AEGIS is an intrusion detection & alerting system using eBPF for securing IoT devices. By introducing a new IoT device into the network, it acts ass a central hub for monitoring the remaining IoT devices (nodes) in the network.
A study by Fastly states that, on average, once an IoT device is infected, it can begin launching an attack within 6 minutes of being exposed to the internet. Hence, network observability of devices is of utmost importance to detect intrusion in IoT networks.
-
Gain insights into network observability statistics of devices in an IoT network.
-
Obtain alerts for any malicious activity flagged by the rule engine.
-
Deploy the system by simply installing a binary on an IoT device in a network.
-
Current system includes rules to flag malicious IPs, DoS, and ICMP flooding attacks.
-
eBPF: A technology that can run sandboxed programs in a privileged contexts such as the operating system kernel.
-
Rust: A systems programming language that enforces memory safety and helps interface with eBPF programs.
-
Raspberry Pi: It is a low-cost micro-computer that can be easily deployed in an IoT network.
-
Flask: A micro-web framework for creating server side applications using Python.
-
AEGIS Hub - https://github.com/pk-218/aegis-hub
-
AEGIS Node - https://github.com/pk-218/aegis-node
-
Presentation - https://tome.app/kernel-krypts/refaktor-hackathon-kernel-krypts-aegis-clejk95n00054enhly9nwa0rm
-
Project assets - https://drive.google.com/drive/folders/1fOCmk2h9Wcq9JFlGU2pV9dFd_p3_0lwT?usp=sharing