Titulo Estágio
Database Intrusion Detection as a Service
Áreas de especialidade
Engenharia de Software
Local do Estágio
DEI-FCTUC
Enquadramento
Bigdata, NoSQL, and Cloud services are nowadays playing a huge role in online services deployed on the web, such as facebook, twitter, amazon, just to name a few. Such services are widely exposed to security attacks, which many times take advantage of security vulnerabilities present in the code. If an attack succeeds, clients and providers can incur in huge losses, including financial and reputation losses. Although several approaches have been design to detect intrusions in this type of systems (e.g., by identifying malicious data accesses), nowadays there is a huge demand for using cloud services, as they have low configuration requirements and the user does not need to deploy the necessary infrastructure. Furthermore it is also well know that current approaches for intrusion detection have space for improvement.
Objetivo
The goal of this work is to define the architecture and implement a cloud service for intrusion detection that, at runtime, is able to detect the presence of malicious data accesses to databases, including NoSQL databases. In practice, the expected outcome of this internship is:
- A cloud service that can be used by other service providers to protect their own implementations from attacks.
- A research paper, to be submitted and presented at a top international conference, describing the approach and main results obtained from the experiments.
Plano de Trabalhos - Semestre 1
[Some tasks might overlap; M=Month]
T1 (M1 – M3): Knowledge transfer and state of the art literature review on services, intrusion detection, and machine learning algorithms.
T2 (M3) Design of the preliminary architecture for the intrusion detection service.
T3 (M3) Execution of preliminary tests with an in-house implementation of TPC-App (a web services performance benchmark) and one machine learning algorithm.
T4 (M3 – M4) Implementation of a proof-of-concept prototype that is able to do preliminary identification of malicious accesses. Includes integrating the execution of the tool used in the previous task.
(M5): Writing the Intermediate report.
Plano de Trabalhos - Semestre 2
[Some tasks might overlap; M=Month]
T1 (M6): Integration of the intermediate defense comments.
T2 (M6 – M7): Refinement of the architecture and integration of a selected set of machine learning algorithms.
T3 (M8): Execution of experiments and analysis of results.
T4 (M9): Writing a research paper and submission to a top international conference on the Dependability or Services areas (IEEE/IFIP Dependable Systems and Networks, IEEE Services Computing Conference, International Conference on Service Oriented Computing, etc.).
T5 (M10): Writing the thesis.
Condições
The selected student will be integrated in the Software and Systems Engineering group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a work place and necessary computer resources will be provided.
Observações
Please contact the advisor for any question or clarification needed.
Orientador
Nuno Laranjeiro; Marco Vieira
cnl@dei.uc.pt 📩