This repository hosts the development of a Device Behaviour Monitoring system carried out in the scope of the ARCADIAN-IoT - Autonomous Trust, Security and Privacy Management Framework for IoT, Grant Agreement Number:101020259. H2020-SU-DS02-2020.

This work's goal is to implement a Intusion Detection System based on system call analysis for IoT devices, while relying on Federated Learning techniques to update the AI models.

• Requirements
• Getting started
  • Ubuntu
  • Kali Linux
  • CentOS
• Configuration
• Troubleshooting
• FAQ
• Authors and acknowledgment
• License
• Project status

This module requires the following modules:

• Python: version >= 3.6
• Perf Linux Tool

A quick introduction of the minimal setup you need to get the program running.

Change to root

sudo -i

First make sure that your system is up to date

apt update && sudo apt upgrade -y

Download the repository

git clone https://github.com/vitalinarh/device_behaviour_monitoring

Change to repository folder

cd device_behaviour_monitoring

Install Perf Linux tool for system call log extraction:

apt install linux-tools-generic -y

Install the python virtual environment module:

apt install virtualenv python3-venv -y

Create a virtual environment:

python3 -m venv env 

Activate the virtual environment:

. $PWD/env/bin/activate

Install python requirements:

python3 -m pip install -r requirements.txt

Run the script

python3 dbm.py

If you want to create an executable:

python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F dbm.py --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale

Change the executable directory to the main project folder

mv $PWD/dist/dbm ./

Execute the binary

./dbm

Change to root

sudo -i

First make sure that your system is up to date

apt update && sudo apt upgrade -y

Download the repository

git clone https://github.com/vitalinarh/device_behaviour_monitoring

Change to repository folder

cd device_behaviour_monitoring

Install Perf Linux tool for system call log extraction:

apt install linux-perf -y

Install the python virtual environment module:

apt install python3-virtualenv -y

Create a virtual environment:

python3 -m venv env 

Activate the virtual environment:

. $PWD/env/bin/activate

Install python requirements:

python3 -m pip install -r requirements.txt

Run the script

python3 dbm.py

If you want to create an executable:

python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F dbm.py --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale

Change the executable directory to the main project folder

mv $PWD/dist/dbm ./

Execute the binary

./dbm

Change to root

sudo -i

First make sure that your system is up to date

yum -y upgrade

Download the repository

git clone https://github.com/vitalinarh/device_behaviour_monitoring

Change to repository folder

cd device_behaviour_monitoring

Install Perf Linux tool for system call log extraction:

yum install perf -y

Install the python virtual environment module:

yum install python3-virtualenv

Create a virtual environment:

python3 -m virtualenv env

Activate the virtual environment:

. $PWD/env/bin/activate

Install python requirements:

python3 -m pip install -r requirements.txt

Run the script

python3 dbm.py

If you want to create an executable:

python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F dbm.py --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale

Change the executable directory to the main project folder

mv $PWD/dist/dbm ./

Execute the binary

./dbm

This module is to be installed and run on a remote server. Assuming that you have installed Docker and it is running.

Build the image

docker build -t server federated/Server/ 

Run the image's default command, which should start everything up.

docker run -it -p 9898:9898 server

Example of how it should look from the server side with one client:

Environment variables can be set up and customized in the .env file (/trace_module folder).

For RabbitMQ communication with other ARCADIAN-IoT components, we need to setup of the next variables:

HOST
PORT
VIRTUAL_HOST
CREDENTIALS_USERNAME
CREDENTIALS_PASSWORD
ROUTING_KEY
EXCHANGE_KEY

Other variables can also be changed and calibrated:

Threshold value for intrusion detection (value needs to be from 0 to 1). Default value is 0.5

DETECTION_THRESHOLD

Maximum of system calls in queue before pausing the tracer. Default value is 25000.

SYSCALL_LIMIT

Cooldown time (in seconds) for the tracer before resuming the syscall tracing. Default value is 30 seconds.

PAUSE_TIME

Flag to save or not syscalls in data folder. 1 is to enable the syscalls being saved on /data folder, any other value is to disable.

SAVE_SYSCALLS

Filter out programs/processes with a certain name (e.g., python)

FILTER_OUT

Filter in only programs/processes with a certain name (e.g., python)

FILTER_IN

WIP

Show your appreciation to those who have contributed to the project.

For open source projects, say how it is licensed.

If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.