Funded Projects

Design and Development of an Open-Source Enterprise Network Security Solution.

Principal Investigator’s Organization (PIO):
School of Electrical Engineering & Computer Science, NUST Islamabad.
Principal Investigator (PI):
Dr. Syed Ali Khayam
Project Details:
Start Date 01-Jan-2008
Duration 36 months + 4 months extension
Budget PKR 6.14 million
Status Project Successfully Completed
Progress Report View Progress Report
Publications View Publications
Thematic Area Security
Project Website
Executive Summary

Over the last decade, system security threats have evolved from human intruders to sophisticated malware. With the evolution of these attack methodologies, the field of intrusion detection has inevitably evolved with detection of malicious network attacks becoming its main focus. This research project includes indigenous design and development of a state-of-the- art enterprise network security solution in Pakistan. This security solution detects zero-day (previously unknown) attacks in real-time. The solution consists of two main modules: i) An active anomaly detector that will be deployed at the network perimeter; ii) A passive network monitor that can detect Internet-scale as well as targeted threats and will also facilitate attack forensics. The network security software is tested on academic and industrial networks in Pakistan. After its development and testing in the end-user environment, this software solution is made publicly available under an open-source license. Due to its cutting-edge nature, this software solution has the potential of establishing an international repute for Pakistan in the highly profitable and potent network security market. The key benefits of this project are: • Network security has become a fundamental concern for uninterrupted operation of any large-scale enterprise. Therefore, the purposed network security solution benefits many different industries. However some direct beneficiaries may be: 1) Core Network Service Providers like PTCL who bear the burnt of congestion and excessive traffic created by malware propagation and DDoS attacks. The provision of clean bandwidth to the customers will be a very attractive offering by these Network Service Providers. 2) Enterprises that solicit and conduct international projects (e.g., software development companies, transcription companies, call centers, etc.). Network unavailability during attacks can result in severe credibility issues and financial losses for these companies. 3) Computers in academic institutions are generally infested with malware because the students are unaware of the security implications of the software that they download from the Internet. Therefore, academic institutions can also be direct beneficiaries of this product. • This product make the data traffic very safe on both the inter-enterprise and intra-enterprise fronts, providing the complete security against zero-day attacks across the enterprise. • The software may be used to analyze and categorize the active attacks on the core and access networks in real-time. • During the software development and design stage, a detailed efficiency analysis of existing volumetric and feature-based anomaly detection techniques is conducted. • As the project is open source, its outputs are sustainable and extendable, thereby providing a basis for future research in the field of network security.