This is the repository with all the information you need to know about the Google Summer of Code for Stratosphere Laboratory 2023
Stratosphere conducts research at the intersection of machine learning, cybersecurity and helping others by developing free software tools. We are part of the Artificial Intelligence Center, Faculty of Electrical Engineering, Czech Technical University in Prague. Stratosphere is an official organization in the Google Summer of Code 2023.
The Google Summer of Code is a global, online program focused on bringing new contributors into open source software development. GSoC Contributors work with an open source organization on a 12+ week programming project under the guidance of mentors.
- Slips (Stratosphere Linux IPS)
- Attacker IP Threat Intelligence Framework (AIP)
We strongly suggest that you go to our public Discord and talk to us there to start discussing your own ideas on what to work on and make us questions. Go here to Discord.
Slips is a behavioral intrusion prevention system that uses machine learning to detect malicious behaviors in network traffic. Slips focus on targeted attacks, detection of command and control channels, and providing a good visualization for the analyst. It can analyze network traffic in real-time, network captures such as pcap files, and network flows produced by Suricata, Zeek/Bro, and Argus. Slips processes the input data, analyzes it, and highlights suspicious behavior that needs the analyst's attention.
Slips is full of features and crazy ideas, detection methods, databases, machine learning and many many more (including a P2P detection system!). So get to know the project, try it, and come up with your own ideas.
https://github.com/stratosphereips/StratosphereLinuxIPS
This idea consist in taking the current web page of Slips and implement a set of medium to advanced features to make it better.
- Adapting the web interface to show all the information Slips has on each profile (connections, attacks, detections, etc.)
- Manage the complete configuration of slips from the web.
- Add graphs for continuous visualization of traffic
- Add explanations for alerts, evidences and flows.
175 (4hs per day for 12 weeks)
10-22 weeks
Medium
Detail of the tasks description: https://github.com/stratosphereips/Google-Summer-of-Code-2023/blob/main/Ideas.md#improvement-of-slips-web-interface
Mentor: Sebastian Garcia
Technology: JavaScript, JQuery, flask, Python
Current status: There is a working web interface
Slips has a hard time being installed in many systems given its dependencies to many tools and to TensorFlow framework. Help Slips being easier to install and use!
- An easy way to install slips in many systems: Linux, Macos, Windows, Rpi, etc.
- Make packages for some Linux systems, Debian, Ubuntu, Fedora
- Make a brew package of slips
Details of the tasks: https://github.com/stratosphereips/Google-Summer-of-Code-2023/blob/main/Ideas.md#better-installation
Mentor: Alya Gomaa
Current status: Slips is working in docker, and can be installed locally using install.sh and conda/pip.
Technology: python, package management, brew
Slips wants to do many detections in your network, but that requires CPU, memory and sometimes GPU for the machine learning. This idea is to help Slips improve its performance by consuming less CPU and memory for its detections. Goal: to make Slips be able to work continusly in a large network.
- CPU usage profiling
- Memory usage profiling
- Provide statistics and graphs about which parts or modules of slips need optimizations
- Provide optimization ideas
Detailed tasks: https://github.com/stratosphereips/Google-Summer-of-Code-2023/blob/main/Ideas.md#improve-performance
Mentor: Alya Gomaa
Current status: basic previous work in this area
Technology: Python, profiling tools
AIP is a framework to design, create and evaluate the performance of Threat Intelligence lists. The current most used protection mechanism in our security community are threat intelligence feeds, but there is no clear understanding of which ones are best, why they are best, which ones do not work and how to evaluate them. More importantly, there was no framework to create new models that output TI feeds. AIP allows anyone to create their own lists and compare their performance with public lists. Stratosphere has its own honeypots and publishes daily the AIP lists for the community.
175 (4hs per day for 12 weeks)
10-22 weeks
Medium
This idea is to create a web interface that can show and manage all the information about the TI feeds and the models. It is to show the comparison of which models are best, how the list of IPs are being blocked and which is the performance of the different feeds.
Mentor: Joaquin Bogado
Current status: Beta Testing
Technology: python
This idea is to have the AIP framework being continually integrated to the network and honeypots and to produce results and information about the different TI feeds downloaded. It is not about how to show the information, but how to produce it.
Mentor: Joaquin Bogado
Current status: Beta Testing
Technology: Python
We expect you to get motivated by the projects and to get involved in how to make them better! You will have to work around 4hs per day (small projects) to 6hs per day (large project), during 12 weeks (22 weeks max if we agree). We can agree in your time off, and holidays and how to better work with us.
To get approved in your work during the summer you will be required to present a report and Google will ask us an evaluation of your work. This will happen twice during the summer.
For students applying to one of Stratosphere projects, you can fill the below form and send it to us to [email protected]
It is very important that you keep communicated with us. Use our Discord (slips channel) and GitHub channels to contact us and to ask questions.
We will be in permanent contact, but we will have from 1 to 3 meetings per week to guide you on what to do.