatterPoint[] }) { const [tooltip, setTooltip] = useState<{ ip: string; type: string; x: number; y: number } | null>(null); const W = 600; const H = 200; const padL = 40; const padB = 30; const padT = 10; const padR = 20; const maxX = 350; const maxY = 1; const toSvgX = (v: number) => padL + ((v / maxX) * (W - padL - padR)); const toSvgY = (v: number) => padT + ((1 - v / maxY) * (H - padT - padB)); // X axis ticks const xTicks = [0, 50, 100, 150, 200, 250, 300, 350]; const yTicks = [0, 0.25, 0.5, 0.75, 1.0]; return (
setTooltip(null)} > {/* Grid lines */} {xTicks.map((v) => ( ))} {yTicks.map((v) => ( ))} {/* X axis */} {xTicks.map((v) => ( {v} ))} {TIPS.fuzzing_index} Fuzzing Index → {/* Y axis */} {yTicks.map((v) => ( {v.toFixed(2)} ))} {/* Data points */} {points.map((pt, i) => { const x = toSvgX(Math.min(pt.fuzzing_index, maxX)); const y = toSvgY(Math.min(pt.hit_velocity, maxY)); const color = attackTypeColor(pt.attack_type); return ( setTooltip({ ip: pt.ip, type: pt.attack_type, x, y })} /> ); })} {/* Tooltip */} {tooltip && ( {tooltip.ip} {attackTypeEmoji(tooltip.type)} {tooltip.type} )}
); } // ─── Anomalies DataTable ───────────────────────────────────────────────────── function AnomaliesTable({ anomalies, selectedIP, onRowClick, }: { anomalies: MLAnomaly[]; selectedIP: string | null; onRowClick: (row: MLAnomaly) => void; }) { const columns = useMemo((): Column[] => [ { key: 'ip', label: 'IP', render: (v: string, row: MLAnomaly) => ( {v} ), }, { key: 'host', label: 'Host', render: (v: string) => ( {v || '—'} ), }, { key: 'hits', label: 'Hits', align: 'right', render: (v: number) => formatNumber(v), }, { key: 'fuzzing_index', label: 'Fuzzing', tooltip: TIPS.fuzzing_index, align: 'right', render: (v: number) => ( {Math.round(v)} ), }, { key: 'attack_type', label: 'Type', tooltip: 'Type d\'attaque détecté : Brute Force 🔑, Flood 🌊, Scraper 🕷️, Spoofing 🎭, Scanner 🔍', render: (v: string) => ( {attackTypeEmoji(v)} ), }, { key: '_signals', label: 'Signaux', tooltip: '⚠️ UA/CH mismatch · 🎭 Fausse navigation · 🔄 UA rotatif · 🌐 SNI mismatch', sortable: false, render: (_: unknown, row: MLAnomaly) => ( {row.ua_ch_mismatch && ⚠️} {row.is_fake_navigation && 🎭} {row.is_ua_rotating && 🔄} {row.sni_host_mismatch && 🌐} ), }, ], [selectedIP]); return (
); } // ─── Main Component ─────────────────────────────────────────────────────────── export function MLFeaturesView() { const navigate = useNavigate(); const [anomalies, setAnomalies] = useState([]); const [anomaliesLoading, setAnomaliesLoading] = useState(true); const [anomaliesError, setAnomaliesError] = useState(null); const [scatter, setScatter] = useState([]); const [scatterLoading, setScatterLoading] = useState(true); const [scatterError, setScatterError] = useState(null); const [selectedIP, setSelectedIP] = useState(null); const [radarData, setRadarData] = useState(null); const [radarLoading, setRadarLoading] = useState(false); const [radarError, setRadarError] = useState(null); useEffect(() => { const fetchAnomalies = async () => { try { const res = await fetch('/api/ml/top-anomalies?limit=50'); if (!res.ok) throw new Error('Erreur chargement des anomalies'); const data: { items: MLAnomaly[] } = await res.json(); setAnomalies(data.items ?? []); } catch (err) { setAnomaliesError(err instanceof Error ? err.message : 'Erreur inconnue'); } finally { setAnomaliesLoading(false); } }; const fetchScatter = async () => { try { const res = await fetch('/api/ml/scatter?limit=200'); if (!res.ok) throw new Error('Erreur chargement du scatter'); const data: { points: ScatterPoint[] } = await res.json(); setScatter(data.points ?? []); } catch (err) { setScatterError(err instanceof Error ? err.message : 'Erreur inconnue'); } finally { setScatterLoading(false); } }; fetchAnomalies(); fetchScatter(); }, []); const loadRadar = async (ip: string) => { if (selectedIP === ip) { setSelectedIP(null); setRadarData(null); return; } setSelectedIP(ip); setRadarLoading(true); setRadarError(null); try { const res = await fetch(`/api/ml/ip/${encodeURIComponent(ip)}/radar`); if (!res.ok) throw new Error('Erreur chargement du radar'); const data: RadarData = await res.json(); setRadarData(data); } catch (err) { setRadarError(err instanceof Error ? err.message : 'Erreur inconnue'); } finally { setRadarLoading(false); } }; return (
{/* Header */}

🤖 Analyse Features ML

Visualisation des features ML pour la détection d'anomalies comportementales.

{/* Main two-column layout */}
{/* Left: anomalies table */}

Top anomalies

{anomaliesLoading ? ( ) : anomaliesError ? (
) : ( loadRadar(row.ip)} /> )}
{/* Right: Radar chart */}

Radar ML {selectedIP ? — {selectedIP} : ''}

{!selectedIP ? (
Cliquez sur une IP
pour afficher le radar
) : radarLoading ? (
) : radarError ? ( ) : radarData ? ( <>
) : null}
{/* Scatter plot */}

Nuage de points — Fuzzing Index × Vélocité

{scatterLoading ? ( ) : scatterError ? ( ) : ( <> {/* Legend */}
{['brute_force', 'flood', 'scraper', 'spoofing', 'scanner'].map((type) => ( {attackTypeEmoji(type)} {type} ))}
)}
); }