Project Slot 8 - Improving IMALSE

Student: Joshua Bonsink (NL)
Primary mentor: Jing Conan Wang (CN/US)
Backup mentor: Cong Wei (CN/US)

Google Melange: https://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/jbonsink/1

Project Overview:
The goal of this project is to improve the IMALSE framework on several aspects. The current code base of IMALSE is not well documented and the code structure can be improved. Also the current background traffic generator is very basic. Integrating the traffic generator from SADIT will make the simulations more realistic. Secondly, adding additional attacking scenarios will make the tool more useful. Currently the user interacts with IMALSE via a terminal. Implementing a unified GUI system for all the aspects of IMALSE will make it more user-friendly.

  • The existing code lacks documentation and the relationship between some of the objects are obscure. Refactoring parts of the existing code base will make the code structure easier to understand for myself and other future developers of IMALSE. Additional classes and functions will be added where necessary. The PEP-8 Style Guide for Python Code will be used as a guide to make sure that the coding style is consistent.
  • SADIT, another project of my mentor Jing Wang, has a better integrated flow data generator. The generator could be integrated into IMALSE relatively easy. As long as the format of the DOT file remains consistent, swapping out the current implementation with Wang's would have little impact on the rest of IMALSE.
  • Implementing more practical scenarios will make the tool more useful. There are currently only two scenario's available, one is the data exfiltration attack, and the other is the DDoS ping flooding attack.I will finish off the infecting scenario the infecting scenario and implement two additional scenarios: one where bots are used to send spam and another to to log the key struck on the keyboard of the infected computers.
  • Implementing a GUI will make the tool more user friendly. This will make it possible to easily select between simulation and emulation mode and input all the necessary settings. The current GUI is written in TCL which is kind of old-fashioned. I will be creating the GUI using a modern package, pyQt. NetAnim may be used to animate the simulation in IMALSE.

Deliverables:
The new version of IMALSE will be more user friendly thanks to its GUI. Future developers and users will be able to understand and extend the code base more easily. A more advanced flow generator will make it possible to perform more accurate experiments. The additional scenarios will make the tool more useful.

Project Plan:
First phase: Refactoring of the code and improving the existing background traffic generator.

  • May 27th - June 17th: Community Bonding Period.
  • June 17th - June 23th: Refactoring and documenting of the existing code.
  • June 24th - June 30th: Replace the current background traffic generator with the one implemented in SADIT.

Second phase: Implementing additional scenarios.

  • July 1st - July 7th: Implement a new scenario where bots are utilized to send great amounts of spam.
  • July 8th - July 14th: Implement a new scenario where bots are utilized to sniff the traffic of the infected computers.
  • July 14th - July 20th: Implement a new scenario where bots are utilized to log the keys struck on the keyboard of infected computers.
  • July 21st - July 28th: This week is reserved as a buffer for unexpected delays. If there is enough time, a new scenario will be implemented where bots are utilized to spread viruses.

Third phase: Creating a GUI for the entire framework.

  • July 29th - August 4th: Midterm evaluations! Create GUI elements to start the emulation mode.
  • August 5th - August 11th: Create GUI elements to start the simulation mode.
  • August 12th - August 18th: Create GUI elements to draw the network topology.
  • August 19th - August 25th: Create GUI elements to visualize the topology and traffic with NetAnim.
  • August 26th - September 1st: Finish up work on the GUI and clean-up code.

Fourth phase: These two weeks are reserved as a buffer for unexpected problems and delays.

  • September 2nd - September 8th:
  • September 9th- September 15th:
  • September 16th: Pencils down.
  • September 27th - October 1st: Final evaluation

Project Source Code Repository:
https://bitbucket.org/imalse/imalse/overview

Student Weekly Blog:
http://gsoc2013.honeynet.org/category/imalse/

Project Useful Links:
http://www.python.org/dev/peps/pep-0008/
http://www.python.org/dev/peps/pep-0257/

Papers: