Isolation Forest + eBPF events to create a Linux based endpoint detection system [P]

The author is developing 'guardd', a Linux host-based anomaly detection system utilizing Isolation Forest with eBPF events. It groups exec and network events into 60-second windows to create feature vectors, trained unsupervised to detect anomalies, though it currently faces false positive issues.