Back to Table of Contents

The Cybersecurity Project Handbook: 32 Hands-On Projects for Offensive, Defensive & Emerging Domains

Project Chapter 5

Chapter 5 — DefenX

Based on: SIH1741 — Context-Aware Firewall (Indian Space Research Organization - ISRO)
Skills required: Defensive security, Network security, Deep packet inspection (DPI), Firewall configuration, Python, Linux networking

Project Description

DefenX is an AI-powered cyber defense firewall designed to enforce dynamic, context-aware security policies at the network layer. Unlike traditional static firewalls, DefenX analyzes application and user context, protocol states, and anomaly scores to dynamically allow, block or throttle network flows. It combines deep packet inspection, policy engines, and machine learning to provide real-time adaptive defense against network attacks and unauthorized access while maintaining performance and usability.

Tech Stack & Tools

  • Python and C (core firewall and DPI engine)
  • Linux Netfilter/iptables or nftables extension modules
  • eBPF for deep visibility and filtering
  • Scapy for packet crafting/testing
  • TensorFlow/PyTorch for anomaly detection models
  • Prometheus/Grafana for metrics and monitoring
  • React or Vue.js for dashboard interface

Week-wise Roadmap (10 Weeks)

Week 1 — Project Setup & Network Baseline

  • Set up development environment (Linux VM/Kali).
  • Capture and analyze baseline network traffic patterns.
  • Research existing firewall solutions and DPI engines.
  • Deliverable: Documented network baseline with traffic profiles.

Week 2 — DPI Module Development

  • Develop protocol-aware deep packet inspection module (HTTP, DNS, TLS).
  • Implement packet parsing, flow reconstruction, and metadata extraction.
  • Create test harnesses with Scapy to validate DPI accuracy.
  • Deliverable: Working DPI module with test suite.

Week 3 — Contextual Policy Engine

  • Design policy definitions incorporating user, time, protocol, and prior behavior context.
  • Implement lightweight policy engine capable of real-time decision making.
  • Deliverable: Prototype policy engine with programmable context rules.

Week 4 — Integration with Linux Firewall

  • Integrate DPI and policy engine with Netfilter framework (iptables or nftables).
  • Enable packet filtering and flow redirection based on policy decisions.
  • Deliverable: Linux kernel-level firewall extension working in controlled tests.

Week 5 — Anomaly Detection ML Model

  • Collect anomaly-labeled traffic samples.
  • Train ML models (autoencoders, supervised classifiers) for network anomaly detection.
  • Integrate ML inference for dynamic threat scoring in policy engine.
  • Deliverable: ML-powered anomaly detection module.

Week 6 — Adaptive Mitigation Actions

  • Develop mitigation actions: connection reset, throttling, honeypot redirection, alert generation.
  • Tie mitigation to policy engine output and anomaly scores.
  • Deliverable: Mitigation action framework with policy linkage.

Week 7 — Dashboard & Alerting Interface

  • Build React/Vue UI for firewall monitoring, rule management, and alert visualization.
  • Implement backend API for real-time data feeding.
  • Deliverable: Interactive firewall control and monitoring dashboard.

Week 8 — Performance Optimization

  • Perform profiling and optimization on DPI and policy engine modules.
  • Implement asynchronous batching, caching, and eBPF offloading where possible.
  • Deliverable: Enhanced firewall with increased throughput and low latency.

Week 9 — Testing & Red Team Evaluation

  • Test firewall against various attack vectors (DDoS, port scanning, protocol fuzzing).
  • Conduct red team exercises to identify bypasses and performance issues.
  • Deliverable: Testing report and hardening recommendations.

Week 10 — Documentation & Deployment

  • Write detailed system documentation (installation, configuration, customization).
  • Containerize components and create deployment guides for on-prem and cloud setups.
  • Final demo with self-contained lab environment.
  • Deliverable: Complete deployable solution with documentation and demo assets.

Testing & Deliverables

  • Setup continuous testing pipelines on testbenches simulating real-world traffic.
  • Validate ML model precision/recall and mitigation accuracy.
  • Deliver full code repository, kernel module artifacts, training data, documentation, and video demo walkthrough.