Simple IDS

Inspiration

We noticed that most small web developers don’t have the time or expertise to set up enterprise intrusion detection tools. They’re left staring at raw logs, trying to guess if they’re under attack. We wanted to make intrusion detection as simple and approachable as running a dev server.

What it does

Simple-IDS is a lightweight host-based intrusion detection system. It watches your app’s logs and applies simple detection rules (brute force, SQL injection, XSS, port scans). Instead of confusing logs, it produces plain-language alerts that everyday developers can understand right away.

How we built it • Four-service architecture using Docker Compose: • Demo App (Flask web app) • IDS-Proxy (detection + alerting logic) • Dashboard (Flask/JS UI with alerts feed + graphs) • Attack-Sim (simulates brute force, SQL injection, etc.) • Python + Flask for app + proxy + dashboard • JSON logs flowing through the proxy → persisted + streamed → rendered in real time on the dashboard

Challenges we ran into • Getting all four services to communicate cleanly over Docker networking • Translating raw logs into human-readable messages without losing important detail • Debugging cross-origin (CORS) issues between the dashboard and proxy • Keeping the system lightweight but still flexible for new rules

Accomplishments that we’re proud of • Built a working end-to-end IDS pipeline in <48 hours • Dashboard that updates in real time with alerts you don’t need a SOC analyst to decode • Dockerized stack that anyone can run locally with one command • Learned a lot about balancing simplicity vs. realism in security projects

What we learned • The hardest part isn’t detection — it’s making security accessible to people without a security background • How to design a system pipeline and break work into small, independent services • A crash course in Docker networking, Flask APIs, and CORS fixes 😅

What’s next for Simple-IDS • Add more detection rules (e.g., anomaly-based detection, rate limiting, ML-based signatures) • Deploy on the cloud with Kubernetes + autoscaling proxies • Build plug-and-play support for common frameworks (Node.js, Django, Rails) • Make it a “security for devs” starter pack that’s truly production-ready

Built With

Submitted to

SteelHacks XII
- Winner Cybersecurity

Created by

Dockerized the different services and Implemented demo app endpoints and integrated services so the dashboard proxy attack sim snd demo app stream data end to end. This was my first time using flask, i used it to build the HTTP request handlers, the logging and health checks, and learned a lot about web APIs and inter-service communication during the process.

Justin Hong
I did mainly the ids proxy part. I chose SQL injection, brute force/spraying, and port scanning as 3 most common type of cyberattacks. And I made, revised and tested the logic and functionality of the proxy.

chrisyang-gg Yang
I worked on the attack simulations that run on the server, including port scanner, sql injection, and brute force.

James Widmer
piotr-poch123

Updates

Justin Hong started this project — Sep 21, 2025 10:58 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.