Automated IoT Defence Ecosystem

GCA’s Automated IoT Defence Ecosystem (AIDE) enables automated collection, analysis, distribution, and display of attacks on IoT devices and a means to implement distributed defense of these devices including in small office or manufacturing and home environments.


The AIDE platform automatically collects IoT attack data through three methods:

  • Honeyfarms located around the world, including a GCA honeyfarm with over 1,200 devices and data feeds from partners;
  • Virtual IoT devices located on simulated networks; and
  • ProxyPots that can be distributed around the world and will be backed by real and virtual IoT devices.


AIDE aggregates attack data into an analysis platform that is available to companies, academia, nonprofits and other entities to study IoT attack signatures and patterns. In exchange for access to the data, researchers will be required to share any algorithms developed to help AIDE generate additional information products.

Additionally, the analysis platform will be used to generate data feeds available to GCA partners and the security community. These feeds will be made widely available throughout the cybersecurity ecosystem to enable IoT attack mitigation.


Data feeds are made available throughout the cybersecurity ecosystem to enable mitigation of IoT attacks.  Project partners are able to use these data feeds as they wish, while others who use the data feeds as part of a fee-for-service are asked to become a project sponsor.  Those who incorporate the results into a free service, such as Quad9, are free access to the data.


AIDE offers a real-time visualization of high-level results at

Distributed Defense

The output from the AIDE platform can be used by different entities in different ways however, the outputs are designed to allow automated defense.

GCA will work specifically to develop a free or low-cost way for small office or manufacturing and home, and environments to participate in automated defense.  Specifically, this includes an edge router/policy enforcement point that mitigates attacks within the local environment using the “Manufacturer Usage Description” standard for IoT devices that support that standard.  Real-time threat feeds, such as Quad9 and/or data from the AIDE platform, protect legacy IoT devices and general-purpose devices.  A means will be deployed so that when the router identifies an attack or compromise, mitigation to limit the attack and any further compromises can be put in place in real time.

Mailing List


Sign up to receive news, events and other updates from the GCA team.