Senior Design Team sdmay21-17 • SmartBlock: Webserver Attack Blocking AI

logo

About

Team: sdmay21-17
Partner: Cylosoft
Email address: sdmay21-17@iastate.edu.
Website: https://sdmay21-17.sd.ece.iastate.edu

Members:

Software Engineers

  • Megan Hill
  • Jamie Sampson
  • Emily Young
  • Andrew Marek

Computer Engineers

  • Paul Degnan

Point of Contact: Andrew Dakin (andrew@cylosoft.com)
Faculty Advisor: Douglas W. Jacobson (dougj@iastate.edu)

Purpose

Websites have a constant stream of attacks, scans, and bots generating traffic. The purpose of this project is to knock down as much of the bad traffic as possible using Microsoft Internet Information Services (IIS) and allow one to visualize unwanted traffic.

Description

Microsoft IIS generates text-based log files of each web request for the website that it is hosting. SmartBlock is a .NET Core Console app that reads the log files for each website. It monitor the website's traffic and uses a set of predefined rules specified by configuration fils to look for unwanted traffic. Upon IIS finding unwanted traffic, SmartBlock stores the information in a database and updates the website to help visualize attacks.

  • Phase 0: MS SQL database to log the actions
  • Phase 1: monitoring and logging
  • Phase 2: blocking
  • Phase 3: Website creation

Requirements

  • Configuration to IIS site ID
  • Process multiple sites on a single server
  • Web UI to display metrics
  • Display and undo blocking actions

Solutions
Monitor IIS traffic with IIS modules IpSecurity. Create an application to generate mock unwanted traffic. Once stable, we can put it on a production website in a log only type mode. It would then look for bad traffic and log what the application would do.

Resources

  • MsSQL
  • C# and .NET Core
  • Azure Hosting
  • Real log files
  • NextJS