-
Notifications
You must be signed in to change notification settings - Fork 0
GSoC‐Project‐Ideas
Back to Home | Contributing | Architecture
This page lists potential GSoC project ideas for the AI-Powered Security Monitoring & Threat Detection Platform. Each idea is scoped for a full GSoC contribution period (approximately 12 weeks), and is designed to meaningfully advance the project.
This is a GSOC-level AI security platform that combines:
- FastAPI backend with real-time log ingestion
- Isolation Forest unsupervised anomaly detection
- Next.js dashboard with 2D charts and immersive 3D visualizations
The project is well-suited for GSoC because it spans multiple domains: backend, ML/AI, frontend, DevOps, and cybersecurity.
| # | Project Title | Difficulty | Skills |
|---|---|---|---|
| 1 | WebSocket Real-time Alert System | Medium | Python, FastAPI, WebSockets, React |
| 2 | Deep Learning Anomaly Detection (Autoencoder) | Hard | Python, PyTorch/TensorFlow, ML |
| 3 | OAuth2/JWT Authentication System | Medium | Python, FastAPI, Security |
| 4 | Docker + Cloud Deployment Pipeline | Medium | Docker, GitHub Actions, AWS/GCP |
| 5 | Advanced Threat Intelligence Dashboard | Medium | React, Three.js, D3.js |
| 6 | Multi-source Log Aggregation Engine | Hard | Python, Kafka, Parsing |
| 7 | Alerting & Notification System | Easy-Medium | Python, SMTP, Webhooks |
Difficulty: Medium Duration: 12 weeks Skills Required: Python, FastAPI, WebSockets, React, JavaScript
Currently, the frontend polls the REST API for new logs. This approach introduces latency and wastes bandwidth. A WebSocket-based streaming system would enable true real-time threat monitoring.
- Implement a FastAPI WebSocket endpoint (
/ws/alerts) - Broadcast new log entries and anomaly scores to all connected clients in real-time
- Update the Next.js dashboard to subscribe to the WebSocket feed
- Add a live alert notification panel that shows incoming threats
- Handle reconnection logic on the frontend
-
GET /ws/alertsWebSocket endpoint with authentication support - Frontend WebSocket client integration
- Live alert notification UI component
- Unit and integration tests for the WebSocket connection
- Documentation
Difficulty: Hard Duration: 12 weeks Skills Required: Python, PyTorch or TensorFlow, Scikit-learn, ML theory
The current Isolation Forest model is a strong unsupervised baseline, but an autoencoder neural network can learn richer latent representations of "normal" traffic and detect more subtle anomalies.
- Design and train an LSTM Autoencoder on the log feature set
- Create a model selection interface: allow switching between Isolation Forest and Autoencoder
- Implement reconstruction error threshold tuning
- Benchmark the two models on recall, precision, and F1 at various contamination levels
- Add model versioning support
-
ai-model/autoencoder_model.py— training script - Saved model artifacts + evaluation results
- Updated
/predict/endpoint to support model selection - Benchmarking report (Markdown)
- Tests and documentation
Difficulty: Medium Duration: 10 weeks Skills Required: Python, FastAPI, OAuth2, JWT, Security concepts
The API is currently open with no authentication. For production deployment, all endpoints should be secured with role-based access control (RBAC).
- Implement JWT-based authentication with
python-jose - Add user registration and login endpoints
- Create roles:
viewer(read-only),analyst(read + write),admin(full access) - Protect all API endpoints with appropriate role requirements
- Implement token refresh mechanism
- Add frontend login/logout UI
-
POST /auth/register,POST /auth/login,POST /auth/refreshendpoints - Role-based middleware
- Updated frontend with auth flow
- Tests covering auth scenarios
- Security documentation
Difficulty: Medium Duration: 10 weeks Skills Required: Docker, Docker Compose, GitHub Actions, AWS or GCP
The project currently requires manual local setup. Containerization and cloud deployment would make it production-ready and accessible to users without a local dev environment.
- Create
Dockerfilefor backend (Python/FastAPI) - Create
Dockerfilefor frontend (Next.js) - Write
docker-compose.ymlto orchestrate all services - Extend GitHub Actions CI to build and push Docker images
- Create deployment scripts for AWS ECS or GCP Cloud Run
- Add health checks and container restart policies
-
Dockerfile(backend + frontend) docker-compose.yml- Updated
ci.ymlwith Docker build/push steps - Deployment guide for AWS/GCP
- One-command local setup:
docker-compose up
Difficulty: Medium Duration: 12 weeks Skills Required: React, Three.js, React Three Fiber, D3.js, TypeScript
The current dashboard has basic 3D visualizations. This idea extends it with richer interactive threat intelligence features.
- Add a real IP geolocation layer to the 3D Threat Globe
- Implement time-series playback: "replay" historical attack sequences
- Add drill-down from globe → specific IP details and log history
- Create a heatmap view of attack frequency by time-of-day
- Add export functionality (PNG, CSV, JSON)
- Improve mobile responsiveness
- IP geolocation integration (using a free API like ip-api.com)
- Timeline/playback component
- Drill-down modal for IP details
- Heatmap component
- Export module
- Mobile-responsive layout
Difficulty: Hard Duration: 12 weeks Skills Required: Python, Kafka or RabbitMQ, Log parsing, Regex, Syslog
The platform currently accepts structured JSON logs via REST API. Real-world systems generate logs in many formats (syslog, Apache access logs, Windows Event Logs, etc.). A universal log aggregation engine would dramatically expand the platform's applicability.
- Design a pluggable log parser framework
- Implement parsers for: syslog, Apache/Nginx access logs, JSON, CSV
- Add a Kafka consumer for high-throughput ingestion
- Normalize all formats to the internal log schema
- Provide a log simulator tool for testing
-
backend/parsers/module with pluggable parser architecture - Parsers for 4+ log formats
- Kafka consumer integration
- Log normalization pipeline
- Simulator script + documentation
Difficulty: Easy–Medium Duration: 8 weeks Skills Required: Python, SMTP, Slack API, Webhooks, FastAPI
When a critical anomaly is detected, security teams need to be notified immediately. This project adds a configurable alerting system.
- Implement alert triggers based on anomaly score thresholds
- Support multiple notification channels: Email (SMTP), Slack webhook, custom HTTP webhook
- Create an alert configuration API (
POST /alerts/config) - Add alert history and acknowledgement tracking
- Rate-limit alerts to prevent flooding
- Alert trigger engine in
backend/alerting/ - Email, Slack, webhook notification adapters
- Alert configuration endpoints
- Alert history table in the database
- Throttling and deduplication logic
- Tests and documentation
If you are interested in working on this project for GSoC:
- Explore the codebase: Read through Architecture, Setup-Guide, and API-Reference
- Set up locally: Follow Setup-Guide and get the project running
- Make a small contribution: Fix a bug, improve a test, or add documentation — see Contributing
- Draft your proposal: Choose one (or a well-scoped combination) of the ideas above
-
Open a discussion issue: Tag it with
gsoc-proposallabel
- Clear breakdown of weekly milestones
- Realistic scope for 12 weeks
- Demonstrated familiarity with the codebase
- Prior contribution (even small) to the project
- Clear success criteria and deliverables
- Mentors will provide weekly check-ins and code reviews
- Questions can be asked via GitHub Issues (tag
gsoc) - Contributors are encouraged to be proactive and communicate blockers early
Back to Home | Contributing | Architecture