In0ri: WEB content contamination detection system based on deep learning

About In0ri

In0ri is a content contamination detection system, which mainly uses an image classification convolutional neural network to achieve its function.

When monitoring a website, In0ri periodically takes screenshots of the site and puts them into a preprocessor that resizes the image to 250x250px and digitizes the image before passing it on to the classifier. The core of the classifier is a convolutional neural network, which can be trained to detect whether the website content is normal. If the monitored site is indeed compromised, In0ri will alert users via email.

【 Learning materials 】

Tool requires

Python3 (version >=3.6)

Docker

Docker-compose

Tools installation

Researchers can use the following command to locally clone the project source code:

git clone https://github.com/J4FSec/In0ri.git

cd In0ri
Copy the code

Next, we need to configure email credentials and proxy keys to enable In0ri to alert users via email. Edit the Alert/ sendemail.py file:

EMAIL_SERVER = "mail.example.com"

EMAIL_ADDRESS = "foo@gmail.com"

EMAIL_PASSWORD = "$uper$ecurePa$$word"
Copy the code

Configuring Telegram Notification

Edit the Alert/chatbot.py file:

CHAT_ID= 'foo' # Channel ID to send notifications to

TOKEN = 'bar' # Bot token retrieved from @BotFather
Copy the code

Now we can start In0ri:

docker-compose up -d
Copy the code

Tool use

We have two ways to deploy and use In0ri:

Run crontab by periodically accessing the URL;

Running an internal proxy on a Web server;

The first method: URL detection

Log in to the In0ri WebUI by visiting https://:8080/, click Register, and fill in and submit the form.

The second method: internal proxy

Log in to the In0ri WebUI by visiting https://:8080/, click Register, and fill in and submit the form.

Click “Create proxy” and fill out the form to confirm that the proxy key for the message is correct.

On the Web server to be monitored, download the Agent folder from GitHub library of this project.

Install the dependency packages needed to run the internal agent:

python3 -m pip install watchdog

python3 -m pip install requests
Copy the code

Edit the config.json file:

nano config.json
Copy the code

Fill in relevant parameters in the following format:

{

    "id":"01",

    "key":"123123123",

    "rootPath":"/var/www/html",

    "excludePath":"",

    "apiServer":"http://<serverIP>:8088/checkdeface"

}
Copy the code

Then, run the agent with the following command:

python3 agent.py
Copy the code

License Agreement

The development and distribution of this project follow the GNU AGPLv3 open source license.