Gorgon Defender

Gorgon Defender companion app on a smartphone

The Concept

Deception as a Defence Strategy

Military forces have used decoys for centuries — dummies on battlefields, inflatable tanks, ghost armies. Gorgon Defender brings this proven strategy to network security.

The system studies the real devices on your network and then deploys up to 25 convincing ghost hosts that mimic their behaviour. To an attacker scanning the network, every device looks real. But the moment they touch a decoy, the trap is sprung.

Because legitimate users never interact with decoy devices, every alert is a genuine indicator of compromise — not a false alarm.

How It Works

Intelligent, Autonomous, Self-Adapting

Learn

Gorgon Defender passively monitors network traffic to build an activity profile of every connected device — understanding their behaviour patterns, active hours, and communication style.

Deploy

Using machine learning, it generates realistic decoy devices with plausible MAC addresses, hostnames, and network signatures. These ghost hosts are injected into the network and respond to discovery protocols just like real devices.

Detect

When an attacker or compromised device scans the network, they inevitably interact with a decoy. Gorgon Defender classifies the contact — distinguishing between incidental contact, targeted probing, and full network scans.

Alert & Advise

Alerts are delivered in plain language through the companion app, complete with actionable guidance. Users can review the threat, block suspicious devices, and take control — no cybersecurity expertise required.

Gorgon Defender router protecting a home network

Capabilities

Built for Real-World Protection

Every feature is designed to maximise detection accuracy while minimising noise and complexity.

Up to 25 Decoy Devices

A swarm of ghost hosts that dramatically increases the odds an attacker trips a wire before reaching anything real.

Minimal Cloud Footprint

All threat detection and analysis runs locally on the router. Optional cloud connectivity enables remote access and real-time push alerts to the companion app.

Near-Zero False Positives

Legitimate devices never contact decoys. Every alert represents genuine suspicious activity — eliminating alert fatigue.

Companion App

A mobile app provides real-time alerts, device management, threat explanations, and one-tap device blocking — all in plain language.

Behavioural Learning

Machine learning profiles real device activity patterns. Decoys mimic these patterns to remain indistinguishable from genuine hosts.

Tiered Alert System

Three alert levels — informational, warning, and scan — classify threats by severity and provide graduated response guidance.

The Attacker's Dilemma

A Minefield They Cannot Navigate

An attacker entering a protected network faces an impossible task. With 25 decoy devices mixed among real ones, the odds of scanning without detection drop to near zero.

Every probe, every scan, every lateral move risks tripping a silent alarm. The attacker has no way to distinguish real from fake — but the defender knows instantly which is which.

The advantage shifts from attacker to defender.

Illustration of a frustrated hacker unable to navigate a decoy-filled network

Compatibility

Runs on Modern OpenWRT Routers

Gorgon Defender is designed to run on routers powered by OpenWRT — the leading open-source router operating system trusted by manufacturers worldwide.

Architectures

ARM (aarch64) and MIPS — covering the vast majority of modern consumer router hardware.

Footprint

Lightweight C daemon with minimal memory and CPU overhead. No performance impact on routing.

Integration

Ships as a standard OpenWRT package. Integrates with procd init, logd, and the native package manager.