A sleek, futuristic banner showcasing FortiFi’s commitment to IoT security and innovation.
MICS Capstone Project Spring 2025

FortiFi

Team members
Naeemah Robert
Lawrence Wagner
Alexander Pratt
Jonathan Nguyen
Christopher Black

Problem Statement

IoT devices are increasingly integrated into home and remote work networks, offering convenience but also expanding potential entry points for cyberattacks. Many of these devices lack adequate security controls, making them easy targets for exploitation. Once compromised, they can be used to access other devices on the network, intercept sensitive data, or serve as launch points for broader attacks.

The persistence and frequency of these threats are no longer theoretical. According to Netgear’s 2024 Cyber Landscape Report, the average home network experiences ten daily attack attempts. As attackers continue to exploit weak authentication, outdated firmware, and unmonitored traffic, there is a growing need for accessible tools that provide early detection and clear guidance to prevent escalation and protect digital environments.

Project Description

Remote work environments that rely on bring-your-own-device (BYOD) policies introduce significant security and privacy challenges, especially for organizations that process sensitive information such as customer health records. Personal devices and home networks often lack consistent protections, making ensuring secure configurations across the workforce difficult.

FortiFi addresses these issues by monitoring home network traffic in real time, detecting suspicious activity, and providing clear, step-by-step guidance through an integrated chatbot. The system is designed to support non-technical users in identifying and responding to threats while helping organizations safeguard data confidentiality and user privacy. FortiFi strengthens remote security without adding complexity to daily workflows.

Network Tap (Raspberry Pi)

At the core of FortiFi’s architecture is a Raspberry Pi configured as a passive network tap. The device is placed between the user’s modem and router, allowing it to monitor all ingress and egress network traffic without interrupting or altering the flow of data. This setup enables full visibility into the network while maintaining compatibility with existing infrastructure. Traffic is captured using a combination of TShark for general monitoring and a WiFi Pineapple for wireless packet analysis. All captured data remains local to the device, where it is decrypted (if applicable), processed, and analyzed in real time. This architecture prioritizes privacy by ensuring no raw packet data or AI processing is sent to the cloud.

Mobile Application

The mobile application abstracts the background processing and data from the user. This allows them to see the nicely formatted data and events without having to manually query the api and dig through rows of information. The application features 3 sections: Network Summary, Devices, and Chatbot. The summary page includes high level information about the distribution of traffic as well as any flagged events. The devices page enumerates the detected IoT devices on the network and will continue to learn the longer the FortiFi product is plugged in. Finally, the AI Chatbot can be leveraged for both general network Information or use flagged events for context. Ideally,  users will be able to recover their network to a secure state.

Artificial Intelligence (AI) Assistant

Fortifi features a chatbot powered by OpenAI’s ChatGPT-3.5 large language model (LLM), which offers users insights into detected network intrusions and provides recommendations to mitigate attacks and secure their network. We designed the LLM system message to establish context, set the tone, and constraints to avoid technical jargon, making it easy for non-technical users to understand and follow the recommended steps. User responses are passed to the LLM as user messages, allowing the system to understand and provide tailored guidance.

Machine Learning

The machine learning models are some of the core components of our product. The device identification model was trained to identify the different types of IoT devices present on the network, such as smart cameras, speakers, smart TVs, thermostats, and lights. The intrusion detection model was trained to detect 2 types of attack: Distributed Denial of Service (DDoS) and Horizontal port scanning. Since privacy is a fundamental aspect of our product, the models were trained on and processed the traffic metadata to make their predictions on IoT device type and malicious activity on the network. 

Threat Modeling/Secure By Design

FortiFi was developed using the PASTA threat modeling framework to identify potential vulnerabilities early and embed security into each stage of the system’s design. Rather than relying on reactive fixes, the system was built with a secure-by-design mindset.

The result is a layered security architecture that supports real-time monitoring, guided user response, and protection against common threats in home and remote work environments. FortiFi is designed to help users maintain data security and privacy without requiring deep technical expertise.

Acknowledgments

The FortiFi team acknowledges the following individuals for their valuable guidance and support throughout the development of the project:

  • Ryan Liu
  • Dr. Sekhar Sarukkai

To support the development of our machine learning model, we utilized the following datasets:

  • Sivanathan, A., Habibi Gharakheili, H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. , “Classifying IoT Devices in Smart Environments using Network Traffic Characteristics” , IEEE Transactions on Mobile Computing (TMC), Aug, 2018. DOI: 10.1109/TMC.2018.2866249 

  • Z. Ali, F. Hussain, S. Ghazanfar, M. Husnain, S. Zahid and G. A. Shah, "A Generic Machine Learning Approach for IoT Device Identification2021 International Conference on Cyber Warfare and Security (ICCWS), Islamabad, Pakistan, 2021, pp. 118-123, doi: 10.1109/ICCWS53234.2021.9702983.

  • Sebastian Garcia, Agustin Parmisano, & Maria Jose Erquiaga. (2023). Malware Detection in Network Traffic Data [Data set]. Kaggle. https://doi.org/10.34740/KAGGLE/DSV/7285844 

  • @inproceedings{mirsky2018kitsune, title={Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection}, author={Mirsky, Yisroel and Doitshman, Tomer and Elovici, Yuval and Shabtai, Asaf}, booktitle={The Network and Distributed System Security Symposium (NDSS) 2018}, year={2018} }

More Information

https://github.com/aedifex/FortiFi/
FortiFi logo
FortiFi Technical Diagram
FortiFi Technical Diagram
Mobile Device Intrusion Detected
Mobile Device: Intrusion Detected
Mobile Device: Network Overview
Network Overview
Mobile Device: Device Monitoring
Device Monitoring
Mobile Device: AI Assistant
AI Assistant
The FortiFi IoT Network Instruction Device
FortFi Network Instruction Device

Video

Last updated: April 15, 2025