About CoreDetection

Smart Detection Built
for Real Networks

CoreDetection is an AI-powered DDoS detection appliance developed by CoreTech. Smart Detection scores every candidate event through rhythm, fingerprinting, and attack memory — with a full dashboard, forensic reports, and automatic BGP response.

3
Analysis Layers
<60s
Detection cycle
Full
Dashboard & Reports
100%
On-premises
Our Story

Patterns, Not Just
Thresholds

Threshold-only detectors miss stealthy attacks and flood the NOC with false positives. We built CoreDetection around Smart Detection — three analysis layers that score how traffic moves, how sources cluster, and whether patterns match known attack campaigns.

Your routers send flows directly to CoreDetection. The engine scores every candidate event, displays results on your operations dashboard, and responds via BGP or alerts — all on your infrastructure, with full forensic reports.

CoreDetection vs. Threshold-Only
Detection
Smart Detection (3 layers)
Static Gbps/PPS thresholds
Visibility
Full dashboard & reports
Logs and alerts only
Pipeline
Routers → CoreDetection → BGP
Complex multi-vendor stack
Deployment
On-premises, offline license
Cloud SaaS dependency
Smart Detection

3 Layers + Supporting Signals

Three core analysis layers score every event. ASN trust, baselines, and pseudo-L7 inference refine the final decision.

01 · Layer 1

Rhythm Analysis

Analyses 61-second traffic samples for variance, smoothness, and burst patterns. Erratic spikes score high; gradual legitimate ramps score low.

02 · Layer 2

Traffic Fingerprinting

Maps source IP clustering, ASN diversity, and geographic dispersion. Includes trusted-ASN score adjustment to reduce false positives on CDN and peer traffic.

03 · Layer 3

Attack Memory

Stores signatures of confirmed attacks (up to 1,000). New events matched at 85%+ similarity get instant high-confidence recognition.

Weighted Consensus

Weighted scoring across rhythm, fingerprint, and memory — strong signals (≥70) override weak ones instead of a flat average.

Trusted ASN Override

Operator-configured trusted ASNs can veto false positives when traffic is predominantly from verified legitimate sources.

Behavioral Baselines

Per-prefix exponential moving average learns normal Gbps, PPS, and source counts — reduces score for in-range traffic, boosts for abnormal spikes.

Pseudo-L7 Inference

Classifies HTTP floods, Slowloris, and amplification patterns from flow metadata — enriches attack type and can boost the final score.

Smart Detection

3-layer analysis — rhythm, fingerprinting, attack memory — with ASN trust, baselines, and consensus scoring.

Full Dashboard

Live attack monitoring, Smart Detection score breakdown, BGP control, and exportable forensic reports — built in.

Flow-Based

NetFlow, IPFIX, sFlow from existing routers — Routers → CoreDetection → BGP / Alerts.

Auto Response

BGP blackhole, FlowSpec (TCP flags, redirect, mark), IP blocklist feeds, Telegram, email, and webhooks — configurable per severity.

Trusted Across Critical Infrastructure

ISPs & CarriersData CentersEnterprisesHosting ProvidersTelecomFinance

Built by CoreTech

Network security engineers with deep expertise in carrier-grade infrastructure, BGP, and flow-based DDoS detection.

Request Demo Installation Guide