{"id":18335644,"url":"https://github.com/fukuda-lab/fide","last_synced_at":"2025-04-06T04:34:11.169Z","repository":{"id":246625984,"uuid":"820416194","full_name":"fukuda-lab/FIDe","owner":"fukuda-lab","description":"FIDe is an fully in-kernel anomaly detection/mitigation framework based on eBPF.","archived":false,"fork":false,"pushed_at":"2024-11-05T14:40:18.000Z","size":3953,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-21T17:09:07.085Z","etag":null,"topics":["ebpf","library","linux","xdp"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fukuda-lab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-26T12:28:32.000Z","updated_at":"2025-03-13T18:39:03.000Z","dependencies_parsed_at":"2024-06-29T07:43:06.932Z","dependency_job_id":"9eff465e-fd9a-4ec1-8c36-f9620ccbc608","html_url":"https://github.com/fukuda-lab/FIDe","commit_stats":null,"previous_names":["fukuda-lab/fide"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fukuda-lab%2FFIDe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fukuda-lab%2FFIDe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fukuda-lab%2FFIDe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fukuda-lab%2FFIDe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fukuda-lab","download_url":"https://codeload.github.com/fukuda-lab/FIDe/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247435043,"owners_count":20938530,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","library","linux","xdp"],"created_at":"2024-11-05T20:01:47.907Z","updated_at":"2025-04-06T04:34:10.946Z","avatar_url":"https://github.com/fukuda-lab.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# FIDe\nFIDe is a fully in-kernel anomaly detection/mitigation framework based on eBPF. The framework enables high-speed traffic monitoring and anomaly detection in generic Linux machines with NICs supporting native XDP. Further details on this framework is available on our paper [Dynamic Fixed-point Values in eBPF: a Case for Fully In-kernel Anomaly Detection](https://dl.acm.org/doi/abs/10.1145/3674213.3674219). \n\nIf you use any components of our framework, please consider citing our work.\n\u003eOsaki, Atsuya, Poisson, Manuel, Makino, Seiki, Shiiba, Ryusei, Fukuda, Kensuke, Okoshi, Tadashi, \u0026 Nakazawa, Jin. (2024, August). Dynamic Fixed-point Values in eBPF: a Case for Fully In-kernel Anomaly Detection. In Proceedings of the Asian Internet Engineering Conference 2024 (pp. 46-54).\n\n## Components of this Repository\nThe below list is the main components of this repository.\n1. fully_in-kernel directory\n2. user+ebpf directory\n3. fixed-point.h header file\n\nThe 2 directories contain 2 different versions of the anomaly detection/mitigation framework. \nfully_in-kernel directory composes the fully in-kernel version, and the user+ebpf directory composes the version that perform traffic analysis in the user space.\n\nfixed-point.h file contains the arithmetic operations of the dynamic fixed-point values, which allows arithmetic operations of fractional numbers inside eBPF programs. Refer to our paper for more details. To use this library, place this \"fixed-point.h\" header file inside the directory of your project and reference it as a headerfile inside your eBPF program.\n\n## To build the framework\nThe basic introduction of XDP is well composed by the people at XDP-Project, inside the [xdp-tutorial](https://github.com/xdp-project/xdp-tutorial) repository. Dependency of FIDe can also be fulfilled by following the introduction of xdp-tutorial, found [here](https://github.com/xdp-project/xdp-tutorial/blob/master/setup_dependencies.org).\n\nWhen that is done, move to the directory of the framework (fully_in-kernel/ or user+ebpf/) and then inside main/ directory. Run `make` there, then the libraries and eBPF programs will be compiled. Use xdp-loader from xdp-tutorial to load the eBPF program to the kernel space.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffukuda-lab%2Ffide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffukuda-lab%2Ffide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffukuda-lab%2Ffide/lists"}