This repository hosts the development of a Device Behaviour Monitoring system carried out in the scope of the ARCADIAN-IoT - Autonomous Trust, Security and Privacy Management Framework for IoT, Grant Agreement Number:101020259. H2020-SU-DS02-2020.
This work's goal is to implement a Intusion Detection System based on system call analysis for IoT devices, while relying on Federated Learning techniques to update the AI models.
- Requirements
- Getting started
- Configuration
- Troubleshooting
- FAQ
- Authors and acknowledgment
- License
- Project status
This module requires the following modules:
- Python: version >= 3.6
- Perf Linux Tool
A quick introduction of the minimal setup you need to get the program running.
Change to root
sudo -i
First make sure that your system is up to date
apt update && sudo apt upgrade -y
Download the repository
git clone https://github.com/vitalinarh/device_behaviour_monitoring
Change to repository folder
cd device_behaviour_monitoring
Install Perf Linux tool for system call log extraction:
apt install linux-tools-generic -y
Install the python virtual environment module:
apt install virtualenv python3-venv -y
Create a virtual environment:
python3 -m venv env
Activate the virtual environment:
. $PWD/env/bin/activate
Install python requirements:
python3 -m pip install -r requirements.txt
Run the script
python3 dbm.py
If you want to create an executable:
python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F dbm.py --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale
Change the executable directory to the main project folder
mv $PWD/dist/dbm ./
Execute the binary
./dbm
Change to root
sudo -i
First make sure that your system is up to date
apt update && sudo apt upgrade -y
Download the repository
git clone https://github.com/vitalinarh/device_behaviour_monitoring
Change to repository folder
cd device_behaviour_monitoring
Install Perf Linux tool for system call log extraction:
apt install linux-perf -y
Install the python virtual environment module:
apt install python3-virtualenv -y
Create a virtual environment:
python3 -m venv env
Activate the virtual environment:
. $PWD/env/bin/activate
Install python requirements:
python3 -m pip install -r requirements.txt
Run the script
python3 dbm.py
If you want to create an executable:
python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F dbm.py --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale
Change the executable directory to the main project folder
mv $PWD/dist/dbm ./
Execute the binary
./dbm
Change to root
sudo -i
First make sure that your system is up to date
yum -y upgrade
Download the repository
git clone https://github.com/vitalinarh/device_behaviour_monitoring
Change to repository folder
cd device_behaviour_monitoring
Install Perf Linux tool for system call log extraction:
yum install perf -y
Install the python virtual environment module:
yum install python3-virtualenv
Create a virtual environment:
python3 -m virtualenv env
Activate the virtual environment:
. $PWD/env/bin/activate
Install python requirements:
python3 -m pip install -r requirements.txt
Run the script
python3 dbm.py
If you want to create an executable:
python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F dbm.py --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale
Change the executable directory to the main project folder
mv $PWD/dist/dbm ./
Execute the binary
./dbm
This module is to be installed and run on a remote server. Assuming that you have installed Docker and it is running.
Build the image
docker build -t server federated/Server/
Run the image's default command, which should start everything up.
docker run -it -p 9898:9898 server
Example of how it should look from the server side with one client:
Environment variables can be set up and customized in the .env file (/trace_module folder).
For RabbitMQ communication with other ARCADIAN-IoT components, we need to setup of the next variables:
HOST
PORT
VIRTUAL_HOST
CREDENTIALS_USERNAME
CREDENTIALS_PASSWORD
ROUTING_KEY
EXCHANGE_KEY
Other variables can also be changed and calibrated:
Threshold value for intrusion detection (value needs to be from 0 to 1). Default value is 0.5
DETECTION_THRESHOLD
Maximum of system calls in queue before pausing the tracer. Default value is 25000.
SYSCALL_LIMIT
Cooldown time (in seconds) for the tracer before resuming the syscall tracing. Default value is 30 seconds.
PAUSE_TIME
Flag to save or not syscalls in data folder. 1 is to enable the syscalls being saved on /data folder, any other value is to disable.
SAVE_SYSCALLS
Filter out programs/processes with a certain name (e.g., python)
FILTER_OUT
Filter in only programs/processes with a certain name (e.g., python)
FILTER_IN
WIP
Show your appreciation to those who have contributed to the project.
For open source projects, say how it is licensed.
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.