HTTP
proxy data collection for the MOC analytics-based security service
Project logistics
- Mentor: Alina Oprea, email: alina.oprea@rsa.com
- Min-max team size: 5
- Expected project hours per week (per team member): 6-8
- Will the project be open source? Y
Preferred
past experience
- Linux (Very important)
- Python or C/C++ (Very important)
- Basic network protocols, such as TCP and HTTP (Very
important)
- Network switches (Rather important)
- DB technologies like InfluxDB (Rather important)
- Basic statistics (Nice to have)
Project
Overview
The
MOC is deploying the monitoring infrastructure that collects a number of
different metrics from several layers of the cloud. Datasets from multiple
sources (Ceilometer, Sensu, LogStash) are integrated into a time-series
database (InfluxDB) that will provide various analytics services to the cloud
provider and selected researchers. This project will augment the monitoring
infrastructure to:
-
Keep historical performance metrics into InfluxDB and allow queries based on
different attributes (time interval, VM identifier, physical machine
identifier, etc.).
-
Augment the monitoring infrastructure with a proxy VM that will intercept
network traffic of users opting in to this service. The proxy will collect
finer-grained data on users’ network connections, including HTTP header
information.
-
Time-permitting, the team will simulate one or several attacks (e.g., VM
performing a DoS attack, or visiting a malicious web site) and deploy some
statistical techniques to detect them.
This
project will create the necessary infrastructure for the analytics-based
security service planned to be deployed in the MOC.
Some
Technologies you will learn/use:
- Tools for monitoring the cloud
- Network traffic collection
- Time-series databases
- Simple attack simulation and detection