Versions Compared

Old Version 50

changes.mady.by.user Max Andersen

Saved on

compared with

New Version 51

changes.mady.by.user Farah Juma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Associated JBoss community project(s): Teiid


Intrusion Detection Using Elytron Security Events

Summary of idea:

Without intrusion detection, an attacker can attempt attacks many times until an attack is finally successful. Intrusion detection allows for these attacks to be identified before a successful attack is likely to occur. The purpose of this project is to add the ability to detect attacks using Elytron, the security framework used by the WildFly Application Server. In particular, Elytron already provides support for security events which can indicate things like a failed authentication attempt. Can we leverage these events to detect things like multiple failed authentication attempts for a particular user? Once detected, what kind of action can we take (e.g., a server administrator could be notified, an account could be disabled, etc.)?


This project will need some level of research into the following areas before starting on the implementation:

  • What kinds of attacks can be detected using Elytron security events?
  • Should more security events be added to Elytron? Should more information be added to existing Elytron security events?
  • What kinds of actions can be taken upon intrusion detection?

Possible tasks for this project:

  • Identify a specific type of attack to focus on initially.
  • Create a document that describes the attack you will be focusing on, how you plan to use security events to detect this attack, and what kind of action you plan to take upon detecting this attack.
  • Implement the ability to detect this type of attack using security events.
  • Implement the ability to take action upon detecting this type of attack.
  • Implement appropriate test cases.
  • Write documentation.
  • Create a blog post that gives an overview of your project.
  • Look into other attacks that could be detected.


Required knowledge:

  • Experience with Java and a good understanding of object-oriented programming concepts
  • Experience in data sciences, machine learning, or AI in general would be ideal

GitHub repo: https://github.com/wildfly-security/wildfly-elytron

Elytron website: https://wildfly-security.github.io/wildfly-elytron/

Elytron getting started guide: https://wildfly-security.github.io/wildfly-elytron/getting-started-for-developers 

Skill level: Intermediate

Contact(s) / potential mentor(s): Darran Lofthouse (darran.lofthouse@redhat.com) and Farah Juma (fjuma@redhat.com)

Associated JBoss community project(s): Elytron, WildFly