SecureTea Project.

Google Summer of Code 2021 Final Report

• Student Developer: Aman V. Singh

• Organisation - OWASP Foundation

• Project - SecureTea-Project

• Mentors - Rejah Rahim & adeyosemanputra

• GSoC Project - SecureTea - Improvement in Features

About SecureTea Project

The OWASP SecureTea Project focuses on providing a one-stop security solution for various devices (personal computers / servers / IoT devices).

The project has these features:

• Intrusion Detection System

• Firewall

• AntiVirus

• Server Log Monitor

• System Log Monitor

• Local Web Deface Detection & Prevention System

• Auto Web Server Patcher

• IoT Anonymity checker

• Auto report generation using OSINT

• Notifying suspicious activities using various mediums (Twitter, Telegram, Slack, Gmail, SMS, AWS & more)

• Interactive GUI for ease of setting up

• History Logger

• GUI with authentication for Enterprise networks

• Social Engineering

• Eligibility traces based method for automatic blacklisting of ip addresses

GSoC'21 Summary

Tasks Proposed in Proposal:-

• Add Web Application Firewall Feature

• Improve features (IDS, Firewall)

• Complete the web GUI and remote monitoring

• Zero bugs - Fix the currently identified bugs

• Improve Detecting Website Defacements Based on Machine Learning Techniques and Attack Signatures

Summary of my Work During GSoC'21:-

• WhatsApp Integration

  • Added Whatsapp for remote monitoring and Notifications.

  • Whatsapp Integration using Twilio WhatsApp sandbox.

  • Wrote Unit Testing Modules for Whatsapp Integration.

  • Documentation for usage of Module.

• Improvement in Network Intrution Detection Feature

  • Add new R2L attack detection modules to IDS

  • Added DNS Amplification detection and test modules.

  • Added BGP Abuse detection and test modules.

• Signature Based Defacement detector

  • The signature-based detection is fast and efficient for known attacks, and therefore it is used to improve the processing speed for common types of known defacement attacks.

  • The attack signatures are manually extracted from defaced web pages.We manually review the HTML code of each defaced web page to find patterns that commonly appear in defaced pages to construct the list of attack signatures. The attack signatures are stored and can be updated when new defaced pages are detected.

Improve Detecting Website Defacements Based on Machine Learning Techniques

This web defacement detection model will work for static as well as dynamic Webpages (The current version of the feature is only for static pages as it compares the hash changes). This model has 3 ways to detect defacement in consecutive order:-

• Detection based on the change in the hash of external files(CSS, js, images, etc) used in the webpage.

• Detection based on Attack signature(This data would accumulate from previous incidents of defacement).

• Detection using machine learning(Using Random Forest Algorithm)

• The steps to achieve this task were be:-

  • Collecting Attack Signatures from defacement incidents.

  • Building the dataset of defaced website and using the 2-gram method and then vectorized using the term frequency (TF) method.

  • Traning the model using defaced and non-deface datasets using Random Forest Algorithm.

  • Integrating the model with the project and other techniques.

  • Wrtiting unit test modules

  • Documentation

• Add Web Application Firewall Feature to the Web Interface(GUI)

  • WAF can be run from the GUI web interface from now.

• Zero bugs - Fixed the identified bugs

  • SweetAlert Node Module Error

  • Fix for NetfilterQueue Issue

  • Workflow Fix

  • Fix for socketio error

  • Bug Fix

  • Repaired the broken WorkFlow

  • Refactored Code

  • Few Bug Fixes and Code Refactoring