IoT devices are quickly increasing in popularity, but many companies rely on the customer to secure their own device. As a result, people can quickly scan devices for open ports and log in with default information. The device can then be enslaved in the botnet without a user knowing it.
What it does
GuardNet runs a daemon on an IoT device to monitor network traffic. If the device starts getting an unreasonable amount of requests, the firewall closes all ports, generates a custom ssh key, and sends the key along with information about the attack to the device owner through the Twilio API.
How we built it
We first set up a Docker container to initiate a virtual machine that could take in a post request and send a text to a designated user. We then began developing a daemon using Python that could run in the background, scanning for suspicious internet traffic. We then connected an Azure database to our Docker container that could receive data about suspicious internet traffic.
Challenges we ran into
Setting up Docker, developing a Python daemon, connecting onto an SQL server from Docker.
Accomplishments that we're proud of
Creating the daemon, learning different libraries, learning how to use Docker.
What we learned
We learned how to create a daemon in Python, how to create Azure databases and send data to them through POST requests in Python.
What's next for NetGuard
If we had a large dataset of malicious network traffic requests, we could use ML to identify patterns in that data, and keep an updated database of blacklisted IP addresses shared amongst our IoT devices. We could also enhance performance to reduce daemon’s memory requirement on devices to have minimal impact on their speed.