What if your server could defend itself?
That's the question that drove me to build SHARD — a fully autonomous cybersecurity system that detects attacks, generates real-time defense rules, blocks hackers, and predicts their next move. All without a security team. All without human intervention.
The Problem
Every day, thousands of servers are attacked. SQL injections, brute force attempts, DDoS floods, ransomware. Small businesses can't afford enterprise SIEM solutions like Splunk or Palo Alto ($50,000+/year). They need something that just works — automatically.
I decided to build it.
What SHARD Does
When an attacker hits your server:
- 13 honeypots detect the connection (SSH, MySQL, Redis, MongoDB, FTP, etc.)
- XGBoost ML model classifies the attack type (13 types, 100% accuracy)
- Seq2Seq Transformer (5.35M parameters) generates unique iptables/WAF rules
- RL DQN Agent decides: block permanently? block temporarily? throttle?
- VAE Anomaly Detector checks if this is a zero-day attack
- GNN Threat Graph maps the attacker's connections
- Temporal GNN predicts their next target
- Multi-Modal Fusion combines all 8 signals into one threat score
- Telegram/Slack notification is sent immediately
- Everything is logged and the attacker is blocked
The Numbers
| Metric | Value |
|---|---|
| Neural Networks | 10 |
| Attack Classification Accuracy | 100% |
| RL Decision Accuracy | 100% |
| Anomaly Detection Rate | 91.2% |
| Defense Actions (1 hour test) | 4,000+ |
| RL Decisions (1 hour test) | 8,000+ |
| Throughput | 870 packets/sec |
| Honeypots | 13 |
Tech Stack
- PyTorch for deep learning models
- XGBoost for attack classification
- Docker for one-command deployment
- Swagger for API documentation
- pytest for testing (11/11 passing)
- Telegram API for notifications
Try It Yourself
bash
git clone https://github.com/misha622/shard-siem
cd shard-siem
docker build -t shard-siem .
docker run -d --name shard -p 8080:8080 -p 5001:5001 shard-siem
Top comments (0)