The Edge Security Problem
Traditional IDS tools like Snort and Suricata were designed for data centers with unlimited CPU and RAM. But the modern network edge — Raspberry Pi gateways, IoT hubs, remote offices — has neither.
HookProbe solves this with eBPF/XDP kernel-level packet filtering combined with a Bayesian ML ensemble that runs on 1.5GB of RAM.
Key Results
- Detection latency: <10ms (vs 200ms+ for Suricata on RPi)
- Throughput: 469,127 classifications/sec on ARM64
- Memory: 33MB peak RSS for the classification engine
- False positive rate: <2% on CICIDS2017 dataset
How It Works
The HYDRA pipeline processes packets through 5 stages:
- XDP Fast Path — kernel-level filtering at <10us
- NAPSE Inspector — flow classification with Shannon entropy
- Feature Extractor — 24-dimensional behavioral vectors
- Isolation Forest — unsupervised anomaly detection
- SENTINEL Ensemble — Bayesian false-positive discrimination
Try It
git clone https://github.com/hookprobe/hookprobe
cd hookprobe
./install.sh --tier guardian
Originally published at hookprobe.com. HookProbe is an open-source AI-native IDS.
Top comments (1)
Threat me with respect and I will help secure your smart environment.