SurakshaNet

• 

  Demo attack

• 

  Log json

• 

  APT level

• 

  Dashboard

• 

  AI explanation

• 

  Blockchain hashes

• 

  Threats detected

SurakshaNet: The Immutable Sentinel

Inspiration

Imagine a bank vault. Now imagine the security logs for that vault could simply vanish. That's the chilling reality of cybersecurity today: even the most sophisticated detection systems rely on digital evidence that can be erased or tampered with by a determined attacker. Our inspiration for SurakshaNet stemmed from a core question: How can we guarantee the absolute integrity of security intelligence, making it impossible for anyone even an insider to rewrite history? We set out to build not just a detector, but a "Digital Notary" for every critical security event, ensuring forensic truth can never be compromised.

What it does

SurakshaNet is an AI-Native Cybersecurity Platform designed to provide unquestionable security intelligence and irrefutable evidence. It operates as a two-pronged defense system:

1. Intelligent Threat Detection (The "Brain"): Our core is a "Trinity" AI Ensemble, combining three mathematically distinct models: Isolation Forest, a Keras Autoencoder, and XGBoost. This heterogeneous hard-voting system isn't just looking for known signatures; it's actively learning and flagging anomalous behavior, catching sophisticated "Zero-Day" attacks that traditional tools miss. When a threat is confirmed, our system doesn't just alert; it visualizes why the AI made its decision using SHAP Explainable AI, giving analysts critical context.

2. Immutable Forensic Record (The "Vault"): Every CRITICAL alert identified by our AI is immediately hashed and permanently etched into a custom built, Proof of Work blockchain ledger. This innovative approach creates a tamper evident chain of custody for all security events, guaranteeing that once an incident is recorded, it can never be altered or deleted. Our React dashboard presents this entire workflow in real time, offering instant insights backed by cryptographic proof.

How we built it

We engineered SurakshaNet as a polyglot microservices powerhouse, leveraging the best tools for each job to create a resilient and scalable platform:

• Frontend (The Command Center): A dynamic React 18 + TypeScript dashboard, built with Vite, provides a live, intuitive interface for security analysts.
• Core AI Backend (The Intelligence Hub): Developed with Flask (Python), this service orchestrates our "Trinity" AI using TensorFlow/Keras, Scikit-learn, and XGBoost for powerful, multi-layered threat analysis.
• Blockchain Ledger (The Integrity Engine): A dedicated Node.js + Express.js microservice runs our custom Proof of Work blockchain, ensuring that critical security events are cryptographically sealed.
• Real-time Metrics (The Pulse Monitor): A high-performance FastAPI (Python) server delivers live system stats via WebSockets, keeping operators informed of resource utilization.
• Data Persistence: PostgreSQL, managed by SQLAlchemy, handles all persistent log storage.
• Automated Response: We integrated the Composio SDK to act as an agentic layer, enabling SurakshaNet to trigger real-world alerts via Slack and Gmail.

Challenges we ran into

Our journey was a deep dive into real world system integration. Orchestrating three diverse AI models, a custom blockchain, and a real-time UI into a cohesive, non-blocking system presented significant engineering puzzles:

1. The Ensemble Confluence: Harmonizing the distinct requirements of TensorFlow, Scikit-learn, and XGBoost within a single Python runtime demanded a meticulous approach to dependency management and model serialization.
2. Asynchronous Integrity: Ensuring our CPU intensive blockchain mining didn't freeze the backend API required pioneering a custom asynchronous communication pattern between our Python and Node.js services, mastering timeouts and efficient process handoffs.
3. Intelligent Alerting: Balancing the high sensitivity of our anomaly detectors with the need to prevent "alert fatigue" led us to design our unique "Trinity" voting mechanism, ensuring only high-confidence threats are escalated.

Accomplishments that we're proud of

1. The "Trinity" Validation: Witnessing our ensemble AI accurately identify complex attack patterns, with all three models converging on a CRITICAL verdict, was a profound validation of our architectural choices.
2. Explainable Security: Our integrated SHAP XAI feature transforms raw data into actionable insights, providing clear, human readable explanations for every AI driven alert. This "glass box" approach fosters invaluable trust for security analysts.
3. Live Cryptographic Proof: Successfully demonstrating the real time mining and cryptographic verification of a security event into our custom blockchain, directly from the live dashboard, represents a significant leap in forensic integrity.
4. Resilient Architecture: We are proud of building a fault tolerant, polyglot microservices system where each component can operate independently. If one part encounters an issue, the entire system gracefully degrades rather than failing completely.

What we learned

Our journey with SurakshaNet reinforced crucial lessons in building enterprise grade security solutions:

1. Architecture is Paramount: Effective AI is only as strong as the infrastructure it runs on. Robust error handling, asynchronous processing, and service decoupling are non negotiable for critical systems.
2. Context is King for AI: Anomaly detection requires more than just a good model; it demands context and explainability. Providing the "why" behind the "what" is key to analyst adoption.
3. Trust is the Ultimate Feature: In an era of sophisticated threats, the ability to provide an unquestionable, immutable record of events transcends mere detection. Data integrity is the final frontier in cybersecurity.

What's next for SurakshaNet

SurakshaNet is poised to become a cornerstone of sovereign cybersecurity. Our immediate next steps focus on scaling and operational readiness:

1. Seamless Integration: Replacing our simulator with a live Zeek/Packetbeat integration for real time, wire speed network traffic analysis.
2. Enterprise-Grade Ledger: Transitioning our Proof of Work blockchain to a high performance Private Distributed Hyperledger Fabric to meet the scalability and privacy demands of large enterprises and government entities.
3. Automated Countermeasures: Expanding our Composio integration to enable direct, automated firewall API calls (e.g., to Palo Alto, Cisco) for instantaneous threat mitigation, moving beyond simulation to real-time defense.
4. Smart Deployment: Finalizing our container orchestration (Helm Chart) for one click, secure deployments into any private cloud or on premise data center, empowering clients with full data sovereignty from day one.

Built With

• axios
• chart.js
• composio
• docker
• elasticsearch
• enabling-scaling
• express.js
• fastapi
• filebeat
• flask
• gmail
• helm
• keras
• kibana
• kubernetes
• load-balancing
• logstash
• node.js
• numpy
• pandas
• pg8000
• postgresql
• python
• react
• scikit-learn
• shap
• slack
• sqlalchemy
• strong-security
• tensorflow
• typescript
• vite
• xgboost