As described in our Motivation, the goal of our product is to provide a system which is capable of detecting what we call "rogue" devices in a protected airspace. The software for such a product requires three high-level subsystems:
- The detection system is responsible for scanning the surrounding airspace and detecting devices in the area.
- The analysis system is responsible for ingesting the data output from the detection system and generating alerts based on suspicious activity.
- The alerting system is responsible for taking actions based on alerts generated by the analysis system.
The detection system is ultimately responsible for scanning the airspace for devices. For our MVP, the detection system should be able to:
- detect Wi-Fi and Bluetooth devices in our airspace.
- log information about devices in the area to a data store (TBD) that can be accessed by the rest of the system.
The analysis system must be able to:
- store allow lists for each device and device protocol.
- analyze the data logged by the detection system to determine if there are any unauthorized devices in the system. Hard-coded rules are fine for MVP, it would be nice to have something configurable.
- generate and submit alerts to the alerting system.
The alerting system must be able to:
- read alerts generated from the analysis system.
- interface with different communication channels for sending alerts. For V1, it should be something simple like email, but be extensible to include other types of alerts.