An automated, proactive cyber defense framework — India's "Iron Dome" for its digital borders.
India's Critical Information Infrastructure (CII) — spanning power grids, healthcare systems (e.g., AIIMS), and massive digital public goods like UPI — faces unprecedented, state-sponsored cyber threats. The existing defense posture has three foundational gaps:
| Gap | Description |
|---|---|
| Reactive & Siloed Defense | An attack on a telecom network in Mumbai does not automatically protect a hospital in Delhi. Threat intelligence remains isolated across institutions and sectors. |
| The Privacy Roadblock | Under the DPDP Act 2023, sharing raw network or user data between public and private sector entities to hunt threats is legally complex and high-risk. |
| The Talent Deficit | India faces a severe shortage of skilled Security Operations Center (SOC) analysts, leaving systems overwhelmed by millions of daily alerts with no scalable resolution. |
Chakravyuh is an automated, proactive defense framework that shifts the paradigm from merely blocking threats to predicting, trapping, and neutralizing them.
How it solves the problem:
-
Decentralized Intelligence AI models are trained locally at each institution (bank, hospital, power node). Only the learned patterns — never raw data — are shared with the government hub. This completely bypasses privacy and compliance risks.
-
Active GenAI Deception Instead of relying on static firewalls, Chakravyuh uses Generative AI to instantly spin up highly realistic, fake server environments. When attackers breach the perimeter, they are lured into and studied within these controlled traps.
-
Autonomous Auto-SOC A localized Large Language Model (LLM) acts as an AI security analyst — automatically resolving low-level alerts and translating complex threat data into plain-language dashboards accessible to non-technical officials.
Chakravyuh is designed for zero-trust, high-speed threat mitigation across geographically distributed edge nodes.
┌─────────────────────────────────┐
│ Edge Nodes (Hospitals / Banks) │
│ Local Anomaly Detection Model │
└────────────────┬────────────────┘
│ Cryptographic Weights Only
▼
┌─────────────────────────────────────────┐
│ Federated Aggregation Engine │
│ (CERT-In / NCIIPC Hub) │
│ Updates Global Defense Model │
└──────────┬──────────────────────────────┘
│ Breach Detected
▼
┌───────────────────────────────────────┐
│ Generative Trap Controller │
│ Spins up isolated Docker containers │
│ filled with synthetic GenAI data │
└──────────┬────────────────────────────┘
│ Threat Telemetry (Kafka Stream)
▼
┌───────────────────────────────────────┐
│ Response Microservices / Auto-SOC │
│ Automated Isolation + LLM Analysis │
└───────────────────────────────────────┘
Core Flow:
- Edge Nodes — Lightweight anomaly detection models run locally on incoming network traffic at hospitals, banks, and critical infrastructure.
- Federated Aggregation Engine — Only cryptographic model weights (threat patterns) are transmitted to the central CERT-In/NCIIPC hub, updating a shared global defense model without moving any sensitive raw data.
- Generative Trap Controller — On detecting a breach, the controller automatically provisions isolated Docker containers populated with synthetic, GenAI-crafted data to distract and study the malware.
- Response Microservices — Threat data captured from the trap is streamed via messaging queues to the Auto-SOC, which triggers automated isolation scripts and escalates critical threats.
Built entirely on open-source, locally hosted tools to ensure performance, sovereignty, and zero dependency on foreign commercial APIs.
| Domain | Technologies |
|---|---|
| Federated Learning & ML | Flower (flower.ai) / PySyft, PyTorch for deep learning anomaly detection |
| Graph Threat Mapping | Neo4j (Graph Database) + Graph Neural Networks (GNNs) to visualize lateral attacker movement across infrastructure |
| GenAI & Auto-SOC | Ollama / vLLM running open-weight models (Llama-3, Mistral) — fully local, no external API calls |
| Backend & Streaming | Rust / Go for ultra-fast, memory-safe network log parsing; Apache Kafka for real-time telemetry streaming |
| Deception Infrastructure | Kubernetes + Docker for dynamic orchestration of honeypot environments |
1. 100% DPDP Compliant by Design Federated Learning ensures that zero raw personal or institutional data ever leaves its host network. Chakravyuh shares intelligence, not data — making it legally sound under the Digital Personal Data Protection Act 2023.
2. Dynamic, Not Static, Defense Traditional honeypots are easily identified and bypassed by modern malware. Chakravyuh's GenAI deception grids adapt in real-time, generating environments that are indistinguishable from production systems.
3. Force Multiplier for Cyber Teams The localized Auto-SOC autonomously handles up to 80% of alert fatigue, freeing human security experts to focus exclusively on zero-day and high-level strategic threats.
4. Sovereign Architecture Designed entirely on open-source, locally hosted infrastructure. The core defense logic has no reliance on foreign cloud APIs, ensuring national data sovereignty and resilience against supply-chain attacks.
| Resource | Link |
|---|---|
| Documentation | Project Documentation |
| Live Demo Video | Coming soon — Demo of the GenAI Trap working in action |
- Flower Federated Learning Framework — flower.ai
- Local LLM Deployment — ollama.com
This project's architecture and data-handling design has been conceptually mapped to:
- CERT-In Cyber Security Directions (2022) — Compliance with mandatory incident reporting and infrastructure protection guidelines issued by the Indian Computer Emergency Response Team.
- Digital Personal Data Protection Act (2023) — Federated Learning ensures no raw personal or institutional data is transmitted, aligning with DPDP's data minimization and purpose limitation principles.