ADAF: AI-Based Adaptive Deception and Attack Protection Framework

ADAF (Adaptive Deception & Attack Framework) is an innovative cybersecurity protection system developed by Ernazar-dev using TypeScript, specifically designed to protect login pages. It integrates a three-layer detection mechanism combining regular expressions, Shannon entropy statistical analysis, and a Naive Bayes machine learning model. It can identify attacks in real time and redirect attackers to a honeypot environment, effectively protecting the security of real systems.

Nowadays, cyber threats are becoming increasingly complex, and traditional rule-based protection struggles to deal with new types of attacks. ADAF introduces artificial intelligence and multi-layer detection mechanisms to achieve precise identification and intelligent response to attack behaviors. It not only blocks attacks but also guides attackers to honeypots, protecting the security of real systems. This system focuses on login page protection, combining multiple detection technologies and honeypot strategies to provide intelligent security protection.

Three-Layer Detection Mechanism:

1. Regular expression pattern matching: Built-in 44 predefined attack patterns (SQLi, XSS, etc.) to quickly filter known threats;
2. Shannon entropy statistical analysis: Calculate the entropy value of input to identify deformed attacks with abnormal randomness;
3. Naive Bayes machine learning: As the last line of defense, it judges complex attacks through training data, which is robust and efficient.

Honeypot Deception Mechanism: When an attack is detected, it seamlessly redirects to a honeypot simulating the NexaCore Financial backend, records threat intelligence such as the attacker's username and password, operation behaviors, tool features, etc., to help formulate subsequent protection strategies.

Backend Tech Stack: Node.js+TypeScript, Express framework, PostgreSQL+Drizzle ORM, PBKDF2-SHA512 password hashing, JWT-like signature tokens; Frontend Tech Stack: React+TypeScript, Vite, Ant Design, Recharts; AI Analysis Module: Naive Bayes classifier, behavior monitor (tracks IP anomalies), Token manager (distinguishes between real and honeypot users).

ADAF is suitable for various scenarios:

1. Enterprise backend management systems: Prevent credential stuffing, brute force attacks, etc., and isolate malicious traffic;
2. Financial and e-commerce platforms: Protect login security, collect attack data to respond to new threats;
3. Development and testing environments: Allow normal access, isolate malicious traffic to avoid environment contamination.

Deployment steps:

1. Environment preparation: Node.js 20+, PostgreSQL 14+;
2. Backend configuration: Copy the environment variable template and set parameters such as database connection;
3. Dependencies installation: Install front-end and back-end dependencies using npm;
4. Start services: Backend (port 8080), front-end (port 3000).

Test entry: Use a specific username format (e.g., ' OR 1=1--) to trigger attack detection and observe the effect of redirection to the honeypot.

ADAF embodies the concept of active defense, enhancing the protection level through deception and intelligence collection. Its open-source nature supports community participation in improvements, enabling customization of detection rules, models, and honeypot interfaces. With the development of AI, such intelligent protection systems will play a more important role in the cybersecurity field, providing reliable support for digital infrastructure.