Total System Shield (Toshi) is an european project funded by EiT-Digital that I carried as my MSc thesis project at Polytechnic of Turin.
The aim is to monitor network traffic in order to detect attacks like DDoS and Crypto mining. When such attacks are detected, it automatically inserts rules in the Firewall to both prevent and stop them.
The framework is composed by many components which interact using standardized Rest APIs. My concern, was to develop an eBPF program to be injected and used in Polycube in order to analyze incoming and outgoing packets, extracting some features among them and export these values to the other components.
eBPF has always been used for statistics and traffic redirection, so this usage is quiet uncommon, but it turned out to be an innovative approach which led to good results without altering networking perfomance so much.
In collaboration with:
- Universidad Politécnica de Madrid
- Fondazione Bruno Kessler
For more information, please visit the project website (Code tag above 🔝)