
SENTINEL-X
Full-Stack Architect
Overview
Multi-Domain Threat Intelligence & Fusion Platform (23+ GitHub stars, 10 forks). An integrated educational proof-of-concept simulating situational awareness, AI-based correlation with Multi-Modal architecture, and real-time incident response across 6 domain sources (Aviation/ADS-B, Maritime/AIS, Cyber, Space, Seismic, RF/SIGINT). Features blockchain audit trail via Ethereum smart contracts, 3D globe visualization, and explainable AI threat classification.
The Problem
Organizations face a critical gap in situational awareness — threat data from aviation, maritime, cyber, space, seismic, and RF domains exists in isolated silos. Security operations centers lack an integrated platform that can fuse multi-domain intelligence in real-time, correlate cross-domain events, and provide actionable threat assessments. Traditional SIEM systems are limited to cyber data only, leaving physical and environmental threat vectors completely unmonitored.
The Solution
SENTINEL-X is a proof-of-concept platform that breaks down these silos by ingesting, normalizing, and fusing data from six critical domains into a unified threat intelligence picture. The AI Fusion Engine uses a Multi-Modal architecture with 5 specialized encoders (Conv1D + Attention) feeding into a Temporal Transformer (4 heads, 4 layers, 256 timesteps) to generate 5-level threat classifications, multi-label threat types, ETA regression, and confidence scores. An interactive 3D Globe visualization provides immersive situational awareness with real-world military base mapping, live tracks, and dynamic threat overlays.
Key Features
Multi-Domain Data Ingestion
Aggregates and normalizes intelligence from 6 major domains — Air Defense (ADS-B via OpenSky Network/ADS-B Exchange), Maritime Security (AIS NMEA parsing for dark vessel tracking), Seismic Activity (USGS earthquake monitoring), RF/SIGINT (Software-Defined Radio signal analysis), Cyber Warfare (ICS honeypots and global threat feeds), and Space/Satellite (NASA datasets and orbital monitoring).
AI Threat Fusion Engine
Multi-Modal architecture using 5 domain-specific encoders (Conv1D + Attention) feeding into a Temporal Transformer with 4 heads, 4 layers, and 256 timesteps. Generates 5-level threat classifications, multi-label threat types, predictive ETA regression, and confidence scores with full Explainable AI (XAI) reasoning chains.
Blockchain Audit Trail
Zero-trust audit logging with ThreatLedger.sol smart contract for cryptographically chained threat events, ResponseLog.sol for tamper-proof operator action logging, and IPFS integration for decentralized evidence storage (PCAP files, radar sweeps) with secure CID addressing.
Automated Incident Response
5-tier threat matrix (INFORMATIONAL > SUSPICIOUS > ELEVATED > CRITICAL > CATASTROPHIC) with YAML Playbook Engine executing automated response phases while supporting manual operator approval gates for critical actions like firewall isolation and kinetic response authorization.
Interactive 3D Globe Visualization
Powered by deck.gl with fully interactive 3D globe representation. Operators can monitor live tracks (including simulated ICBM trajectories and naval fleet movements) mapped against 60+ real-world military installations with custom WebGL space canvas featuring auroras, nebulas, and dynamic lighting.
Real-Time Tactical Dashboard
Responsive dashboard with dynamic UI theming — calm blue cyber aesthetic during normal operations, aggressive red/amber threat indicators during critical incidents with priority modal alerts and recommended playbooks.
Architecture
Microservices architecture with React frontend (Port 3000) communicating via WebSocket to FastAPI backend (Port 8000). Backend publishes to Kafka message queue which feeds into 6 domain-specific Ingestors (Air, Mar, RF, Seis, Cyber, Space), the AI Fusion Engine (PyTorch), and the Response Coordinator (Playbook Engine). All services persist to PostgreSQL (TimescaleDB), Redis, Elasticsearch, and Ethereum (Hardhat) with IPFS for decentralized storage.
How to Use
1. Clone the repository and copy .env.example to .env with 100+ configuration parameters. 2. Install dependencies with pip install -r requirements.txt. 3. Build and start all services with docker-compose build && docker-compose up -d (takes 20-30 minutes). 4. Access the tactical dashboard at http://localhost, API docs at http://localhost:8000/docs, and Grafana monitoring at http://localhost/grafana. 5. NOTE: Requires API keys from 15+ external data sources — see SETUP_REALTIME.md for complete guidance. Minimum system requirements: 8 CPU cores, 16GB RAM, 100GB SSD.
Impact & Results
Demonstrates the feasibility of a unified multi-domain threat intelligence platform. The AI Fusion Engine achieves automated cross-domain correlation with Explainable AI (XAI) providing full attention-based reasoning chains for every threat classification. The blockchain-based audit trail (ThreatLedger.sol + ResponseLog.sol smart contracts) ensures immutable incident logging via cryptographic hash chaining with IPFS-backed evidence storage. The platform successfully ingests and correlates data from OpenSky Network (aviation), AIS NMEA parsers (maritime), USGS (seismic), SDR (RF/SIGINT), ICS honeypots (cyber), and NASA satellite datasets.