⚡ Real-time network attack simulation + AI-powered malware classification = Cyber Defense Reinvented
DefenSys is a full-stack cyber defense platform designed to simulate real-world attacks dynamically and detect malware with deep learning precision. Built for security researchers, educators, and defenders, it blends containerized attack orchestration with image-based malware classification, all accessible via an intuitive Flask web app.
Whether you're stress-testing your NIDS or classifying suspicious binaries as malware families, DefenSys brings offensive and defensive capabilities under one powerful dashboard.
| Feature | Description |
|---|---|
| 🐍 Flask-based UI | Seamless and simple web interface for interaction |
| 🐳 Docker-powered Attacks | Launch hping3 SYN flood attacks inside isolated containers |
| 📊 Real-time Status Panel | Monitor active attack nodes and container states |
| 🧠 Deep Learning Malware Detection | Upload binary images for real-time malware family prediction |
| 🔍 Top-3 Malware Predictions | Showcases top predictions with confidence scores |
| 🔐 Binary & Multiclass Models | Combines a binary classifier with a family-level classifier |
| 🗂️ Auto-cleanup of uploads | Ensures file system hygiene post-prediction |
The DefenSys architecture consists of the following components:
- Frontend: User interface for interacting with the system
- Flask App: Backend API that handles requests and responses
- TensorFlow DL Models: Deep learning models for malware classification
- Container Management: Manages Docker containers for attack simulation (hping3 attacks)
- Malware Image Preprocessing: Preprocesses malware images for classification using ResNet/CNN models
- 3-Node IoT Simulation: Utilizes Docker containers to simulate 3 IoT nodes for testing and validation
- Python Flask – Web server and API
- Docker – Attack simulation environment
- TensorFlow/Keras – For malware classification models
- hping3 – Packet crafting and SYN flood attack tool
- OpenCV / PIL – Image preprocessing
- HTML + JS – Frontend interface (with Jinja2)
- Redis – Distributed messaging and real-time alert orchestration
- React – Optional dashboard interface for threat visualization
- Built a full-stack cyber defense system combining a Flask backend with a React dashboard for real-time threat monitoring, IP blacklisting, and visual analytics.
- Engineered a containerized IoT network using Docker to simulate distributed DDoS attacks (Apache Bench & SYN flood), enabling realistic security testing environments.
- Implemented a Redis-backed message queue for coordinated defense, enabling automated alerting, throttling, and synchronized mitigation across nodes.
- Integrated deep-learning malware classifiers (binary + multiclass) powered by TensorFlow, supporting real-time detection of 25+ malware families.
- Delivered an end-to-end system blending offensive testing (network attack simulation) and defensive intelligence (AI-powered malware analysis + IoT node protection).
- Simulate DDoS Scenarios – Great for testing your Intrusion Detection System (IDS).
- Classify Malware Types – Upload binary-represented images of malware for AI-powered analysis.
- Cybersecurity Education – Teach how different attacks are simulated and detected.
- Red vs Blue Team Exercises – Offensive and defensive tools in one.
- IoT Security Research – Evaluate attack propagation and automated defense triggers.
- Docker installed and running
- Python 3.8+
virtualenvrecommended
- Binary Classifier – CNN-based binary classifier (malicious vs benign)
- Multiclass Classifier – Classifies 25 malware families into categories like Trojan, Worm, Ransomware, etc.
Both models are trained on grayscale image representations of malware binaries.
- POST /setup-container – Initializes the Docker container
- POST /run-hping3 – Launches a SYN flood to a specified IP
- POST /stop-hping3 – Stops attack on a given IP
- GET /status – Returns current container and attack status
- POST /predict – Upload a malware binary image and get prediction
- GET /uploads/ – Access uploaded image (auto-deleted after inference)
git clone https://github.com/prabujayant/DefenSys.git
cd DefenSys
python -m venv venv
source venv/bin/activate # or venv\Scripts\activate on Windows
pip install -r requirements.txt
python app.pymodels/
├── binary_model_best.keras
└── multi_model_best.keras
| Malware Family | Category |
|---|---|
| Allaple.A | Worm |
| Fakerean | Ransomware |
| Yuner.A | Downloader |
| C2LOP.P | Adware |
| Rbot!gen | Botnet |
| Lolyda.AA3 | Backdoor |
| VB.AT | Virus |
- Python
- Docker
- TensorFlow
- Flask
- Cybersecurity