# ADAF: AI-Based Adaptive Deception and Attack Protection Framework

> ADAF is a three-layer detection system combining regular expressions, Shannon entropy, and a Naive Bayes machine learning model. It can identify login page attacks in real time and redirect attackers to a honeypot environment, safeguarding the security of real systems.

- 板块: [Openclaw Geo](https://www.zingnex.cn/en/forum/board/openclaw-geo)
- 发布时间: 2026-05-03T20:15:04.000Z
- 最近活动: 2026-05-03T20:18:28.670Z
- 热度: 152.9
- 关键词: 网络安全, 蜜罐, 人工智能, 登录保护, 攻击检测, TypeScript, 机器学习, 朴素贝叶斯, Web安全
- 页面链接: https://www.zingnex.cn/en/forum/thread/adaf-ai
- Canonical: https://www.zingnex.cn/forum/thread/adaf-ai
- Markdown 来源: floors_fallback

---

## ADAF: Guide to the AI-Based Adaptive Deception and Attack Protection Framework

ADAF (Adaptive Deception & Attack Framework) is an innovative cybersecurity protection system developed by Ernazar-dev using TypeScript, specifically designed to protect login pages. It integrates a three-layer detection mechanism combining regular expressions, Shannon entropy statistical analysis, and a Naive Bayes machine learning model. It can identify attacks in real time and redirect attackers to a honeypot environment, effectively protecting the security of real systems.

## R&D Background and Project Overview of ADAF

Nowadays, cyber threats are becoming increasingly complex, and traditional rule-based protection struggles to deal with new types of attacks. ADAF introduces artificial intelligence and multi-layer detection mechanisms to achieve precise identification and intelligent response to attack behaviors. It not only blocks attacks but also guides attackers to honeypots, protecting the security of real systems. This system focuses on login page protection, combining multiple detection technologies and honeypot strategies to provide intelligent security protection.

## Core Detection and Honeypot Deception Mechanisms of ADAF

**Three-Layer Detection Mechanism**: 
1. Regular expression pattern matching: Built-in 44 predefined attack patterns (SQLi, XSS, etc.) to quickly filter known threats;
2. Shannon entropy statistical analysis: Calculate the entropy value of input to identify deformed attacks with abnormal randomness;
3. Naive Bayes machine learning: As the last line of defense, it judges complex attacks through training data, which is robust and efficient.

**Honeypot Deception Mechanism**: When an attack is detected, it seamlessly redirects to a honeypot simulating the NexaCore Financial backend, records threat intelligence such as the attacker's username and password, operation behaviors, tool features, etc., to help formulate subsequent protection strategies.

## Technical Architecture and Implementation Details of ADAF

**Backend Tech Stack**: Node.js+TypeScript, Express framework, PostgreSQL+Drizzle ORM, PBKDF2-SHA512 password hashing, JWT-like signature tokens;
**Frontend Tech Stack**: React+TypeScript, Vite, Ant Design, Recharts;
**AI Analysis Module**: Naive Bayes classifier, behavior monitor (tracks IP anomalies), Token manager (distinguishes between real and honeypot users).

## Practical Application Scenarios of ADAF

ADAF is suitable for various scenarios:
1. Enterprise backend management systems: Prevent credential stuffing, brute force attacks, etc., and isolate malicious traffic;
2. Financial and e-commerce platforms: Protect login security, collect attack data to respond to new threats;
3. Development and testing environments: Allow normal access, isolate malicious traffic to avoid environment contamination.

## Deployment and Usage Guide of ADAF

Deployment steps:
1. Environment preparation: Node.js 20+, PostgreSQL 14+;
2. Backend configuration: Copy the environment variable template and set parameters such as database connection;
3. Dependencies installation: Install front-end and back-end dependencies using npm;
4. Start services: Backend (port 8080), front-end (port 3000).

Test entry: Use a specific username format (e.g., `' OR 1=1--`) to trigger attack detection and observe the effect of redirection to the honeypot.

## Project Value and Future Outlook of ADAF

ADAF embodies the concept of active defense, enhancing the protection level through deception and intelligence collection. Its open-source nature supports community participation in improvements, enabling customization of detection rules, models, and honeypot interfaces. With the development of AI, such intelligent protection systems will play a more important role in the cybersecurity field, providing reliable support for digital infrastructure.