{"id":23263262,"url":"https://github.com/amssidds/IoT_IDS","last_synced_at":"2025-08-20T18:35:21.093Z","repository":{"id":262963570,"uuid":"888917789","full_name":"amssidds/IoT_IDS","owner":"amssidds","description":"A Python-based Network Intrusion Detection System (NIDS) designed to detect and block brute force attacks on a Raspberry Pi. This lightweight and efficient tool monitors live network traffic, detects malicious activity, and logs incidents for analysis.","archived":false,"fork":false,"pushed_at":"2024-12-01T07:58:57.000Z","size":283,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-31T04:52:49.771Z","etag":null,"topics":["internet-of-things","intrusion-detection-system","iot","nids"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amssidds.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-15T08:57:54.000Z","updated_at":"2025-05-02T04:39:51.000Z","dependencies_parsed_at":"2024-11-30T03:24:33.371Z","dependency_job_id":"dce1ce87-57c9-48c4-975b-8af939cc8d4e","html_url":"https://github.com/amssidds/IoT_IDS","commit_stats":null,"previous_names":["ameenms03/amssiddsids","ameenms03/iot_ids","amssidds/iot_ids"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/amssidds/IoT_IDS","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amssidds%2FIoT_IDS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amssidds%2FIoT_IDS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amssidds%2FIoT_IDS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amssidds%2FIoT_IDS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amssidds","download_url":"https://codeload.github.com/amssidds/IoT_IDS/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amssidds%2FIoT_IDS/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271364001,"owners_count":24746809,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-20T02:00:09.606Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["internet-of-things","intrusion-detection-system","iot","nids"],"created_at":"2024-12-19T14:15:59.753Z","updated_at":"2025-08-20T18:35:20.663Z","avatar_url":"https://github.com/amssidds.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# **Raspberry Pi Network Intrusion Detection System (NIDS)**\n\nA Python-based Network Intrusion Detection System (NIDS) designed to detect and block malicious activities on a Raspberry Pi. This lightweight and efficient tool monitors live network traffic, detects malicious activity, and logs incidents for analysis.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/1a827374-d89f-4b3d-8f6a-2034264f732e\" width=\"500\"\u003e\n\u003c/p\u003e\n\n\n\n## **Collaborators**\n1. Ameen Siddiqui\n2. [Mohammed Idris](https://github.com/mczdj) \n\n## **Features**\n- **Brute Force Attack Detection**: Monitors SSH traffic for repeated failed login attempts and blocks offending IPs.\n- **Live Traffic Monitoring**: Displays live network traffic with timestamps and identifies attack types.\n- **Automatic IP Blocking**: Automatically blocks IPs that exceed a predefined failed login threshold.\n- **Manual Block/Unblock**: Allows users to manually block or unblock IPs through a user-friendly menu.\n- **Logs Management**: Logs all detected attacks with timestamps for future reference.\n- **Menu-Driven Interface**: Simple and interactive CLI for ease of use.\n- **Nmap Scan Detection**: Detects SYN, Null, and XMAS scans performed using tools like Nmap and logs them.\n- **ARP Poisoning Detection**: Identifies ARP spoofing attempts to alert and log malicious behavior.\n\n## **Installation**\n\n### **Prerequisites**\n- Raspberry Pi running a Linux-based OS.\n- Python 3.x installed.\n- Required Python modules: `scapy`.\n\n### **Setup Instructions**\n1. Clone this repository:\n   ```\n   git clone https://github.com/AmeenMS03/IoT_IDS.git\n   cd IoT_IDS\n   ```\n2. Install the required Python library:\n   ```\n   sudo apt-get update\n   sudo apt-get install python3-pip\n   pip3 install scapy\n   ```\n3. Install `iptables` for IP blocking:\n   ```\n   sudo apt-get install iptables\n   ```\n\n## **Usage**\n\n1. Run the program:\n   ```\n   sudo python3 code.py\n   ```\n2. Select an option from the menu:\n   - **Start Packet Sniffing**: Monitors live traffic for potential brute force attacks, Nmap scans, and ARP poisoning attempts.\n   - **Block an IP Manually**: Add an IP to the blocklist.\n   - **Remove IP from Blocklist**: Unblock a previously blocked IP.\n   - **Show Blocked IPs**: Display all currently blocked IPs.\n   - **View Logs**: View recorded logs of detected attacks.\n   - **Exit**: Quit the program.\n\n## **Configuration**\n\n- **Failed Login Threshold**:\n  - Set the number of failed SSH login attempts before an IP is blocked.\n\n- **Log File**:\n  - All logs are saved in `logs.txt` in the same directory as the script.\n\n## **Example Output**\n\n### **Live Traffic**\n```\n[2024-11-15 12:00:00] 192.168.1.101 -\u003e 192.168.1.24, Port: 22 | Attack Type: No\n[2024-11-15 12:00:05] 192.168.1.101 -\u003e 192.168.1.24, Port: 22 | Attack Type: Brute Force - SSH - 22\n[2024-11-15 12:01:00] SYN scan detected from 192.168.1.102 to port 22 | Attack Type: Nmap SYN Scan\n[2024-11-15 12:02:00] ARP Poisoning detected: 192.168.1.103 is claiming to be MAC 00:11:22:33:44:55\n```\n\n### **Blocked IPs**\n```\nBlocked IPs:\n192.168.1.101\n192.168.1.102\n```\n\n### **Logs**\n```\n[2024-11-15 12:00:05] 192.168.1.101 -\u003e 192.168.1.24, Port: 22 | Attack Type: Brute Force - SSH - 22\n[2024-11-15 12:01:00] SYN scan detected from 192.168.1.102 to port 22 | Attack Type: Nmap SYN Scan\n[2024-11-15 12:02:00] ARP Poisoning detected: 192.168.1.103 is claiming to be MAC 00:11:22:33:44:55\n```\n\n## **License**\n\nThis project is licensed under the MIT License. See the `LICENSE` file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famssidds%2FIoT_IDS","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famssidds%2FIoT_IDS","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famssidds%2FIoT_IDS/lists"}