A Semester Project for Advanced Algorithms
This project simulates a login monitoring system that detects suspicious or malicious login attempts such as brute-force or credential stuffing.
This project was done by the team of 4 students Amr Ouafi, Reda Lahssaini, Ihab Zaghdane, Iliass Zarqane, Equipe Ekip.
- In order for the team to be organised we have made sure that we work in every module simultaneously, each member of the group has done an implementation of the module and at the end of each meeting that we organise in Discord, we choose the best implementation and integrate it in the main CLI.
- This repo was forked in a personal repo in order to receive a notification in a dedicated server of each commit to track our progress.
- Every member has contributed in every module.
We used python to generate different size datasets for the main cli and for testing reasons. The main dataset contains 6 columns: timestamp,username,status,ip_address,location,device, with 245 distinct user and ~10k rows.
We kept this structure for every csv that we have generated for purposes other than the main CLI such as testing.
- This module is the core of the project, it is responsible of storing and managing login attempts from CSV datasets, we worked mainly with arrays, but implemented linked lists for benchmarking and for performance comparison.
- This module tracks consecutive login failures for individual users.
- For each user, recent login results are pushed onto a stack, we have defined 2 thresholds to mark Suspicious users and Attackers, k=5 and k=12 respectfully, if a user reaches any of the thresholds we defined, the user is flagged.
- This module serves for login requests processing.
- We extended it with a priority queue that contains high-risk IP addresses or previously flagged users who get processed before normal requests
- The blacklist gets generated thanks to module 2's k=12 threshhold.
- It searches lineary and binarily the blacklist and checks if a user exists in the blacklist.
- Before sorting, we calculate the number of failed attempts of each user.
- After aggregating failed logins per user, the system applies multiple sorting algorithms: • Bubble Sort • Insertion Sort • Quick Sort • Merge Sort
- A comparison of performance of each algorithm was done and is integrated in the final CLI.
- A clissification of behavior using a tree-based structure.
- The classification was done thanks to Module 2's threshholds and Module 5's sorting algorithms. Both were used to build a balanced BST that uses the number of failed login attempts where the root is ~the middle element. (All duplicate values were discarded)
- Modeling attack propagation using graph structures
- Each user is represented as a node. An edge is created between two nodes if the same IP address attempts to access multiple accounts. This allows the system to model relationships between compromised or targeted accounts and evaluate the density of the dataset.
- Both Breadth-First search and Depth-First Search were used to trace the spreadth.
All modules were combined in a simple CLI.
-
Source Code
- Organized by module (arrays, stacks, queues, etc).
- Final integration into one working program.
-
Reports
- A report of each module will be in each module's folder
- A global report talking about the piplines and organisation of the project
-
Demo Presentation
- We will record the demo and it will be available Live.