[Owasp-appsensor-project] GSoC 2016 Trend Monitoring Analysis Engine

Timothy Sum Hon Mun timothy22000 at gmail.com
Sun Mar 6 18:58:57 UTC 2016


Hi all,

Firstly, congratulations on OWASP being accepted for GSoC 2016!!

My name is Timothy Sum and I am from Malaysia. I am currently a final year
MSc Computer Science student studying at University of Kent in the UK. I
have experience in Java, Javascript, Python, Node.js, MongoDB, AWS,
Jenkins, Git workflow, Dropwizard, Logstash, Apache Spark (MSc
dissertation) and others, I am always keen to learn new technologies and
try things outside my comfort zone!

I am currently undergoing my placement (where I gained most of my
experience from) which will be concluded on the 31st March 2016. I will be
working full time on the weekdays before then. Therefore, I will do my
research about the project and prepare my proposal typically at night or
during the weekends. After my placement finishes, I will be able to
completely commit to GSoC by researching, learning and experimenting about
gaps in my knowledge during April even before the community bonding period.
I’ll have a written report to write about my placement that is due on June
2016 but I can do that while coding over the summer!

I just recently stumbled over GSoC 3 days ago and have been looking through
the project list to decide which project I should go for. This will be my
first time contributing to an open source project and I am very hyped up
about it as I get to learn from a mentor and contribute at the same time.
:) I also do not mind having skype/hangout discussion with mentors
regularly to discuss about my progress.

I am interested in the Trend Monitoring Analysis Engine project for OWASP
AppSensor and would be excited if I can work on it. I do not have a
background in application security and intrusion detection but am highly
interested learning about it. So far, I have:

i) Read the Chapter 3 and Chapter 4 of the OWASP guide briefly and
understand the approach behind AppSensor, its high level architecture
(detection and response unit), its pattern (Event, EventManager,
EventAnalysisEngine and so on)

ii) Manage to get a demo running locally as per the AppSensor Demo Setup
guide (
https://github.com/jtmelton/appsensor/blob/master/sample-apps/DemoSetup.md).
Had a little bump with a mongo test failing when doing mvn install but got
it to work in the end. Went through part of the codebase while doing this.

iii) Research on trend monitoring analysis techniques. It seems that trend
analysis falls into anomaly detection based on my understanding so far but
feel free to correct me (will expand in the section below). It would be
great if you recommend me additional papers/books to read to learn more on
this topic.

Did a first pass on two papers that cover general topics in IDS:

http://galaxy.cs.lamar.edu/~bsun/seminar/example_papers/IDS_taxonomy.pdf

http://www.ijcset.net/docs/Volumes/volume2issue4/ijcset2012020419.pdf

Currently, I have given it some thought and my high level understanding of
the expected deliverables are:

i)  A trend monitoring analysis engine - Extend the analysis-engines
package and add tests. Depending on which implementation strategies to use,
it seems that I would have to record the “normal” behaviour pattern of a
system and then trigger a response if the application behaves out of the
norm which will be defined by the trending rules.

ii)  Associated configuration mechanism to specify the trending rules/policy
- Extend the configuration mode package, create respective xml and xsd
configuration for the Trend Monitoring analysis engine.

iii) A small full sample demo application showing usage of the trend
monitoring feature. - Built on the existing demo application?

It would be great if the mentor/team can give me feedback on my ideas and
things to read to expand my knowledge in this domain. If there is any task
that you would like me to complete, I am eager to do it and will find time
at night or the weekends to complete it.

I would also like to start preparing my project proposal to be able to
share with the mailing list to get feedback as this will be my first time
applying for GSoC and I will need all the help I can get!!

Thanks for your time and look forward to your feedbacks/replies. This young
padawan needs guidance. :D


I have also started a topic in the OWASP GSoC group.

https://groups.google.com/forum/?fromgroups#!topic/owasp-gsoc/59vAa402jXo


Kind Regards,

Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20160306/6b151aee/attachment.html>


More information about the Owasp-appsensor-project mailing list