Mostly, harmful software infiltrates in personal computers via local network. This can be represented by viruses, worms, ransomwares, spywares, rootkits and many more. Best way to stop or detect intrusion is to analyze network traffic at kernel-space level.
Hybrid architectures with microcontroller and field programable gate array (FPGA) are an efficient solution relative to execution speed, implementing parallel computation units that can detect specific byte sequences.
This design is supposed to work as an intrusion detection system. It's purpose is to accelerate Morris-Pratt string matching algorithm, to detect intrusion data, log it and report it to a host computer.
Steps to replicate the project:
1) Format the sd card (I prefer using gparted) as follows:
- boot = FAT32 - 16 MB
- rootfs = EXT4 - the remaining space
2) Build u-boot using the steps provided here: Build U-Boot
3) Build FSBL using the stept provided here: Build FSBL
4) Using the 2 files previously generated and the file from github repository
epi_vivado/sdk/bd_name_wrapper_hw_platform_0/main_design_wrapper.bit
generate the Zynq Boot Image as described in this tutorial: Creating a Zynq Boot Image
5) Build the device tree blob using the steps provided here: Build Device Tree Blob
6) Clone and build uImage from Xilinx repository: linux-xlnx
7) Copy the next files into the FAT32 partion on SD Card:
uImage
devicetree.dtb
boot.bin
8) Install the root filesystem (for the EXT4 partition):
# wget https://releases.linaro.org/12.11/ubuntu/precise-images/ubuntu-desktop/linaro-precise-ubuntu-desktop-20121124-560.tar.gz
# sudo tar –strip-components=3 -C /media/rootfs -xzpf linaro-precise-ubuntu-desktop-20121124-560.tar.gz binary/boot/filesystem.dir
9) Plug in the SD card into Zedboard and power it on. Connect to UART and set an ip address for interface eth0. Now set a password for root using the command passwd. Run the command mkdir just to make sure the next transfers will take place.
# ifconfig eth0 <ip>
# passwd
# mkdir kmodule
10) Connect the Zedboard and the host PC with a network cable. Set proper IP for host PC. Navigate in epi_driver folder and build and transfer the driver:
# make
# make deploy
Do the same for epi_app.
11) To test the system you can run the commands:
# cd kmodule
# insmod epi.ko
# mknod s c 245 0
# ./test
Where mknod is used to create the driver's char file named "s". Driver's minor and major numbers can be discovered using the command:
# cat /proc/devices | grep epi
The output of ./test program depends on the epi_app source files. Some sections are commented to test diffrent parts of the program, like in the demo video.
Comments