K. K.

WAGH INSTITUTE OF ENGINEERING EDUCATION & RESEARCH

CYBERSECURITY
THREAT MONITORING AND
RESPONSE PLATFORM
Group Number – 10
Project Guide – Dr. Pragati V. Pandit
 TEAM MEMBERS

Roll No. Name of the student

53 Shubham Shivaji Patil

54 Sumit Dipak Patil

55 Pushpak Dadaji Pawar

Introduction

 Without a strong, real-time cybersecurity monitoring and response system, web applications and
sensitive data are left more vulnerable to attacks. Current systems often fall short ,threat detection
is too slow, access controls aren’t strong enough, and user authentication could be better.
 What’s needed is a powerful web-based solution that can keep an eye on cybersecurity threats,
authenticate users safely, and deliver real-time alerts and responses to stop potential security
breaches in their tracks.
 Literature Review

Title Author Published Methodology

Year
Effective Filter SANTIAGO 2021
for Common IBARRA- Injection attacks are Frequent and OWASP place them into top ten risks
Injection Attacks FIALLOS1 , against web applications , goal is to build effective solution to prevent
in Online Web JAVIER injection attack.
Applications BERMEJO We have to implement validation filter based on OWASP Stinger
HIGUERA Filter uses mechanisms like regular expressions and sanitization to validate
1, input field .
 Literature Review
Title Author Published Methodology
Year
A Proactive Dr. B. 2024 SQL and XSS are the main injection attacks which has huge impact on
Approach for Siva Today's cybercrimes. To address them we have many existing solutions
Detecting SQL Lakshmi, such as Static code Analysis and Rule based analysis, but due to their low
and XSS Divya accuracy and high false alarms the paper introduces 'Automated
Injection Kovvuri Vulnerability Scanner' which proposes 'input validation and
Attacks parameterized queries' for SQL problem and 'output encoding' for XSS
problem.
 Literature Review

Title Bronjon
Defending against Author
2021 Published
Today, most organizations use web applications forMethodology
the delivery of services over the Internet.
SQL Injection Attacks Gogoi, The risks to web applications have increased as their use has risen. SQL Injection Attack is a
in Web Applications Tasiruddin Year exploited vulnerability used for stealing credentials, destroying and compromising
commonly
using Machine Ahmed, data, and bypassing authentication and authorization controls of a web application. Traditional
Defending against SQL
Learning and Natural Arabinda Bronjon Gogoi, 2021 of detecting SQL injection attacks include software and hardware-based Web
methods
InjectionProcessing
Language Attacks in Dutta
Web Tasiruddin Most
Application Firewalls, common injection
programmatic attack islike
defense techniques SQLIA
input filtering, input validation,
using parameterized queries etc. and static and dynamic analysis are not sufficient for
Applications using Machine Ahmed, In this paper combination of ML and NLP is used
detection and prevention of SQLIA in web applications. In this paper, we present an approach to
Learning and Natural Arabinda Dutta Where
detecting SQLIA using NLPitand
is used in Learning.
Machine SVM Experimental results show that the approach
Language Processing can detect SQLIA Word
with precision, recall and
classification an f1-score
plays majorofrole
99.9.
in this project
Literature Review (Other Feedback Papers)

 Paper 1 :- Recursive Secure Filtering for State-Saturated Systems with False Data Injection Attacks.

 Paper 2 :- Evaluation of Web Application Vulnerability Scanners using SQL Injection Attacks

 Paper 3 :- Novel Defense Method of Malicious Code Injection in High Concurrency Database

 Paper 4 :- Detection of Faults and Attacks Including False Data Injection Attack in Smart Grid

 Paper 5 :- Combinatorially XSS Web Application Firewalls

Architecture
Architecture

• Rule 1: Detects Reconnaissance activities like Ping Scanning and Nmap Scanning, which are
commonly used for identifying system vulnerabilities.

• Rule 2: Identifies Access and Exploitation attempts, such as Telnet Connections, that could
be signs of unauthorized access.

• Rule 3: Monitors for Static Malicious Tripping, indicating an attempt to launch malware or
malicious scripts.

• Rule 4: Detects Denial of Service (DoS) Attacks, which aim to overwhelm the system and
cause downtime.

• Rule 5: Identifies Persistence mechanisms, such as Malware Installation, which allow an

attacker to maintain access to the compromised system.

• Rule 6: Detects Coordinated Attacks involving multiple malicious actions designed to disrupt
or compromise the system.
Requirement Specification

 User Management
 Secure registration, login, and logout processes with multi-factor authentication (MFA) to keep
accounts safe.
 Role-based permissions for different user types: Admin, Analyst, and Viewer, each with
customizable access levels.

 Threat Detection:
 Continuous, real-time monitoring of network traffic and system logs, powered by pre-set detection
rules.
 Detection algorithms designed to catch common attack types like SQL Injection (SQLi), Cross-
Site Scripting (XSS), and Distributed Denial of Service (DDoS)
Requirement Specification
 Incident Management
 Create, update, and close incident records with detailed threat information, timestamps, and current
status
 Comprehensive incident documentation for post-incident reviews, including root cause analysis and
mitigation results.

 Alerts & Notifications

 Real-time alerts for security threats by push notifications on mobile and web platforms.
 Alert configurations allowing users to customize notifications based on threat severity (Critical,
High, Medium, Low).
Requirement Specification

 User Interface
 The system shall provide a user-friendly interface for both administrators and end-users to
interact with the system.
 The system shall support multiple languages for international users.

 Reporting & Analytics

 Generate detailed reports on security incidents, system health, user activities, and threat patterns.
 Support for exporting reports in various formats (PDF, CSV, Excel) for management reviews and
audits.
Requirement Specification

 Logging & Auditing

 Comprehensive logs of user actions, system events, and security incidents to support audit trails and
forensic investigations.
 Automatic generation of compliance reports to meet standards like GDPR, HIPAA, and ISO 27001.
Detailed Design
 Block Diagram
Detailed Design
Class Diagram
v Component diagram :
v Use-case Diagram :
v Activity Diagram :
Experimental Setup

Title of the Course

Project Planning
Conclusion

 To wrap things up, this project highlights just how critical real-time cybersecurity monitoring is for
keeping web apps safe from attacks like SQL Injection and XSS. With features like secure user
management, advanced threat detection, and detailed incident reporting, it delivers strong protection.
Looking ahead, adding tools like machine learning could take threat prediction and response to the next
level, helping it stay one step ahead of ever-changing cybersecurity challenges.
THANK YOU !!