This is a submission for the Built with Google Gemini: Writing Challenge
What I Built with Google Gemini
Two months ago, I set out to build something ambitious: a host-based Intrusion Detection and Prevention System (IDS/IPS) that could detect and block network threats in real-time on a Linux host. The problem I was solving was clear—most security students (myself included) learn about IDS/IPS theory in classrooms, but never actually build one. I wanted to change that.
The system I built combines:
- Multi-vector detection: Port scan detection, SYN flood detection, and filesystem monitoring -** Intelligent response*: Configurable rules that can log, alert, or block suspicious activity -* Firewall integration**: Direct integration with iptables and ipset for real-time blocking
- Alerting system: Console logging, file logging, and webhook integrations (Discord support)
- Dashboard UI: A lightweight visualization layer to monitor events in real-time
Where Google Gemini came in: Gemini was my co-pilot through the entire development cycle. I used it to fix critical bugs, understand complex security vulnerabilities, optimize detection logic, and debug those frustrating log parsing errors that kept me stuck for hours.
Demo
GitHub Repository: https://github.com/OUSSAMA-GATTAOUI/IDS-IPS-system
My Testing Setup:
- Primary dev environment: VS Code on my local machine
- Testing infrastructure: Virtual Box with Kali Linux
- Attack vectors tested: nmap port scans, SYN floods, and other reconnaissance attacks demo video : https://youtu.be/S19lPUT6Y9o
What I Learned
The biggest technical lesson was how to use an AI assistant to debug systemically. Early on, I had a massive issue with log parsing. My detection engine was generating enormous log files with parsing errors that made the alerts useless. I spent two full days trying to fix it manually—checking regex patterns, buffer management, file I/O operations. Nothing worked.
Then I used Gemini. I pasted my logging module, described the problem in detail, and asked it to walk me through the logic. Within minutes, Gemini identified that I wasn't properly handling concurrent writes to the log file while the parser was reading it. The fix was elegant: implementing a read-write lock mechanism. Once Gemini explained why this was happening, the optimization became obvious. I optimized my detection system's performance by 40% just by fixing that single bottleneck.
I also learned that security development requires a different mindset than general software development. When you're building a firewall, the difference between allow and deny isn't a bug—it's a security incident. Gemini kept me honest on this. Whenever I'd ask "does this blocking logic look right?", it would catch edge cases I'd missed.
What most suprised me is that Gemini was amazing at helping me understand why something was broken, but less reliable at generating security-critical code from scratch. When I asked it to generate SYN flood detection logic, the first pass had a subtle flaw—it would have created false positives that could block legitimate traffic.
Google Gemini Feedback
- Gemini's ability to trace through code logic was exceptional. I'd describe a symptom ("my detection engine misses certain port scans"), paste the relevant code, and Gemini would often pinpoint the root cause in seconds. This saved me days of manual debugging.
- The big log error I mentioned? Gemini didn't just fix the syntax—it helped me redesign the entire logging pipeline for better performance.
- Gemini was fantastic at explaining why certain security practices matter. This built my confidence in the code I was deploying. <!-- Don't forget to add a cover image if you'd like! -->
Top comments (1)
Awesome work taking on such a complex security project, Oussama. Using Gemini to identify that concurrent read/write lock issue in your logging pipeline is a perfect example of how AI can accelerate systemic debugging 👍