Problem Statement
Modern web applications and critical cloud infrastructures are bombarded by thousands of automated cyberattacks every minute, exposing three fatal flaws in current security tools:
Alert Fatigue: Standard security tools act as passive alarms, overwhelming human teams with logs but doing nothing to stop the threat.
The Reaction Delay: The time gap between detecting an attack and a human engineer manually blocking the malicious IP creates a massive window for data theft.
Static Honeypot Evasion: Smart automated bots instantly recognize static, unchanging decoy servers, shifting their tactics to find real vulnerabilities instead.
The Proposed Solution
We built an Autonomous Threat Deception & Active Mitigation Fabric that shifts cybersecurity from passive monitoring to automated defense through a three-tier architecture:
Explainable AI Detection (The Brain): A live backend integrated with a trained XGBoost classifier that categorizes network threats (DDoS, Brute Force, Exploits) in real time, using SHAP explainability to instantly map out why a request was flagged.
Kernel-Level Active Shield (The Defense): The millisecond a high-severity threat is confirmed, the system completely bypasses human intervention, executing automated scripts to trigger a live, kernel-level iptables firewall block on the host VPS.
Dynamic LLM Honeypot (The Trap): Instead of just dropping connections, sophisticated attackers are silently rerouted to an isolated deception middleware router. The system dynamically generates unique, changing fake responses on the fly to trap the attacker, exhaust their resources, and safely map their techniques on an intelligence dashboard.