National ICT R&D Fund

Technical R&D Projects

Funded Projects

An Artificial Immune System Based General Purpose Intrusion Detection System

Principal Investigator:
National University of Computer and Emerging Sciences (NU-FAST), Islamabad. www.nuces.edu.pk
Project Director:
Dr. Mudassar Farooq	muddassar.farooq@cs.uni-dortmund.de
Dr. Fauzan Mirza
Project Details:
Start Date: October, 2007	Duration: 36 months
Project Cost: PKR 10.91 million	Project Funding: PKR 10.91 million
Project Status: In progress.
Technical Progress Reports Submitted: Project Commencement Report, Phase 1 completion report, Phase 2, 3, 4 and 5 completion report. Pending Reports: None. Deliverables Submitted: 1: Background study and requirements 2: Modeling & design of schemes for intrusion detection 3: Prototypical design/implementation of intrusion detection 4: Test bed formation 5: Evaluation of prototypical information. Pending Deliverables: None.
Financial Audit Reports Submitted: External audit report for the year ending 30th November, 2008 and 30th November, 2009.
Project URL: http://www.nexginrc.org/index.php?option=com_content&view=article&id=3&Itemid=35
Detailed proposal is available here.

Executive Summary

Since the advent of the internet, as more computers join broadband Internet and ubiquitous computing becomes more common, operational and data security of computer systems can be compromised much rapidly resulting in significant loss in the revenue and a strategic set back to an enterprise. The aim of this research project is to develop a general purpose open-source Artificial Immune System (AIS) based Intrusion Detection System (IDS), which will be able to recognize previously unknown malware of all types including but not limited to file infectors, boot-sector infectors, macro viruses, trojans and other malware and must be able to detect and stop/filter traffic floods launched by other compromised hosts in the network.

This Microsoft Windows based software solution will act as a first line of defence against common intrusion attacks, and ultimately will become an integral part of professional security systems. The choice of the Microsoft Windows operating system is due to the fact that most security threats are aimed at Windows due to its large market share and because of being the close-source software. Moreover, many potential security vulnerabilities and bugs skipped from the design team’s attention. The key benefits of this project are:

This software will provide reliable and scalable detection of all abnormal TCP-SYN, UDP and Ping flood activities based on the normal-self concept of the AIS.
This product will guarantee prevention of any malware infiltration through implementation of port security.
It will also detect new viruses on-demand and on-access without the need for updates.
This general purpose intrusion detection system will be first of its kind in open-source community; hence it will set the trend for further initiatives in the field of computer security.
The resultant software of this project will help to increase the confidence of the national researchers working in the area of computer security, and will help them to get into an otherwise very closed and exclusive community of computer security experts.