Intrusion Detection and Counter Attack System (IDCAS) is an open source tool developed to be used during CaptureTheFlag (CTF) Attack/Defense cybersecurity competitions. It provides both full system and single service monitoring, looking for incoming malicious HTTP requests. In fact, during such competitions, while you try to steal other participants secret information to get points, they will try to hack your system stealing yours. IDCAS detects when your system has been compromised and, while it cannot block the attack since it is prohibited in CTF, it will replay the same malicious request to all the other teams.
IDCAS exploits the use of eBPF and XDP, monitoring the system from the bottom to the top.
For more information, please visit the project website (Code tag above 🔝)
Simone Magnani
PhD Student
A PhD Student currently working on relationship between network traffic features and quality of AI/ML-based detection engines.