CASE_FILE_02 //
OPERATION:
ANTIBODY
REAL NAME: VM-Specific Intrusion Prevention System
CLASSIFICATION: autonomous response
STATUS: ARCHIVED
PERIOD: 2023 — 2024
ROLE: engineer
STACK: Python · nmap · iptables · Flask · React
the problem
Most IPS solutions are network-wide. The VM-level perspective is overlooked, and that’s where lateral movement actually happens.
the approach
A lightweight agent inside each VM. Watches for scan signatures and ping floods. Pushes blocks via iptables. Reports up to a Flask dashboard.
what was built
A working prototype. Detected and blocked common attack patterns in a controlled lab. Dashboard visualized the network state.
what was learned
Detection is binary; response is gradient. The hardest design decision was when NOT to block.