Skip to content

This repository provides an Intrusion Detection System (IDS) using an ESP32 microcontroller, Python, shell scripts, and C++. It captures network traffic and displays real-time statistics. The ESP32 communicates with a Linux server, which processes the captured data and stores it in a database.

License

Notifications You must be signed in to change notification settings

JohnKun136NVCP/ids-port-mirror

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Intrusion detection system with ESP32

Index

  1. What's an ESP32?
  2. IDS
  3. Wireshark
  4. Wireshark and ESP32
  5. Before Installing
  6. IDS Port Mirror (Description)
  7. How it works?
  8. Sightling
  9. Acknowledgments
  10. Bibliography

What's an ESP32?

The Esp32 is a feature-rich MCU with integrated Wi-Fi and Bluetooth connectivity for a wide range of applications:

  1. Robust desing

ESP32 is able to operate reliably in industrial environments, with operating temperatures ranging from -40 °C to +125 °C. Powered by advanced calibration circuitry, ESP32 can dynamically eliminate external circuit imperfections and adapt to changes in external conditions.

  1. Ultra low power consumption

Designed for mobile devices, wearable electronics and IoT applications, ESP32 achieves ultra-low power consumption with a combination of several types of proprietary software. ESP32 also includes state-of-the-art features such as fine-grained clock synchronization, multiple power modes and dynamic power scaling.

  1. High level of integration

ESP32 is highly integrated with built-in antenna switches, RF balun, power amplifier, low noise receive amplifier, filters and power management modules. ESP32 adds invaluable functionality and versatility to your applications with minimal printed circuit board (PCB) requirements.

  1. Hybrid WiFi and Bluetooth chip

ESP32 can operate as a complete stand-alone system or as a slave device to a host MCU, reducing the communications stack overhead on the main application processor. ESP32 can interface with other systems to provide Wi-Fi and Bluetooth functionality through its SPI/SDIO or I2C/UART interfaces.

IDS (Intrusion Detection Systems)

Technological advances in the digital age have led to an exponential increase in the amount of information and data stored online. As organizations and individuals increasingly rely on the connectivity and accessibility of their systems, the threat of malicious intrusions and cyber attacks also increases. In this context, Intrusion Detection Systems (IDS) emerge as crucial elements in IT security defense.

An IDS is a tool designed to monitor and analyze network traffic for suspicious activity or anomalous behavior that may indicate an intrusion attempt or security breach. Its importance lies in several fundamental aspects that contribute to the integrity, confidentiality and availability of information systems.

First, IDSs play a key role in early identification of potential threats. By analyzing traffic patterns and anomalous behavior, these systems can detect intrusions in their early stages, enabling a fast and efficient response to mitigate risks before they cause significant damage. This is crucial in a digital environment where speed of detection and response is essential to minimize the impact of attacks.

Wireshark

Wireshark is a network packet analysis tool that deploys a variety of applications in the communications field. Its usefulness ranges from troubleshooting communications networks, performing security audits, to software and protocol development, in addition to its role as an educational resource. This analyzer, which incorporates all the standard features of a protocol analyzer, is used in a comprehensive and focused way to capture information passing through a connection.

Wireshark and ESP32

Wireshark and ESP32 are two distinct technologies that can be integrated to enhance network monitoring and debugging capabilities in IoT (Internet of Things) applications. Wireshark is a network protocol analyzer, while ESP32 is a versatile microcontroller commonly used in IoT projects. The integration of these technologies allows for detailed analysis and troubleshooting of network communication in ESP32-based IoT devices. By leveraging Wireshark's packet capturing and analysis capabilities, developers can monitor and inspect the network traffic generated by ESP32 devices. This integration is particularly valuable during the development and debugging phases, as it provides insights into how the ESP32 communicates over the network, helping identify issues such as packet loss, latency, or unexpected behavior.

Before installing.

Warning

Only works on Linux based on Ubuntu, Fedora and ArchLinux.

Install Arduino IDE and componets for ESP32

  • You need to dowload Arduino IDE (version Legacy 1.8.x) on official website.
  • Into directory Arduino.
    cd arduino-1.8.X/
  • Then give permissions to execute:
    chmod +x *.sh
  • Execute the file arduino-linux-setup.sh as root:
    sudo ./arduino-linux-setup.sh $USER
  • Reboot your computer.
    reboot
  • Finally, install Arduino IDE.
    sudo ./install.sh

ESP32 board on Arduino IDE

  1. You will need to give permissions to port with the next command sudo chmod 666 /dev/ttyUSB0.
  2. Install python esptool.

Warning

PIP3 install not works for Ubuntu. You will need to use this command:

sudo apt-get update
sudo apt-get install esptool
  1. Conect your ESP32 board to the computer.
  2. Once connected ESP32 is plugged, then LED of ESP32 will turn on. If the LED does not light up, it is possible that the cable or the USB port is damaged.
  3. You need to dowload ESP32 board. For this, it's necessary to go to Tools > Board and select the corresponding option. In this case Heltec ESP32 Arduino > Wireless Stick Lite.
  4. You will need to give permissions to ports and although in many cases the IDE itself determines the port used by the board, in other cases it is necessary to specify it. To do this, go to Tools > Port, then select the port corresponding to the board. In Linux it starts with tty and is usually followed by the words ACM or USB with an order number.
  5. All that remains is to load the implemented code to the ESP32. To check that the engraving process is correct, a good option is to use the Blink example, since it does not require any external component.Once the code is ready, it is necessary to click on the check button of the IDE to verify that there is no error in it. Then, by clicking on the load button, the code is written to the ESP32. Once the code is finished loading the LED on the board will start blinking.

Hardware

  • 3 LEDS (Red, Yellow and Green)
  • 1 Buzzer
  • ESP32
  • Resistors
  • Protoboard

Diagrams bellow for blink (Leds) and Buzzer

ImageHard

ImageHard

Install components for Pyton Requirements

Check if you have installed pip

python -m pip --version

To see if you have the PIP package manager installed.

Install NumPy with the command

python -m pip install numpy

Install Pandas with the command

python -m pip install pandas

To add the PySerial library:

python -m pip install pyserial

Install Wireshark (Linux)

This program can run on distro based on Debian, Fedora and ArchLinux

Run first option and Wireshark's going to install it

chmod +x main.sh
./main

You will see below of tittle and picture the menu, select option 1

menuImage

IDS Port Mirror (Description)

Within the framework of this project, we have developed an Intrusion Detection System (IDS) in which the ESP32 microcontroller plays a central role. Within this architecture, we have implemented a configuration composed of three light emitting diodes (LEDs), each designed with specific functionalities. The first LED, green in color, indicates the absence of threats; the second, yellow in hue, warns of possible danger; and the last, red in color, acts as a danger alarm, simultaneously activating a buzzer for sound alerts. In parallel, when the functionality associated with the red LED is activated, it generates a notification sent to the user through the Telegram messaging platform, as well as an alert message sent to the email of the same user registered in the GMAIL account.

How it works?

The project operates as follows: it uses the main.sh program. Its execution requires administrator privileges.

NOTE: Before to run main.sh. Firstly, run arduino ~/main/main.ino. Arduino opens program and upload to ESP32 board.

./main

menuImage

When you have Wireshark and Python dependences, then select 2 option to get ESP32's IP (You have to plugged your esp32 to computer) and show a list your open ports to serial connection, select it (some cases you should push boot button) then you get your IP and it keep it into .txt file (It's hidden)

menuImage2

Once it get ESP32's IP. Run option 3. (If you know your ESP32 IP save it). It needs your path of your ESP32's IP, then show your network interfaces, select your Wifi interface or Ethernet connection.

menuImage3

And Tshark starts and it opens a windows with Wireshark, stop when you have enought data, saved as captured packets and as a file name.csv.

menuImage4

Then you will need to keep your .csv and give the path. IDS will start and there are options:

  1. When packet is high, Red Led will turn on, it sends a message to Telegram Bot (Esp32NetworkTool), and finally it send you a Email.
  2. When packet is medium, Yellow Led will turn on and program sends you a message to Telegram
  3. When packet is low, only Green Led turns on.

SOME PACKETS ARE DELAYED

Finally, run option 3 it keep it into a data base (remote). It works with OPENVPN, however you can implement another VPN. If it's local, please comment line 13 and 47 of file updatedbs.sh and works with ssh (Change port if it's necessary) and it read .csv and upload using Mysql with MariaDB.

menuImage5

OPTIONAL If you have local database just add php front-end. In this case we usted a públic IP (however only works using VPN) that show you below

menuImage

Loggin using IP 132.248.X.X (Use a private IP or and VPN for security)

Into website appears this

menuImage

And a graph with time vs size of packet

menuImage

The program offers five options for package installation, specifically designed for distributions such as Ubuntu, Fedora and Arch Linux. For the purpose of obtaining the IP address of the ESP32 through the serial port, the program will allow the selection of the corresponding serial port. The third option is for starting the Intrusion Detection System (IDS). The user can choose to start the IDS with the default IP address configuration or add a specific path to it. This phase displays the available network interfaces and starts the traffic analysis, thus establishing the conditions for the creation of a secure and efficient environment.

Sightling

Credentials.py You will need to create a special password to send emails for Google, this a video of Youtube How to create it and the structure of file is:

Credentials.py

AUTHOR_EMAIL = "youremail@gmail.com"
AUTHOR_PASS = "XXXX XXXX XXXX XXXX" #Without spaces
RECIPIENT_EMAIL = "anotheremail@domain.com" #If there are more one, you can use a list ["1@domain.com","2@domain.com"]
SMTPSERVER = "smtp.google.com"

Credentials.h Telegram creates a unique token, only works if you have our token and librery is implemented on ESP32 and not Python (a suggestion is created on Python and run it). For C++, Credentials.h is a header using to Wifi SSID and Password with Telegram Token. The structure is:

#define ssid_STA "WIFI"//SSID of your wifi network
#define password_STA "XXXXX"//Password of your wifi
#define BOT_TOKEN "YYYYY YYYYY YYYYY" //Token to create a new bot

Acknowledgments

For their support in the realization of this project and the material used in the project we would like to thank

Bibliography

  1. Ashoor, A. S., & Gore, S. (2011). Importance of intrusion detection system (IDS). International

  2. Journal of Scientific and Engineering Research, 2(1), 1-4.

  3. ESP32 Wi-Fi & Bluetooth SOC | Espressif Systems. (s. f.). https://www.espressif.com/en/products/socs/esp32

  4. Nonato, N. (2022). Data acquisition system for fine surface process monitoring (Doctoral dissertation).

  5. Tarter, A. (2017). Importance of cyber security. Community Policing-A European Perspective: Strategies, Best Practices and Guidelines, 213-230.

  6. UCM-Proyecto de Innovación Software Libre para Ciencias e Ingenierías. (s. f.). https://www.ucm.es/pimcd2014-free-software/wireshark

In charge of the project: Physics student and Computer Engineer Juan Angeles Hernández and Biology student Xianya Itzel Díaz de León Márquez, for the subject Internet of Things, taught by M. Eng. Valente Vázquez Velázquez.

About

This repository provides an Intrusion Detection System (IDS) using an ESP32 microcontroller, Python, shell scripts, and C++. It captures network traffic and displays real-time statistics. The ESP32 communicates with a Linux server, which processes the captured data and stores it in a database.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks