explaingit

forlives/cloudsight-ai

Analysis updated 2026-05-18

84Audience · ops devopsComplexity · 4/5Setup · hard

TLDR

A security platform that analyzes encrypted IoT network traffic to detect threats like DDoS attacks and botnets, using fast and deep AI detection engines.

Mindmap

mindmap
  root((CloudSight AI))
    What it does
      Threat detection
      Encrypted traffic analysis
      MITRE ATT&CK mapping
    Tech stack
      Graph neural network
      Transformer model
    Use cases
      IoT security research
      Network forensics
      Threat classification
    Audience
      Security researchers
      Ops teams
    Status
      Demo only
      Code unreleased

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Upload a network capture file to get an automatic clean, suspicious, or malicious verdict.

USE CASE 2

Map detected threats to the MITRE ATT&CK framework for a security report.

USE CASE 3

Compare a fast lightweight detector against a deep graph-neural-network model on the same traffic.

What is it built with?

Graph Neural NetworkTransformer

How does it compare?

forlives/cloudsight-aiapex-dao/limitless-trading-botcontrollervr/yuzu-emu
Stars848484
LanguageTypeScriptC++
Setup difficultyhardeasyeasy
Complexity4/52/51/5
Audienceops devopsdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Only a browser demo and docs are public, source code and model weights are withheld until related papers publish.

In plain English

CloudSight AI is a security platform designed to detect threats in network traffic from IoT devices, which are the small connected gadgets like smart cameras, routers, and sensors that make up the "Internet of Things." A distinctive challenge with IoT traffic is that much of it is encrypted, so the platform must identify suspicious patterns without reading the content of the packets. When you upload a network capture file (a recording of raw network traffic), the platform parses it into numerical features and builds a graph showing how devices communicated. It then routes this data to one of two detection engines. The fast engine gives a verdict in under a second using a lightweight model suited to small, simple traffic samples. The deep engine takes more time and uses a combination of a graph neural network and a transformer model to analyze complex or large samples, producing a detailed report with an explanation of its findings. Users can let the platform choose automatically or override and pick an engine themselves. The output includes a verdict (clean, suspicious, or malicious), a threat radar chart, a mapping to the MITRE ATT&CK framework (a standard catalog of attack techniques), and a network forensics summary. The platform can recognize eleven categories of threat including DDoS attacks, botnet activity (Mirai, Okiru, Torii), and command-and-control traffic. It also supports an optional connection to an external AI language model API to generate a plain-language explanation of the threat. At the time of writing, this repository contains a live interactive demo and documentation only. The full source code, model weights, and training code are reserved for release after the related academic papers are published. The demo runs on built-in example data directly in the browser.

Copy-paste prompts

Prompt 1
Explain how CloudSight AI detects threats in encrypted IoT traffic without reading packet contents.
Prompt 2
Walk me through the difference between the fast engine and deep engine detection modes.
Prompt 3
What threat categories does CloudSight AI's eleven-category classifier cover?
Prompt 4
Show me the interactive demo and explain what the threat radar chart means.

Frequently asked questions

What is cloudsight-ai?

A security platform that analyzes encrypted IoT network traffic to detect threats like DDoS attacks and botnets, using fast and deep AI detection engines.

How hard is cloudsight-ai to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is cloudsight-ai for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.