IoTVigilant is an Open Source development created to detect :shipit: weird network behaviors of IoT devices --or of any device with low network interaction--.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Presentacion_Hackathon
docker
images
local_server
sniffer
.gitignore
LICENSE
README.md

README.md

Iotvigilant-Cybercamp-2018

Python Contributions welcome GitHub Docker

IoTVigilant is a Open Source development created to detect :shipit: weird network behaviors of IoT devices --or of any device with low network interaction--.

Basic Overview

Nowadays, more and more IoT devices are being used and, as these devices aren't created with security in mind, they represent a huge security risk in the cyber world. For example, in 2016 Miraia 👿 was an IoT botnet which size varied from 800,000 infected devices to 2.5 million and was used to perform DDoS attacks to some Internet services.

In spite of the size of this botnet, it isn't the biggest IoT botnet that has been used to perform attacks around the Internet 😥. This is why we think that this proyect is needed to discover when a IoT device is behaving in a weird way to stop it 😇.

Protect from the network

As the user of an IoT device rarely has access to the source code of his device and won't be able to install any security measure inside it 🙈, the best way to discover that the gadget has been infected 👽 and is performing unexpected actions, is monitoring the network where it's connected.

IoTVigilant

This proyect is composed of 2 parts:

  • The Sniffer: This piece of software takes metadata from the packets of the IoT devices and send it to the server. You can find more information about this in the Sniffer folder.
  • The Server: Here is were the magic is performed. All the metadata extracted by the sniffer is correlated using a Machine Learning algorithm and the findings are presented in a beautiful web client. You can find more information about how the server works in the Local Server folder.

If you are a Docker fan, then you can find an installation guide of the Sniffer and the Server in the Docker folder.

Requirements

Sniffer

  • Python 3
  • requirements.txt

Server

  • Grafana v5.0+
  • Elasticsearch 5.6+
  • Python 3
  • requirements.txt
  • Gunicorn

Quick Start

Sniffer

Clone the repository

cd /opt
git clone https://github.com/IoT-Vigilant/iotvigilant-cybercamp-2018.git

Run the sniffer in background

cd iotvigilant-cybercamp-2018/sniffer
python3 sniffer.py --ip <*server_ip*> --port <*server_port*> --time <*time_for_the_buffer*> &

Server

Clone the repository

cd /opt
git clone https://github.com/IoT-Vigilant/iotvigilant-cybercamp-2018.git

Create the self-signed certificate to use HTTPS

openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365

Run the server using Gunicorn

cd iotvigilant-cybercamp-2018/local_server/
gunicorn --certfile <*path_to_cert.pem*> --keyfile <*path_to_key.pem*>  -b 0.0.0.0:4001 server:app