Often aspiring students may have this question, what is the purpose of Linux Kernel Development. Since Linux Kernel is very mature and it has almost everything one would need. Usually, we need custom kernel development in the case of any new driver development for new upcoming hardware. And this happens on and on. But at times we may also come across few features/modules/components which are already provided by the Linux Kernel which are not adequate or at least not the way we exactly intended to use.
Custom Kernel Firewall Engine/Stack for SMOAD Networks:
So here is my video which demonstrates live one such use-case. Such as writing an entire custom Security Layer (a Kernel Firewall Engine/Stack) for SMOAD Networks – who is a Managed SD-WAN Services provider. The idea is to use this engine which is built from scratch, instead using the existing Kernel provided Netfilter based Iptables framework. One of the main advantages of this model is that we get complete control over security layers such as Firewall (network security) logs. The logs are further processed so that we don’t end up collecting excessive per packet data (something like TCP-Dump/Wireshark). Instead, periodically create a log dump and feed into the database.
Deep Learning, Machine Learning and AI based IDS/IPS:
The security logs can further be fed into a custom Deep Learning or Machine Learning engine driven by AI. And thus extend its feature to support extensive data mining/collection and drive autonomous IDS/IPS engines. This can be driven with or without network admin (human) assisted. This is a complete heterogeneous model and so we can avoid third-party dependencies such as Snort/Suricata/etc for IDS/IPS functionality. Since as far as I heard from various industry cyber-security experts, they are often quite bulky, cumbersome and way harder to maintain and configure.
So, this is the real-world example, sometimes no matter what Linux Kernel provides as a part of stock Kernel/OS features, sometimes we have to write our own custom kernel stack or module(s) which can specifically cater our exact needs. So here is my detailed multi-episode Youtube video series on /sysfs Interface.
I also conduct sessions/classes on Systems and Network software programming and architecture. If you are interested, click HERE for more details.