Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



29 Commits

Repository files navigation

Device Behaviour Monitoring

This repository hosts the development of a Device Behaviour Monitoring system carried out in the scope of the ARCADIAN-IoT - Autonomous Trust, Security and Privacy Management Framework for IoT, Grant Agreement Number:101020259. H2020-SU-DS02-2020.

This work's goal is to implement a Intusion Detection System based on system call analysis for IoT devices, while relying on Federated Learning techniques to update the AI models.

Table of contents


This module requires the following modules:

  • Python: version >= 3.6
  • Perf Linux Tool

Getting started

A quick introduction of the minimal setup you need to get the program running.


Change to root

sudo -i

First make sure that your system is up to date

apt update && sudo apt upgrade -y

Download the repository

git clone

Change to repository folder

cd device_behaviour_monitoring

Install Perf Linux tool for system call log extraction:

apt install linux-tools-generic -y

Install the python virtual environment module:

apt install virtualenv python3-venv -y

Create a virtual environment:

python3 -m venv env 

Activate the virtual environment:

. $PWD/env/bin/activate

Install python requirements:

python3 -m pip install -r requirements.txt

Run the script


If you want to create an executable:

python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale

Change the executable directory to the main project folder

mv $PWD/dist/dbm ./

Execute the binary


Kali Linux

Change to root

sudo -i

First make sure that your system is up to date

apt update && sudo apt upgrade -y

Download the repository

git clone

Change to repository folder

cd device_behaviour_monitoring

Install Perf Linux tool for system call log extraction:

apt install linux-perf -y

Install the python virtual environment module:

apt install python3-virtualenv -y

Create a virtual environment:

python3 -m venv env 

Activate the virtual environment:

. $PWD/env/bin/activate

Install python requirements:

python3 -m pip install -r requirements.txt

Run the script


If you want to create an executable:

python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale

Change the executable directory to the main project folder

mv $PWD/dist/dbm ./

Execute the binary


CentOS 7

Change to root

sudo -i

First make sure that your system is up to date

yum -y upgrade

Download the repository

git clone

Change to repository folder

cd device_behaviour_monitoring

Install Perf Linux tool for system call log extraction:

yum install perf -y

Install the python virtual environment module:

yum install python3-virtualenv

Create a virtual environment:

python3 -m virtualenv env

Activate the virtual environment:

. $PWD/env/bin/activate

Install python requirements:

python3 -m pip install -r requirements.txt

Run the script


If you want to create an executable:

python3 -m pio install pyinstaller
python3 -m pip install --upgrade pyinstaller
python3 -m PyInstaller -F --hidden-import="sklearn.metrics._pairwise_distances_reduction._datasets_pair" --hidden-import="sklearn.metrics._pairwise_distances_reduction._middle_term_computer" --exclude-module _bootlocale

Change the executable directory to the main project folder

mv $PWD/dist/dbm ./

Execute the binary


Installing Federated Server Application (Ubuntu)

This module is to be installed and run on a remote server. Assuming that you have installed Docker and it is running.

Build the image

docker build -t server federated/Server/ 

Run the image's default command, which should start everything up.

docker run -it -p 9898:9898 server

Example of how it should look from the server side with one client:


Environment variables can be set up and customized in the .env file (/trace_module folder).

For RabbitMQ communication with other ARCADIAN-IoT components, we need to setup of the next variables:


Other variables can also be changed and calibrated:

Threshold value for intrusion detection (value needs to be from 0 to 1). Default value is 0.5


Maximum of system calls in queue before pausing the tracer. Default value is 25000.


Cooldown time (in seconds) for the tracer before resuming the syscall tracing. Default value is 30 seconds.


Flag to save or not syscalls in data folder. 1 is to enable the syscalls being saved on /data folder, any other value is to disable.


Filter out programs/processes with a certain name (e.g., python)


Filter in only programs/processes with a certain name (e.g., python)





Authors and acknowledgment

Show your appreciation to those who have contributed to the project.


For open source projects, say how it is licensed.

Project status

If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.