sdmay21-17 • SmartBlock: Webserver Attack Blocking AI

This theme uses "root" links to dependencies and assets (CSS, JS, images, etc.). Place all theme files and directories at the root of your web server for this page to render as intended.

Senior Design Team sdmay21-17 • SmartBlock: Webserver Attack Blocking AI

About

Team: sdmay21-17
Partner: Cylosoft
Email address: sdmay21-17@iastate.edu.
Website: https://sdmay21-17.sd.ece.iastate.edu

Members:

Software Engineers

Megan Hill
Jamie Sampson
Emily Young
Andrew Marek

Computer Engineers

Paul Degnan

Point of Contact: Andrew Dakin (andrew@cylosoft.com)
Faculty Advisor: Douglas W. Jacobson (dougj@iastate.edu)

Purpose

Websites have a constant stream of attacks, scans, and bots generating traffic. The purpose of this project is to knock down as much of the bad traffic as possible using Microsoft Internet Information Services (IIS) and allow one to visualize unwanted traffic.

Description

Microsoft IIS generates text-based log files of each web request for the website that it is hosting. SmartBlock is a .NET Core Console app that reads the log files for each website. It monitor the website's traffic and uses a set of predefined rules specified by configuration fils to look for unwanted traffic. Upon IIS finding unwanted traffic, SmartBlock stores the information in a database and updates the website to help visualize attacks.

Phase 0: MS SQL database to log the actions
Phase 1: monitoring and logging
Phase 2: blocking
Phase 3: Website creation

Requirements

Configuration to IIS site ID
Process multiple sites on a single server
Web UI to display metrics
Display and undo blocking actions

Solutions
Monitor IIS traffic with IIS modules IpSecurity. Create an application to generate mock unwanted traffic. Once stable, we can put it on a production website in a log only type mode. It would then look for bad traffic and log what the application would do.

Resources

MsSQL
C# and .NET Core
Azure Hosting
Real log files
NextJS