evilsocket/ebpf-process-anomaly-detection external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

evilsocket/ebpf-process-anomaly-detection

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/evilsocket/ebpf-process-anomaly-detection)

Close

evilsocket / ebpf-process-anomaly-detectionView on GitHubMore

• External links
• Readme badge

Process behaviour anomaly detection using eBPF and unsupervised-learning Autoencoders

☆140Aug 15, 2022Updated 3 years ago

Alternatives and similar repositories for ebpf-process-anomaly-detection

Users that are interested in ebpf-process-anomaly-detection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• sysflow-telemetry / sf-processor

  View on GitHub
  SysFlow edge processing pipeline
  ☆18Jan 15, 2025Updated last year
• SRodi / ebpf-prometheus-metrics

  View on GitHub
  This project process eBPF events into Prometheus metrics via a Go user-space application. A Grafana dashboard is included to visualize Ke…
  ☆16Apr 22, 2025Updated last year
• congwang / ebpf-2-phase-signing

  View on GitHub
  ☆16Jan 30, 2025Updated last year
• metan-ucw / runltp-ng

  View on GitHub
  Minimalistic LTP testrunner
  ☆11Jul 28, 2022Updated 3 years ago
• dmcgowan / lcontainerd

  View on GitHub
  Lightweight local libraries for containerd
  ☆12Mar 19, 2026Updated 3 months ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• kubescape / node-agent

  View on GitHub
  Kubescape eBPF agent 🥷🏻
  ☆36Updated this week
• alegrey91 / gypsylist

  View on GitHub
  A web scraper for nomadlist.com, made to avoid website restrictions.
  ☆11Dec 9, 2021Updated 4 years ago
• evilsocket / medusa

  View on GitHub
  A fast and secure multi protocol honeypot.
  ☆330Sep 9, 2022Updated 3 years ago
• seclab-stonybrook / eaudit

  View on GitHub
  eAudit suite for recording provenance-related system calls on Linux
  ☆20May 20, 2026Updated last month
• JosephTLucas / wasm-plotly

  View on GitHub
  Demo of using WASM to sandbox Plotly execution
  ☆21Mar 30, 2025Updated last year
• willfindlay / bpfcontain-rs

  View on GitHub
  BPFContain is a container security daemon for GNU/Linux leveraging the power and safety of eBPF and Rust.
  ☆59Jun 30, 2022Updated 3 years ago
• krisnova / double-slit-experiment

  View on GitHub
  Identify containers at runtime and observe them. No container runtime required. Read only access to the kernel.
  ☆16Jul 24, 2021Updated 4 years ago
• ShiftLeftSecurity / traceleft

  View on GitHub
  eBPF based syscalls, files and network events tracing framework
  ☆94Jul 24, 2020Updated 5 years ago
• containerscrew / rootisnaked

  View on GitHub
  Simple root privilege escalation detection using eBPF 🐝
  ☆35Feb 10, 2026Updated 4 months ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• epilys / vfsstat.rs

  View on GitHub
  Example sqlite3 Dynamic Loadable Extension in Rust - vfs and vtab modules - port of vfsstat.c
  ☆35Nov 26, 2024Updated last year
• firezone / probe

  View on GitHub
  Probe for WireGuard® connectivity
  ☆19May 25, 2026Updated last month
• cisco-open / camblet-driver

  View on GitHub
  Linux Kernel module providing TLS, identity and running WASM
  ☆82Aug 12, 2024Updated last year
• thought-machine / falco-probes

  View on GitHub
  Automated build and mirror of eBPF kernel probes for use as a driver with the Falco runtime security agent (https://falco.org/)
  ☆15Nov 18, 2024Updated last year
• hardenedvault / ved-ebpf

  View on GitHub
  VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF
  ☆171Sep 7, 2024Updated last year
• suborbital / vektor

  View on GitHub
  Opinionated production-grade HTTP server framework for Go
  ☆83Feb 18, 2023Updated 3 years ago
• Magier / Ran

  View on GitHub
  Ran is an experimental offensive tool for Kubernetes clusters with the goal to enable quick emulation of adversary techniques and a colle…
  ☆36Updated this week
• pouriyajamshidi / flat

  View on GitHub
  Measure UDP and TCP connection latency for IPv4 and IPv6 using eBPF and Go
  ☆76Updated this week
• airbus-cert / dirtypipe-ebpf_detection

  View on GitHub
  An eBPF detection program for CVE-2022-0847
  ☆29Jul 5, 2022Updated 3 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• solo-io / bumblebee

  View on GitHub
  Get eBPF programs running from the cloud to the kernel in 1 line of bash
  ☆1,300Apr 17, 2025Updated last year
• eeriedusk / knockles

  View on GitHub
  eBPF Port Knocking Tool
  ☆237Aug 23, 2023Updated 2 years ago
• zimage / eBPF-drop-rfc-3514

  View on GitHub
  This eBPF module will drop any IPv4 packets that have the RFC 3514 "evil bit" set.
  ☆19Jun 16, 2025Updated last year
• InfinityCurveLabs / vm-filesystem

  View on GitHub
  Filesystem interaction via firebeam virtual machine execution
  ☆55Mar 26, 2026Updated 3 months ago
• spiderpig1297 / kunkillable

  View on GitHub
  kunkillable is an LKM that makes userland processes unkillable.
  ☆17Sep 26, 2020Updated 5 years ago
• nickalie / go-binwrapper

  View on GitHub
  Binary wrapper that makes command line tools seamlessly available as local golang dependencies
  ☆22Feb 17, 2026Updated 4 months ago
• googleinterns / hawk

  View on GitHub
  ☆18Nov 17, 2020Updated 5 years ago
• alegrey91 / harpoon

  View on GitHub
  🔍 Function-level tracing tool for Seccomp profiling, with eBPF
  ☆177Feb 23, 2026Updated 4 months ago
• Fare9 / KUNAI-static-analyzer

  View on GitHub
  Tool aimed to provide a binary analysis of different file formats through the use of an Intermmediate Representation.
  ☆146Mar 31, 2024Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• dreadnode / research

  View on GitHub
  General research for Dreadnode
  ☆27Jun 17, 2024Updated 2 years ago
• zirvaorg / ratelimit

  View on GitHub
  a basic net/http rate limiter middleware
  ☆13Sep 24, 2024Updated last year
• evilsocket / spycast

  View on GitHub
  A crossplatform mDNS enumeration tool.
  ☆365Sep 25, 2022Updated 3 years ago
• Gui774ume / krie

  View on GitHub
  Linux Kernel Runtime Integrity with eBPF
  ☆186Nov 23, 2023Updated 2 years ago
• dylandreimerink / edb

  View on GitHub
  An eBPF program debugger
  ☆216May 28, 2022Updated 4 years ago
• CN-TU / machine-learning-in-ebpf

  View on GitHub
  This repository contains the code for the paper "A flow-based IDS using Machine Learning in eBPF", Contact: Maximilian Bachl
  ☆112Aug 11, 2025Updated 10 months ago
• bpfman / bpfman-operator

  View on GitHub
  Kubernetes operator for bpfman
  ☆38Updated this week