DefenSys
←   Back to Home

Extending DefenSys

How to add custom detection rules, honeypots, and ML features.

Adding Custom Detection Rules

Rule-based detection lives in combinedDetectionEngine.js. Add a new method and call it from runRuleBasedDetection:

// backend/services/combinedDetectionEngine.js
detectMyCustomRule(packet) {
  // Your logic - return true if alert
  return someCondition;
}

// In runRuleBasedDetection():
if (this.detectMyCustomRule(packet)) {
  alerts.push({
    type: "my_custom_rule",
    severity: "medium",
    confidence: 0.8,
    description: "Custom rule triggered",
  });
}

Adding a New Honeypot

Edit honeyPotConfigs in honeypotManager.js:

// backend/services/honeypotManager.js
this.honeyPotConfigs = [
  // ... existing ...
  { name: "FTP Honeypot", port: 2121, service: "ftp", enabled: false },
];

// Add banner and response in generateBanner() and generateFakeResponse():
ftp: "220 ProFTPD Server ready.\r\n",
// ...
ftp: "530 Login incorrect.\r\n",

Adding ML Features

Features are defined in featureExtractor.js andml/train_model.py. Both must match:

  1. Add the feature to the features object inextractFeatures()
  2. Append to the featureVector array in the same order
  3. Add to feature_names in train_model.py
  4. Retrain the model and update metadata

Adding API Endpoints

In backend/api/server.js, add routes:

this.app.get("/api/my-endpoint", async (req, res) => {
  try {
    const data = await this.services.myService?.getData();
    res.json({ success: true, data });
  } catch (error) {
    res.status(500).json({ success: false, error: error.message });
  }
});

Expose to the frontend via IPC in main.js andpreload.js, and add types in electron.d.ts.