Skip to content
/ SocInABox Public

TARP (formerly SocInABox) is a holistic incident detection and response platform for mission-critical IoT and ICS systems. Developed for the DoD MD5 Hackathon, 2018.

2 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

meadej/SocInABox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

96 Commits
HTML
HTML
 
 
html/HTML
html/HTML
 
 
pres
pres
 
 
soc_box
soc_box
 
 
soc_server
soc_server
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

TARP Advanced IDS/IPS System

Traffic Analysis and Response Platform

Our response to MD5's mission to...

Prepare

TARP utilizes open-source data about existing risks in addition to our analysis of new ones to be prepared for both known and unknown threats.

Detect

Our system uses a hybrid of static analysis and machine learning algorithms in order to keep a constantly updated watch over the data traversing into and out of the network.

Respond

Based on data received from our analysis platform, TARP will implement intelligent firewall rules in-between the system and the external web. It will also notify the user when anomalies are detected, allowing enterprise users to diagnose and resolve the problem using their own personnel and resources.

System Summary

TARP is a holistic incident detection and response platform for mission-critical IoT and ICS systems.

What makes TARP different

  • IoT focused: TARP specifically targets IoT devices, meaning that operations for standard servers and workstations will not be impacted by the integration of TARP into a home or enterprise network.
  • Expandable: TARP can grow and shrink to fit any size network.
  • Continuous: A disruption in TARP does not mean a disruption in service. IoT devices can utilize normal endpoints in the event of system failure.
  • Hybrid analysis: Dozens of commercially available IDS/IPS systems already use machine learning for malware analysis. TARP still utilizes the latest groundbreaking achievements in machine learning, but diverges from the norm by also integrating static analysis of packet contents. This hardens our IoT networks against a variety of common threats and attacks.
  • Trusted sources: Our static analysis incorporates malicious address data from institutions such as Google and SANS.
  • GeoIP integration: TARP dynamically determines the country of origin for each device based on hardware data, allowing us to determine regions of the world we could normally expect devices to be contacting for updates, etc.
  • TARP uses no third-party servers or hardware, meaning that it can be brought into a classified environment on classified systems.
  • Cheap: The current iteration of TARP is cheap. Very cheap.

Future Goals

  • By introducing a honeynet into our IoT security solution, organizations can observe attacker behavior while maintaining their network's security by quarantining bad actors.

Developers

  • Spencer Hanson
  • Nicholas Zimmerer
  • Ryan Craig
  • Jonathan Meade

About

TARP (formerly SocInABox) is a holistic incident detection and response platform for mission-critical IoT and ICS systems. Developed for the DoD MD5 Hackathon, 2018.

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages