This is a submission for the Redis AI Challenge: Real-Time AI Innovators.
What I Built
RediGuard is an innovative AI-powered cybersecurity platform that leverages Redis 8 as its real-time data layer to provide intelligent threat detection, anomaly analysis, and conversational security insights. Going far beyond simple chatbots, RediGuard combines multiple cutting-edge AI techniques with Redis 8's advanced features to create a comprehensive security monitoring solution that processes, analyzes, and responds to security events in real-time.
The system processes security events in real-time, applies AI-powered anomaly detection using Isolation Forest algorithms, and uses vector similarity search to correlate related threats. It features a modern dashboard that provides security analysts with immediate visibility into potential threats, complete alert management workflows, and comprehensive Redis 8 performance monitoring.
π Key Features
Real-Time Threat Detection Engine
- ML-powered anomaly detection using Isolation Forest algorithms
- Geographic impossibility detection for suspicious login patterns
- Behavioral embedding analysis for user pattern recognition
- Real-time risk scoring with dynamic thresholds
AI-Powered Security Assistant
- Conversational AI interface with contextual security awareness
- Instant threat explanations with business-friendly language
- Interactive threat analysis directly embedded in alert cards
- Security context-aware responses using current system data
Advanced Analytics Dashboard
- Real-time visualization of security events and trends
- Interactive alert management with AI-enhanced explanations
- User behavior analytics with vector similarity search
- Geographic anomaly detection with time-series analysis
Intelligent Data Processing
- Real-time streaming of security events through Redis Streams
- Vector similarity search for behavioral pattern matching
- Time-series analytics for trend identification
- JSON-based complex data structures for rich alert metadata
Demo
π Github Repo: https://github.com/ajitpdevops/rediguard
π Application: Frontend runs on http://localhost:3000 with backend API at http://localhost:8000
Screenshots
Here is the demo I uploaded on Youtube
Demo Video Features
- Real-Time Processing: Watch as login events stream through Redis and trigger immediate AI analysis
- Vector Search in Action: See how user behavioral patterns are matched using cosine similarity
- Conversational AI: Ask the security assistant about current threats and receive contextual responses
- Instant Threat Analysis: Click "Explain" on any alert to get AI-powered business-friendly explanations
How I Used Redis 8
RediGuard showcases Redis 8's most advanced AI-focused capabilities in a real-world security monitoring scenario:
π Redis Search with Vector Similarity
Behavioral Embedding Analysis:
# Create vector index for behavior embeddings
self._exec(
"FT.CREATE", "embeddings_idx",
"ON", "HASH",
"PREFIX", "1", "embeddings:",
"SCHEMA",
"user_id", "TEXT",
"timestamp", "NUMERIC",
"embedding", "VECTOR", "HNSW", "6",
"TYPE", "FLOAT32",
"DIM", "128",
"DISTANCE_METRIC", "COSINE"
)
Impact: Enables real-time behavioral pattern matching to detect when users deviate from their normal activity patterns. The HNSW algorithm provides sub-millisecond similarity search across thousands of user behavioral vectors.
π Redis TimeSeries for Anomaly Tracking
Real-Time Risk Scoring:
# Store anomaly scores with automatic retention
self._exec("TS.CREATE", f"anomaly_scores:{user_id}",
"RETENTION", "604800000", # 1 week
"LABELS", "user_id", user_id)
# Add real-time score updates
self._exec("TS.ADD", f"anomaly_scores:{user_id}",
timestamp, anomaly_score)
Impact: Tracks user risk scores over time, enabling trend analysis and early threat detection. Automatic data retention ensures optimal performance while maintaining historical context.
π Redis Search for Complex Alert Queries
Advanced Alert Indexing:
# JSON-based alert indexing for complex queries
self._exec(
"FT.CREATE", "alerts_idx",
"ON", "JSON",
"PREFIX", "1", "alert:",
"SCHEMA",
"$.user_id", "AS", "user_id", "TEXT",
"$.ip", "AS", "ip", "TEXT",
"$.score", "AS", "score", "NUMERIC",
"$.location", "AS", "location", "TEXT",
"$.geo_jump_km", "AS", "geo_jump_km", "NUMERIC"
)
Impact: Enables lightning-fast complex queries across security alerts, supporting real-time dashboard updates and instant alert correlation.
π‘ Redis Streams for Real-Time Event Processing
High-Throughput Event Ingestion:
# Process security events in real-time
async def process_event_stream():
while True:
events = await redis_client.xreadgroup(
"security_processors", "processor_01",
{"security_events": ">"},
count=10, block=1000
)
for event in events:
await analyze_and_alert(event)
Impact: Processes thousands of security events per second with guaranteed delivery and automatic partitioning across multiple consumers.
π― Redis JSON for Rich Data Structures
Complex Alert Metadata:
# Store rich alert context in JSON
alert_data = {
"alert_id": "alert_001",
"threat_intelligence": {
"geographic_risk": "high",
"ip_reputation": "suspicious",
"behavioral_deviation": 0.92
},
"ml_analysis": {
"confidence": 0.95,
"features": [...],
"similar_events": [...]
}
}
await redis_client.json().set(f"alert:{alert_id}", ".", alert_data)
Impact: Stores complex, nested security data efficiently while maintaining queryability and enabling rich AI context for threat analysis.
π€ AI Integration Architecture
Semantic Caching for LLM Performance:
# Cache LLM responses for similar security contexts
cache_key = f"llm_cache:{hash(security_context)}"
cached_response = await redis_client.get(cache_key)
if not cached_response:
response = await llm_service.analyze_threat(context)
await redis_client.setex(cache_key, 3600, response) # 1 hour cache
Impact: Dramatically reduces LLM API costs and latency by caching contextually similar security analyses, while ensuring fresh insights for new threat patterns.
π Real-Time Feature Streaming for ML
Live ML Feature Pipeline:
# Stream ML features for real-time model inference
features = extract_behavioral_features(login_event)
await redis_client.hset(f"features:{user_id}", mapping={
"time_features": features.time_patterns,
"geo_features": features.geographic_data,
"behavior_features": features.behavioral_metrics
})
# Real-time anomaly scoring
anomaly_score = ml_model.predict(features)
Impact: Enables real-time ML inference with sub-100ms latency by streaming features directly through Redis, supporting immediate threat detection and response.
π Why This Showcases Redis 8's AI Power
Redis 8's combination of vector search, time-series analytics, JSON storage, and streaming capabilities creates the ideal foundation for AI-powered security monitoring:
- Unified Data Layer: Single platform for vectors, time-series, documents, and streams
- Real-Time Performance: Microsecond latency enables immediate threat response
- AI-Native Features: Built-in vector search and JSON handling optimize AI workflows
- Horizontal Scale: Handles enterprise-level security event volumes
- Developer Experience: Rich ecosystem and intuitive APIs accelerate development
Technical Architecture
System Components
- Frontend: Next.js 15 with Tailwind CSS and shadcn/ui components
- Backend: FastAPI with Redis Stack integration
- AI/ML: Isolation Forest for anomaly detection, scikit-learn for feature engineering
- Database: Redis Stack 8 (Streams, Vector Search, TimeSeries, JSON, Search)
- Monitoring: Real-time dashboards with Recharts visualization
RediGuard demonstrates how Redis 8 can power the next generation of AI applications that go beyond simple chatbots to deliver real business value through intelligent, real-time data processing and analysis.
Top comments (0)