# lHIDS

**Repository Path**: jie-lin/lHIDS

## Basic Information

- **Project Name**: lHIDS
- **Description**: lHIDS is a lightweight intrusion detection system for embedded systems.
- **Primary Language**: Unknown
- **License**: Apache-2.0
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2022-07-07
- **Last Updated**: 2024-10-01

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# lHIDS: lightweight host intrusion detection system
lHIDS is a lightweight intrusion detection system for embedded systems. It covers most of the detection for ATT&CK matrix.

Copyright (C) 2022 Jie Lin
Email: jie_lin@hit.edu.cn or fjlinjie@126.com

# Introduction
lHIDS supports x86_64 and aarch64 CPU architecture.

# Building
The recommended host OS is Ubuntu 20.04.
```
apt-get install cmake m4 clang llvm
cd lHIDS
mkdir build
cd build
cmake -DUSE_BUNDLED_DEPS=true -DBUILD_BPF=true ../
```

For cross compiling, please refer to [CROSS_COMPILING.md](./CROSS_COMPILING.md)

# Usage
For all rules
```
sudo HIDS_BPF_PROBE=./driver/bpf/probe.o ./userspace/main/hids -c hids.yaml -r ../rules
```

For single rule
```
sudo HIDS_BPF_PROBE=./driver/bpf/probe.o ./userspace/main/hids -c hids.yaml -r ../rules/T1014.yaml
```