A physical Raspberry Pi 5 gateway that authenticates every message from a fleet of simulated sensors, blocks replay and tampering attacks, and flags behavioural anomalies with an AI model — the whole system running as boot-time services with a live Grafana dashboard.
The 2016 Mirai botnet compromised hundreds of thousands of IoT devices — cameras, thermostats, routers — mostly because those devices had no meaningful defenses at the edge. Nearly a decade later, most IoT deployments still trust the network and hope for the best.
The project brief was to build a working defense in depth on a real edge device: firewall, encrypted transport, message integrity, replay protection, intrusion detection and anomaly detection, all running together, all reproducible.
The attack drill runs cleanly. Replay attempts are rejected in under a second with an audit trail. HMAC-tampered payloads never reach the database. The anomaly injection is subtle by design — the HMAC is correct, the RSSI stays constant, the packet rate rises — and the Isolation Forest catches it: the anomaly score for the affected sensor drops from ~0.26 down to ~0.11 while the other sensors stay in the normal band. Everything is visible in the Grafana panels, correlated by timestamp.
The value of the project isn't in any single component — those are all known techniques. It's in the composition: showing that a $80 board, correctly configured, can enforce all of these guarantees at once, on boot, in a way that survives real-world deployment.
Full source code and project site.
GitHub Project site →