5andeepNambiar/ai-threat-intelligence-platform

# AI-Threat Intelligence Platform An AI-powered cybersecurity platform that detects malicious API requests, analyzes attack patterns, and generates remediation recommendations using LLMs, event-driven microservices, and distributed system architecture. # Overview This project simulates a real-world enterprise API security monitoring platform capable of: The system is designed using scalable backend engineering principles inspired by production-grade distributed systems. # Architecture Angular Dashboard ↓ Spring Boot Gateway ↓ Kafka Event Pipeline ↓ FastAPI AI Analysis Service ↓ Ollama Local LLM ↓ PostgreSQL + Redis # Tech Stack ## Frontend - Angular - TypeScript - Angular Material ## Backend - Java - Spring Boot - Spring Data JPA - Kafka ## AI Service - Python - FastAPI - Ollama - Llama3 ## Infrastructure - PostgreSQL - Redis - Docker - Docker Compose # Features ## Security Threat Detection - SQL Injection Detection - XSS Detection - Brute Force Detection - Suspicious Payload Analysis - Threat Severity Classification ## AI-Powered Analysis - LLM-based threat classification - AI-generated remediation recommendations - Payload explanation engine - Intelligent attack summarization ## Distributed System Design - Event-driven architecture using Kafka - Asynchronous threat processing - Modular microservices - Scalable backend services ## Dashboard & Analytics - Threat monitoring dashboard - Severity analytics - Attack timeline visualization - Historical threat inspection # System Design Goals This project focuses on: - scalable architecture - low-latency processing - production-ready engineering practices - modular service design - AI systems integration - distributed systems concepts - backend scalability # Folder Structure genai-api-security-analyzer/ │ ├── backend-gateway/ │ ├── ai-analysis-service/ │ ├── frontend-dashboard/ │ ├── docker-compose.yml │ └── README.md # Microservices ## 1. Backend Gateway (Spring Boot) Responsible for: - receiving API traffic - request validation - Kafka event publishing - database persistence - threat APIs ### Responsibilities - REST APIs - PostgreSQL integration - Kafka producer - request orchestration ## 2. AI Analysis Service (FastAPI) Responsible for: ### Responsibilities - Ollama integration - LLM prompting - threat analysis - async processing ## 3. Angular Dashboard Responsible for: - threat visualization - analytics dashboards - monitoring UI - attack inspection ### Responsibilities - charts - tables - threat views - analytics # Database Schema ## api_requests | Column | Type | |---|---| | id | UUID | | endpoint | VARCHAR | | method | VARCHAR | | payload | TEXT | | created_at | TIMESTAMP | ## threat_analysis | Column | Type | |---|---| | id | UUID | | request_id | UUID | | threat_type | VARCHAR | | severity | VARCHAR | | ai_summary | TEXT | | remediation | TEXT | | confidence_score | FLOAT | | created_at | TIMESTAMP | # API Endpoints ## Submit Payload POST /api/analyze ### Request { "endpoint": "/login", "method": "POST", "payload": "admin' OR 1=1 --" } ## Get Threats GET /api/threats ## Get Threat Details GET /api/threats/{id} # Kafka Event Flow API Request ↓ Spring Boot Gateway ↓ Kafka Topic ↓ AI Analysis Service ↓ Threat Classification ↓ Database Storage ↓ Angular Dashboard # AI Pipeline API Payload ↓ Prompt Construction ↓ LLM Analysis ↓ Threat Classification ↓ Remediation Generation ↓ Threat Storage # Running the Project # 1. Clone Repository git clone # 2. Start Infrastructure docker compose up -d This starts: - PostgreSQL - Redis - Kafka # 3. Run Ollama Install: https://ollama.com/ Run model: ollama run llama3 # 4. Start AI Service cd ai-analysis-service python -m venv venv venv\Scripts\activate pip install -r requirements.txt uvicorn app.main:app --reload # 5. Start Spring Boot Backend cd backend-gateway mvn spring-boot:run # 6. Start Angular Frontend cd frontend-dashboard npm install ng serve # Future Improvements ## Planned Enhancements - JWT authentication - Redis caching - Threat scoring engine - pgvector integration - Semantic attack similarity search - Kubernetes deployment - Prometheus monitoring - Grafana dashboards - CI/CD pipelines - Rate limiting - API gateway integration # Learning Goals This project demonstrates: - distributed systems - backend engineering - event-driven architecture - AI systems engineering - scalable microservices - cybersecurity concepts - asynchronous processing - production architecture - full-stack development # Why This Project Matters Modern applications increasingly require: - AI integration - scalable backend systems - cybersecurity tooling - event-driven architecture This project combines all of these into a single production-style engineering platform.

标签：域名枚举