Cyber Turtle

Meet Our Team

Our team consistents of four senior Computer Science students: Beth Hosek, Dena Schaeffer, Jacob Scheetz and Justen Stall.
All of us being interested in the field of cybersecurity, we took a passion to developing a tool that could actually make an impact on GE Aviation's Cyber Intelligence team. After all of the hard work we have poured into this project to make it as practical, user friendly and effective as possible- we are more than proud to present our fully functional Cyber Threat Intelligence command line tool, Cyber Turtle. Get to know us, the Cyber Turtle development team, below:

Beth Hosek

Graduating Spring 2021
Computer Science Major
French Minor
Cyber Defense Concentration

Email LinkedIn

Dena Schaeffer

Graduating Fall 2021
Computer Science & Biology Double Major
Cyber Defense Concentration

Email LinkedIn

Jacob Scheetz

Graduating Spring 2021
Computer Science Major
Communications Minor
Cyber Defense Concentration

Email LinkedIn

Justen Stall

Graduating Spring 2021
Computer Science Major
IACT Certificate

Email LinkedIn

Company Mentor

Jeffrey Archer

Senior Staff Cybersecurity Researcher
GE Aviation
Cincinnati, OH

Professor

Dr. Phu Phung

Assistant Professor, Department of Computer Science
University of Dayton
Dayton, OH

Project Information

Overview

The goal is to develop a classification system that can analyze the text of a threat intelligence report and produce a score which quantifies the relevancy of that report to the receiving organization based on a list of user-defined relevant topics.

Our team has been working on the devlopment of a fully functional command line tool for GE Aviation, similar to those that are commonly packaged with security distrobutions of Linux. GE's Cyber Intelligence team faced a problem where their Intelligence Analysts simply did not have enough time to read all of their threat reports dilligently enough. That is where our tool, Cyber Turtle, alleviates the issue. Our tool has the capabilty to parse through some of the most common cyber threat report document types and then provide an analyst with a relevance score on each document based on a database of keywords given to us by GE. This provides the analyst to quickly parse an uncomprehensible amount of content and determine whether it's worth looking over to help secure the business.

Project Context and Scope

This project will be used by GE Aviation's Cyber Intelligence team to provide a priority to their research of open-source intelligence (OSINT) reports.

As a global company doing high-value work, the volume of relevant reports published daily is too much for even a large team of analysts to read and understand quickly.

Our tool would help give priority to what reports need to be read first and what can be overlooked, making sure each piece of vital information gets the attention it needs to continuously give GE's Threat Hunting team a grasp on the cyber space that faces them.

Cyber Turtle Demos

Using the tool | Help Menu

The help menu lays out the different options cyber turtle supports

Walkthrough:

Clone the repository
Install all Python library dependencies
- pdfminer3
- bs4
- progress
- tabulate
- feedparser
Navigate to the 'src' folder

Figure 3.0 - Live demonstration of how to use Cyber Turtle to view execution options

Parsing a Directory of Files

Supported file types within the directory include pdf and raw html files

Figure 3.1 - Live demonstration of Cyber Turtle parsing an entire directory from a bash terminal

Verbose Mode | Parsing a Directory of Files

By enabling the verbose option, the user gets a live insight into:

file is actively being parsed
what files have been parsed
the time elapsed since starting the tool
the TFIDF score which shows the documents relevance in relation overall relevancy of other document sin the same directory
the top 7 terms in each document

Figure 3.2 - Live demonstration of Cyber Turtle parsing an entire directory from a bash terminal in verbose mode

Parsing a Single URL

Provides an analyst the ability to quickly determine the relevance of the content hosted on a URL

Figure 3.3 - Live demonstration of Cyber Turtle parsing a single URL and providing a relevance score

Parsing an RSS Feed

Provides an analyst the ability to parse all of the content across a site to determine if there is any relevant articles or intelligence on the website
Broken, unreachable, unresolvable RSS feeds will appear in red text

Figure 3.4 - Live demonstration of Cyber Turtle parsing an RSS feed (collection of URL's)

Parsing an OPML File

Provides the analyst the ability to parse many different RSS feeds all at once
Gives the capabilty to identify intelligence on many different forums across the internet all at once in an automated fashion

Figure 3.5 - Live demonstration of Cyber Turtle parsing an OPML feed (file containing links to many RSS feeds)

Project Documentation

Process Diagram

Figure 1. - A Sample of Overview Architecture of the project.

System Diagram

sequenceDiagram participant User participant main participant parser participant relevance # File Parsing User->>+main: -f [file] main->>+parser: parseFile([file]) parser->>parser: bs4 or pdfminer3 parsing parser-->>-main: file text main->>+relevance: calculate relevance relevance-->>-main: relevance score (basic or TF-IDF) main-->>-User: relevance table # Directory Parsing User->>+main: -d [directory] loop for each file main->>+parser: parseFile([file]) parser->>parser: bs4 or pdfminer3 parsing parser-->>-main: file text end loop for each article main->>+relevance: calculate relevance relevance-->>-main: relevance score (basic or TF-IDF) end main-->>-User: relevance table # URL parsing User->>+main: -u [url] main->>+parser: parseUrl([url]) parser->>parser: bs4 parsing parser-->>-main: url title, url text main->>+relevance: calculate relevance relevance-->>-main: relevance score (basic or TF-IDF) main-->>-User: relevance table # RSS Parsing User->>+main: -rss [rss] main->>+parser: parseRss([rss]) parser-->>-main: rss feed articles loop for each article in rss feed main->>+parser: parseUrl([article]) parser->>parser: bs4 parsing parser-->>-main: article title, article text end loop for each article main->>+relevance: calculate relevance relevance-->>-main: relevance score (basic or TF-IDF) end main-->>-User: relevance table # OPML Parsing User->>+main: --opml [opml] main->>+parser: parseOpml([opml]) parser-->>-main: list of rss feeds loop for each rss feed main->>+parser: for each rss feed: parseRss([rss]) parser-->>-main: rss feed articles loop for each article in rss feed main->>+parser: parseUrl([article]) parser->>parser: bs4 parsing parser-->>-main: article title, article text end end loop for each article main->>+relevance: calculate relevance relevance-->>-main: relevance score (basic or TF-IDF) end main-->>-User: relevance table # Help Menu User->>+main: -h main-->>-User: help menu

Figure 2. - A full system diagram of the project.

Team 8 • Capstone II Spring 2021 • University of Dayton

Meet Our Team

Beth Hosek

Dena Schaeffer

Jacob Scheetz

Justen Stall

Company Mentor

Jeffrey Archer

Professor

Dr. Phu Phung

Project Information

Overview

Project Context and Scope

Links:

Cyber Turtle Demos

Using the tool | Help Menu

Walkthrough:

Parsing a Directory of Files

Verbose Mode | Parsing a Directory of Files

Parsing a Single URL

Parsing an RSS Feed

Parsing an OPML File

Project Documentation

Process Diagram

System Diagram