Network Guardian AI

SRE & Systems Builder. Engineered a real-time threat interceptor for the Google Hackathon using Python and Gemini.

Comment

Inspiration

It started as a simple curiosity: "What are my apps actually doing behind my back?" I was tired of seeing thousands of blocked DNS logs in AdGuard that meant nothing to me. I wanted to know which apps were leaking my location and which "system" pings were actually stealthy trackers. I began by manually logging these in Notion, but it didn't scale. I needed a system that could think like a security analyst but work at the speed of my network.

What it does

Network Guardian AI is a real-time "behavioral audit" for your home network. It doesn't just block a domain; it analyzes why that domain is trying to talk to your device.

It grabs live DNS queries from AdGuard Home.

It runs them through a 3-stage "filter" (Math -> Machine Learning -> AI).

It logs a permanent, human-readable audit trail to Google Sheets, so you can check your network's health from your phone anywhere.

It includes a System Awareness Chat where you can ask the AI, "Why did you block that?" or "How does the Redis cache work?" and get a technical answer.

How we built it

The architecture is built for speed and privacy:

The Interceptor: AdGuard Home handles the initial DNS traffic.

The Backend: A Python (FastAPI) orchestration engine. I used Python specifically to tap into the ML ecosystem (Scikit-learn).

Layer 1 (Math): Shannon Entropy calculations to find random-looking DGA (malware) domains locally without hitting an API.

Layer 2 (ML): Isolation Forest for unsupervised anomaly detection. It doesn't need a "bad list"; it just finds traffic that looks "weird" compared to your normal habits.

Layer 3 (AI): Google Gemini 3.0 provides the final semantic verdict and plain-English explanation.

The Data Lake: Google Sheets API v4 serves as our immutable, cloud-synced database.

DevOps: Everything is containerized in Docker for easy "one-click" deployment.

Challenges we ran into

The biggest hurdle was the "Mid-Build Language Pivot." I started the skeleton in TypeScript (React/Node) In Google AI Studio but quickly realized that for deep math like Shannon Entropy and ML models like Isolation Forest, I needed the Python ecosystem So i switched to Google Antigravity. I had to "hot-swap" the entire backend logic while keeping the Docker environment stable. I also struggled with the "Cold Start" problem—teaching the Isolation Forest what "normal" looked like in a brand-new network environment without a year's worth of training data.

Accomplishments that we're proud of

Architectural Lean: I successfully cut the system down from a bulky 3-container setup to a high-performance 2-container stack.

The Memory Bank: Implementing a persistent metadata.json that allows the AI to "remember" and learn from previous network patterns.

The "Glassmorphism" UI: Building a frontend that actually looks like a professional SOC (Security Operations Center) dashboard using Tailwind CSS.

What we learned

I learned that math is faster than AI. Using Shannon Entropy to catch 80% of junk traffic locally before even calling the Gemini API saved a massive amount of latency and cost. I also learned the power of Vibe Coding—using AI to rapidly iterate on the frontend while I focused my brain-power on the Python backend logic and the ML pipeline.

What's next for Network Guardian AI

The mission is Local Sovereignty. 1. Ollama Integration: Moving the AI logic from the cloud to local LLMs (like Llama 3) so your network logs never leave your house. 2. Interactive Teaching: Letting users "thumbs up/down" a verdict to retrain the local Isolation Forest model in real-time. 3. Open Source SOC: Turning this into a "SOC-in-a-Box" for Raspberry Pi users to secure their smart homes with one command.

Built With

Share this project:

Updates