The Internet of Things (IoT) refers to the growing network of physical devices equipped with sensors and software capable of processing data and exchanging it over the Internet. These devices, which include smart home appliances, vehicles, and wearables, are rapidly entering our homes and generating an increasing amount of sensitive data. Protecting these devices against network attacks is a challenging task due to outdated software, limited resources, and easy-to-exploit vulnerabilities. This BSc semester project presents a novel approach to protecting IoT devices against network attacks by running traffic monitoring on the home networks gateway. This device typically has more hardware resources available, and its software systems are expandable, making it a suitable platform for running custom protection software. The project explores the use of similarity-based hashing to detect malware downloads and presents a working prototype capable of achieving high true positive detection rates. The prototype uses a similarity-based hashing algorithm to calculate the hashes of local files and compare them to a pre-computed list of malware hashes. If a hash is found to be similar enough to a local file, it is classified as malicious. This approach is capable of achieving high true positive detection rates while using only a small fraction of the known malware database. The speed of network capturing is not optimal, but this is a problem with the used technologies rather than the approach itself. Further development and integration of eBPF technology may improve the performance of the system. eBPF is a relatively new technology that allows user-defined programs to be run in the kernel space, enabling faster packet filtering and analysis. Overall, this project presents a promising starting point for further development in the protection of IoT devices against network attacks. The working prototype demonstrates the feasibility of using traffic monitoring on the home networks gateway to detect malware downloads. Further development and optimization may improve the performance and effectiveness of this approach.
Szalai Gergő
2023-07-03
Tmogat: CUJO LLC Magyarorszgi Fiktelepe