DefenSys
←   Back to Home

Architecture Overview

DefenSys is built as an Electron desktop app with a Node.js backend, React frontend, and optional Python ML subprocess. This page describes how components connect.

High-Level Flow

┌─────────────────────────────────────────────────────────────────┐
│  ELECTRON MAIN PROCESS (main.js)                                   │
│  - Window management, IPC bridge                                  │
│  - Spawns backend services                                        │
└─────────────────────────────────────────────────────────────────┘
         │
         │ IPC (preload.js exposes electronAPI)
         ▼
┌─────────────────────────────────────────────────────────────────┐
│  REACT FRONTEND (frontend/)                                       │
│  - Dashboard, Alerts, Traffic, Settings, etc.                       │
│  - Calls window.electronAPI.* for data & actions                  │
└─────────────────────────────────────────────────────────────────┘

         ▲ Backend services (backend/)
         │
┌────────┴────────────────────────────────────────────────────────┐
│  PACKET CAPTURE → ANALYTICS → DETECTION ENGINE → ML             │
│  realPacketCapture   realTimeAnalytics   combinedDetectionEngine │
│  (netstat/tcpdump)   (aggregates)        (rules + ML)            │
│                                 │                                │
│                                 ▼                                │
│                      MLInferenceService (Python or JS)            │
│                      FeatureExtractor (20-D vector)              │
└─────────────────────────────────────────────────────────────────┘
         │
         ▼
┌─────────────────────────────────────────────────────────────────┐
│  ALERT MANAGEMENT → FIREWALL → REST API (port 3000)              │
│  - Store alerts in SQLite                                         │
│  - Block IPs via Windows Firewall / iptables                      │
│  - Serve mobile app & external tools                              │
└─────────────────────────────────────────────────────────────────┘

Key Components

  • main.js – Electron entry, creates window, initializes services, connects IPC handlers to backend
  • preload.js – Context bridge for IPC. Exposes electronAPI to renderer
  • backend/services/ – Detection engine, ML service, feature extractor, firewall, honeypots, analytics, etc.
  • backend/api/server.js – Express REST API for mobile app
  • db/ – SQLite database (alerts, traffic, threats)

Packet Flow

  1. Packet capture emits raw packet data
  2. Analytics processes for stats (packets, bytes, connections)
  3. Feature extractor builds 20-D vector
  4. Combined detection engine: rules + ML inference
  5. If alert: store in DB, emit to frontend, optionally block IP

External Integrations

  • Landing / Web API – Separate Next.js app and Node/Prisma API on port 3001. Handles Clerk auth, license keys.
  • Mobile App – React Native (Expo). Connects to desktop REST API.