Add time-aware traffic logger and auto-retrain system

- Log traffic features with timestamps to CSV every 5s - Add hour_sin/hour_cos time features (15 → 17 feature vector) - Auto-retrain from traffic log at configurable interval (default 24h) - Detect old 15-feature models and switch to learning mode - SIGUSR1 now retrains from traffic log first, falls back to collect mode - Add CLI: `ai traffic` (time-bucketed summary), `ai log` (recent entries) - Add config keys: traffic_log_file, retention_days, retrain_window Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 10:14:07 +09:00
parent 667c6eac81
commit 11c1ab0134
3 changed files with 337 additions and 10 deletions
--- a/config/config.yaml
+++ b/config/config.yaml
@@ -65,6 +65,11 @@ ai:
  anomaly_threshold: -0.16  # sklearn decision_function threshold

  # Retraining
-  retrain_interval: 604800  # 7 days in seconds
+  retrain_interval: 86400   # auto-retrain interval (seconds, default 24h)
+  retrain_window: 86400     # data range for retrain (most recent N seconds)
  model_file: /var/lib/xdp-defense/ai_model.pkl
  training_data_file: /var/lib/xdp-defense/training_data.csv
+
+  # Traffic logging
+  traffic_log_file: /var/lib/xdp-defense/traffic_log.csv
+  traffic_log_retention_days: 7  # days to keep traffic log data