astropema-ai — threat-defense-system v2.0

    _        _             ____                         _    ___
   / \   ___| |_ _ __ ___ |  _ \ ___ _ __ ___   __ _   / \  |_ _|
  / _ \ / __| __| '__/ _ \| |_) / _ \ '_ ` _ \ / _` | / _ \  | |
 / ___ \\__ \ |_| | | (_) |  __/  __/ | | | | | (_| |/ ___ \ | |
/_/   \_\___/\__|_|  \___/|_|   \___|_| |_| |_|\__,_/_/   \_\___|

[ HOST-LEVEL SECURITY ARCHITECTURE · LINUX · WAF · IDS · ML ]

Operating in production · ISO/IEC 27001 aligned

Custom Host-Level Security Architecture for Self-Managed Linux Infrastructure

AstroPema AI designs deterministic, reviewable defensive systems that operate inside the application trust boundary — where operators require direct control, auditable evidence, and verifiable enforcement without third-party telemetry dependencies.

▸ Request Services ‣ View Evidence Capabilities

Capabilities

Structured Defense. Verifiable Enforcement.

Each implementation is custom-scoped to the client's infrastructure: a standardized core architecture deployed and tailored to the specific topology, services, compliance posture, and operational requirements of the organization.

■

What we do

Design and deploy custom host-level defensive architectures for Linux servers
Implement deterministic policy pipelines with reviewable, auditable outputs
Normalize operational telemetry into structured evidence models and audit-ready reports
Build self-hosted SOC frameworks for web, mail, SSH/SFTP, and related services
Optional database-backed event storage for structured querying and historical correlation
Client-authorized log analysis and data science workflows (locally executed)
Optional ML-assisted behavioral analysis (local inference, operator-controlled)
Containment workflow design: verifiable enforcement and post-event validation

□

What we do not do

Extract or monetize customer telemetry
Operate managed security services (continuous outsourced SOC operations)
Provide incident response retainer or emergency response staffing
Conduct offensive security or penetration testing engagements
Assume third-party infrastructure control outside defined deployment scope

All systems are deployed within the client's own infrastructure. No external telemetry extraction, cloud data brokerage, or remote dependency required. The client retains full operational ownership of the deployed architecture.

◆

Log-Parsing Mode

Direct parsing and evidence report generation without database dependency. Minimal footprint, immediate visibility.

◆

Database-Backed Mode

Structured storage enabling deeper correlation, historical analysis, and fleet-level visibility via PostgreSQL.

◆

Analyst Extension Mode

Optional Jupyter/Conda environments for in-house data science exploration and custom analytics pipelines.

Public Artifacts

Audit-Ready Evidence

These documents demonstrate the system's emphasis on reviewability: log → decision → expected action → verifiable enforced state.

📄

AstroPema Architecture & Production Analysis Complete WAF architecture, deployment configuration, and production traffic analysis — PDF

↗ 📄

AstroPema AI LLC — CNN-GRU Two-Layer IDS Report Dual-layer intrusion detection system design, ML model architecture, and validation results — PDF

↗

Note: These artifacts are published for transparency and technical review. They are not a promise of specific outcomes on different traffic profiles, and they do not constitute an offer of sale.

Engagement Model

Architecture-Driven Engagements

Projects typically begin with a focused threat-model and infrastructure review, followed by a time-boxed design, build, and validation phase within the client's own environment.

Common deliverables

Self-hosted security architecture blueprint and deployment plan
Deterministic event schema and normalization pipeline (versioned + reviewable)
Host-level SOC framework for web, mail, SSH/SFTP, and related services
Evidence timeline generation and audit-ready HTML/PDF artifacts
Optional database-backed event storage for structured querying
Operator runbook and verification workflows
Containment validation design (provable enforcement state)

Fit criteria

You operate self-managed Linux servers (on-prem or IaaS, not fully outsourced)
You require auditability and visibility beyond vendor-managed dashboards
You need defensible evidence artifacts for governance, compliance, or risk oversight
You prefer local enforcement primitives (iptables/ipset or nftables)
You want architectural ownership rather than subscription-based dependency

Mode 01

Advisory & Architecture Review

Assessment of existing Linux infrastructure with documented recommendations and remediation roadmap.

Mode 02

Managed Implementation

Full deployment of security architecture, web infrastructure, or AI inference environment on client systems.

Mode 03

Ongoing Operational Support

Retained administration, monitoring, incident response, and continuous improvement of deployed systems.

Mode 04

Documentation & Compliance

ISMS development, security reporting, and audit evidence preparation for ISO 27001 or similar frameworks.

Production Systems

Built and Operating in Production

The following capabilities are not aspirational — they represent systems currently running in production across multiple domains including AstroPema.AI, AstroMap.AI, PemaHosting.com, and OrNeiGong.org. Every component listed has been designed, implemented, documented, and is actively maintained by AstroPema AI.

Linux Systems Administration & Server Infrastructure

Primary operating environment: Debian/Ubuntu Linux, administered at demonstrable production level across multiple servers and service domains.

Full server provisioning, hardening, and lifecycle management on Debian/Ubuntu
Multi-domain Apache and NGINX web server configuration, virtual host management, and performance tuning
SSL/TLS certificate provisioning and automated renewal across all hosted domains
DNS administration including zone management, propagation validation, and multi-domain record maintenance
UFW firewall rule design, ipset hash-based blocking, and kernel-level network policy enforcement
System monitoring, health checks, automated alerting, and on-call incident response — infrastructure built in-house
Self-hosted Git version control (Gitea) for infrastructure-as-code and security system source management

Security Architecture & Intrusion Detection

Deterministic, reviewable defensive systems operating inside the application trust boundary — auditable evidence, verifiable enforcement, no external telemetry pipelines.

Designed and implemented a production-grade Regex–CNN–GRU hybrid WAF integrating signature-based filtering with sequence-aware ML threat detection
Built cross-service attack correlation system using PostgreSQL to detect coordinated threats across HTTP, SSH, and SMTP — revealing 73% of web attackers also probe mail and SSH endpoints
Developed multi-layer defense architecture combining iptables/ipset, ModSecurity WAF, XDP BPF kernel-level drop, and ML detection — scaling to 1,500+ banned IPs with validated enforcement
Implemented security data science pipeline with real-time log ingestion, normalization, and SQL analytics across Apache, SSH, and Postfix/Dovecot
Applied statistical anomaly detection using window functions and time-series analysis on enforcement events, identifying coordinated botnet campaigns with measurable precision
Actively porting core detection logic to Rust for sub-millisecond response times, supporting future commercially deployable WAF product
Achieved $20K/year cost avoidance vs cloud SOC services by building ground-truth threat intelligence from operational data

AI Infrastructure & Machine Learning Deployment

Local GPU-accelerated AI inference environment — eliminating API dependency costs while maintaining full data sovereignty.

RTX 5070 Ti GPU provisioned and optimized for parallel AI inference workloads
Ollama inference server deployment serving production AI applications with sub-second response times
Complete migration from OpenAI API dependency to self-hosted inference — eliminating recurring API costs while improving response latency
AI inference pipeline integration with PHP web applications for real-time interpretation generation at AstroPema.AI and AstroMap.AI
CNN-GRU neural network model training, validation, and production deployment for behavioral threat detection

Email Infrastructure & Messaging Security

Postfix MTA configuration for outbound and inbound mail handling across multiple domains
Dovecot IMAP/POP3 with mailbox management and quota enforcement
DKIM signing, SPF record management, and DMARC policy enforcement — consistent inbox delivery and spoofing prevention
Real-time SMTP abuse detection integrated into cross-service security correlation pipeline

Compliance, Governance & Reporting

ISMS documentation framework developed in support of ISO 27001 certification for AstroPema AI LLC
Structured HTML and PDF security reports generated directly from log-derived evidence, suitable for audit and executive review
Statement of Applicability, risk register, and control mapping maintained as auditable operational records
Change management via Git commit history providing reproducible, auditable infrastructure evolution records

Scripting, Automation & Full Stack

Bash scripts for system automation, log rotation, health monitoring, backup execution, and security response pipelines
Python scripting for ML pipeline management, data ingestion, log parsing, and statistical analysis
Jupyter notebook-based Linux log forensics — applying data science methods to raw system logs
PHP application development and deployment across multiple production domains
PostgreSQL and MySQL database administration and backup/recovery procedures

Academic & Professional Credentials
MIT IDSS Machine Learning & Deep Learning | CMU Deep Learning — top 2% both cohorts.
BS Mathematics & Computer Science, University of Puerto Rico.
40+ years of practical experience spanning electronics, telecommunications, and enterprise Linux administration.
Operating production systems where downtime has real consequences — that discipline informs every engagement.

Contact

Email for Services / Scope

If you want a custom-fit system or review, send a short note with your environment and goals. You'll get a human reply — no lists, no automation, no follow-ups.