Real-World DDoS Protection Framework with Docker Simulation
Aurora Shield demonstrates enterprise-level DDoS protection through complete Docker environment simulation. Built for INFOTHON 5.0, it replicates production deployment patterns locally without cloud costs.
[Attack Orchestrator]
|
v
[HTTP Flood] [Brute Force] [Normal Traffic] [Swarm/Bots]
| | | |
+------------+---------------+---------------+
|
v
<----------------- [Aurora Shield (Filter)] ----------------->
| | |
| | |
Malicious [BLOCKED] | Normal [ACCEPTED] Malicious [BLOCKED]
|
|
v
[Load Balancer (Port 8090)]
|
+-------------------+-------------------+
v v v
[CDN Node #1] [CDN Node #2] [CDN Node #3]
(Port 80) (Port 8081) (Port 8082)
- Aurora Shield Gateway (Port 8080) - Main protection engine
- Protected Web App (Port 80,8081,8082) - Application being secured
- Load Balancer (Port 8090) - Traffic distribution
- Attack Simulator(Port 5000) - Realistic threat testing
- Rule-Based Anomaly Detection: Monitors traffic patterns and identifies DDoS attacks in real-time
- Statistical Analysis: Reduces false positives using pattern recognition
- Multi-Layer Protection: IP reputation tracking, rate limiting, and behavioral analysis
- Rate Limiting: Token bucket algorithm for fair request throttling
- IP Reputation System: Dynamic scoring and automatic blacklisting
- Challenge-Response: Proof-of-work verification for suspicious clients
- Adaptive Thresholds: Adjusts protection levels based on threat severity
- Automatic Failover: Seamless switching to backup servers
- Auto-Scaling: Dynamic capacity adjustment based on load
- Traffic Redirection: CDN integration and intelligent routing
- Self-Healing: Automatic recovery from attack conditions
- Web Dashboard: Beautiful, real-time monitoring interface
- ELK Integration: Elasticsearch, Logstash, Kibana for log analysis
- Prometheus Metrics: Time-series metrics for Grafana dashboards
- Attack Simulation: Built-in tools for testing protection mechanisms
- Flask-Based Gateway: Production-ready HTTP gateway
- Nginx/HAProxy Compatible: Works with existing load balancers
- API-First Design: RESTful API for integration
- Boto3 Cloud Mock: Simulates AWS operations for testing
- Multi-Cloud Ready: Designed for AWS, Azure, GCP
- Containerized: Docker-ready for easy deployment
- Docker Desktop installed
- 8GB+ RAM available
- Ports 80, 5000, 8080, 8090, free
# Clone repository
git clone https://github.com/Anorak001/Aurora-Shield.git
cd Aurora-Shield
# Start all services (one command!)
docker-compose up -d
# Access dashboard
open http://localhost:8080/dashboard
# Login: admin/admin123# Automated client simulation
docker-compose run --rm client
# Or use dashboard buttons for manual testingaurora_shield/
├── core/ # Detection algorithms
├── mitigation/ # Protection mechanisms
├── auto_recovery/ # Self-healing logic
├── dashboard/ # Web interface
├── gateway/ # Edge protection
└── integrations/ # ELK/Prometheus
docker/
├── Dockerfile # Aurora Shield container
├── docker-compose.yml # Complete environment
├── client.py # Client simulator (formerly attack_simulator)
└── monitoring/ # ELK + Grafana configs
| Service | Purpose | URL | Credentials |
|---|---|---|---|
| Aurora Shield | Main dashboard | http://localhost:8080 | admin/admin123 |
| Protected App | Secured application | http://localhost:80 | - |
| git clone https://github.com/Anorak001/Aurora-Shield.git | |||
| cd Aurora-Shield |
pip install -r requirements.txt
pip install -e .
### Run the Dashboard
```bash
# Start Aurora Shield with web dashboard
python main.py
The dashboard will be available at http://localhost:8080
from aurora_shield.shield_manager import AuroraShieldManager
from aurora_shield.config import DEFAULT_CONFIG
# Initialize Aurora Shield
shield = AuroraShieldManager(DEFAULT_CONFIG)
# Process a request
request_data = {
'ip': '192.168.1.100',
'timestamp': time.time(),
'payload_size': 1024
}
result = shield.process_request(request_data)
if result['allowed']:
# Process the request
print("Request allowed")
else:
# Block the request
print(f"Request blocked: {result['reason']}")Aurora-Shield/
├── aurora_shield/ # Main package
│ ├── core/ # Anomaly detection engine
│ ├── mitigation/ # Rate limiting, IP reputation, challenges
│ ├── auto_recovery/ # Failover and auto-scaling
│ ├── attack_sim/ # Attack simulation tools
│ ├── integrations/ # ELK and Prometheus integrations
│ ├── gateway/ # Flask edge gateway
│ ├── dashboard/ # Web dashboard
│ ├── config/ # Configuration
│ ├── cloud_mock.py # Boto3 cloud mock
│ └── shield_manager.py # Main coordinator
├── examples/ # Example scripts
├── dashboards/ # Kibana and Grafana configs
├── main.py # Main entry point
└── requirements.txt # Dependencies
Monitors request patterns and detects anomalies based on configurable thresholds.
from aurora_shield.core.anomaly_detector import AnomalyDetector
detector = AnomalyDetector({
'request_window': 60, # Time window in seconds
'rate_threshold': 100 # Max requests per window
})
result = detector.check_request('192.168.1.100')Token bucket rate limiting for fair request throttling.
from aurora_shield.mitigation.rate_limiter import RateLimiter
limiter = RateLimiter({
'rate': 10, # Tokens per second
'burst': 20 # Max token capacity
})
result = limiter.allow_request('192.168.1.100')Tracks IP behavior and assigns reputation scores.
from aurora_shield.mitigation.ip_reputation import IPReputation
reputation = IPReputation()
# Record violations
reputation.record_violation('10.0.0.1', 'anomaly', severity=20)
# Check reputation
status = reputation.get_reputation('10.0.0.1')Automatic failover and scaling based on system metrics.
from aurora_shield.auto_recovery.recovery_manager import RecoveryManager
recovery = RecoveryManager({'max_capacity': 5})
# Assess situation
assessment = recovery.assess_situation({
'cpu_usage': 85,
'request_rate': 1500,
'error_rate': 0.15
})
# Execute recovery actions
for action in assessment['actions']:
recovery.execute_recovery(action)Run the included examples to see Aurora Shield in action:
# Basic protection example
python examples/basic_protection.py
# Attack simulation example
python examples/attack_simulation.pyThe web dashboard provides:
- Real-time Metrics: Live updates of protection status
- Attack Visualization: Visual representation of detected attacks
- IP Management: View and manage blocked/whitelisted IPs
- Control Panel: Manual controls for testing and management
- Statistics: Comprehensive system statistics
Configure Aurora Shield by modifying the config dictionary:
config = {
'anomaly_detector': {
'request_window': 60,
'rate_threshold': 100,
},
'rate_limiter': {
'rate': 10,
'burst': 20,
},
'ip_reputation': {
'initial_score': 100,
},
'recovery_manager': {
'max_capacity': 5,
}
}
shield = AuroraShieldManager(config)Aurora Shield includes attack simulation tools for testing:
from aurora_shield.attack_sim.simulator import AttackSimulator
simulator = AttackSimulator()
# Simulate HTTP flood
result = simulator.simulate_http_flood(
target='example.com',
duration=60,
requests_per_second=150
)
# Simulate distributed attack
result = simulator.simulate_distributed_attack(
target='example.com',
bot_count=100,
duration=60
)Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
- Built with Flask for web components
- Uses NumPy for ML calculations
- Boto3 integration for cloud operations
- Inspired by modern DDoS protection solutions
For issues, questions, or contributions, please open an issue on GitHub.
Made with ❤️ by the Aurora Shield Team