Project Plan Detecting Security Threats from User Authentication - - PowerPoint PPT Presentation

From Students… …to Professionals

The Capstone Experience

Project Plan

Detecting Security Threats from User Authentication Patterns

Team Symantec

Stephen Alfa Keerthana Kolisetty Robert Novak Abby Urbanski Xiaoyo Wu Department of Computer Science and Engineering Michigan State University Spring 2018

Functional Specifications

• The goal of the project is to provide VIP

customers a Splunk add-on and an AWS AMI to visualize various operational and security trend information present in log data and analyze it in near real-time

• Both applications should alert users when

suspicious or malicious activity is detected

• Launching and deployment of both of those

applications should be frictionless

The Capstone Experience Team Symantec Project Plan Presentation 2

Design Specifications

• Create easy to read graphs and charts to

represent authentication data

• Successful vs Failed
• Device Types
• Authentications over time
• Create premade graphics and searches and

allow users to choose which ones to display.

• Highlight patterns that could reveal suspicious
• r malicious activity

The Capstone Experience Team Symantec Project Plan Presentation 3

Process Flow

The Capstone Experience Team Symantec Project Plan Presentation 4

Installation of Splunk/ELK User puts in Certificate in Splunk/ELK UI User puts certificate in VIP Reference Client Splunk/ELK takes in log data file The log data is stored as a CSV/JSON file VIP Reference client pulls VIP log data pertaining to the certificate Security Dashboard is created in Splunk/ELK Operational Dashboard is created in Splunk/ELK

Screen Mockup: Pie Chart Panel

The Capstone Experience Team Symantec Project Plan Presentation 5

Screen Mockup: Bar Graph Panel

The Capstone Experience Team Symantec Project Plan Presentation 6

Screen Mockup: Dashboard in Splunk

The Capstone Experience Team Symantec Project Plan Presentation 7

Screen Mockup: Dashboard in ELK

The Capstone Experience Team Symantec Project Plan Presentation 8

Technical Specifications

• SOAP (Simple Object Access Protocol) API
• Java
• VIP Reporting Service Client (REST API)
• JavaScript, HTML
• SPL (Search Processing Language)

The Capstone Experience Team Symantec Project Plan Presentation 9

System Architecture

The Capstone Experience 10 Team Symantec Project Plan Presentation

System Components

• Hardware Platforms

▪ Amazon Web Services

• Amazon Machine Images

▪ Software Platforms / Technologies ▪ Splunk ▪ Elasticsearch, Logstash, Kibana (ELK)

The Capstone Experience Team Symantec Project Plan Presentation 11

Risks

The Capstone Experience Team Symantec Project Plan Presentation 12

Risks

• Ability to Detect suspicious patterns

▪ There is a wide range of threats to detect and want to avoid false flags ▪ Consult with experienced security advisor and identify possible threats

• Test Data

▪ Real VIP data is necessary to identify accurate threat patterns ▪ Get MSU’s VIP data

• Consistency between Splunk and ELK

▪ Making sure that functionality is consistent between both platforms ▪ Develop both applications concurrently

• AWS Servers

▪ The possibility of deploying the ELK applications on the AWS server ▪ Use AWS documentation and use online resources

Questions?

The Capstone Experience Team Symantec Project Plan Presentation 13

? ? ? ? ? ? ? ? ?