School of Electrical Engineering
& Computer Science (SEECS)
National University of Science and Technology (NUST),
Dr. Syed Ali Khayam
Dr. Fauzan Mirza
Duration: 36 months
Project Cost: PKR 7.88 million
Project Funding: PKR 7.88 million
Project Status: In progress.
Technical Progress Reports Submitted:
Project Commencement Report, Q1, Q2, Q3, Q4, Q5, Q6 and Q7
1: Enrollment of graduate and undergraduate students and
completion of the hiring process
2: Literature review document
3: Research paper comparing results of different packet
sampling techniques and evaluation of new technique.
Implementation of offline packet samplers
4: Research paper describing traffic features and
distributions. Traffic datasets collected at different
points in the network implementation of packet capturing
tools. Implementation of offline traffic analysis tools.
5: Research paper on appropriate anomaly detector and
thresholding techniques for different points in the
internet. Filing of patent on the anomaly detectors and
thresholding techniques. Offline implementations of existing
and new anomaly detectors.
6: Submission of research paper that describes and evaluates
the framework. Filing of patent on the proposed framework
7: Patching module deployment and testing report. Research
papers and technical report describing experiences with real
time traffic. Real time implementation of the patching
framework for network endpoints and stub routers.
Implementation of the patching framework in a software
8: Clean slate module deployment and testing report on
network testbeds. Research paper and technical report
describing experiences with real-time traffic. Real-time
implementation of the clean slate framework on GENI and/or
planetLab. Implementation of the clean-slate framework in a
Project closure report.
External Audit report as at September 30, 2009.
Detailed proposal is available
Over the last
few years, the phrase “The Internet is Broken” has been
repeatedly used to highlight the current Internet’s inability to
combat network attacks, such as self-propagating malware and
distributed denial-of-service attacks. There is widespread
consensus that in the next-generation Internet, the entire
burden of security cannot be assigned to the endpoints and edge
networks, and that some notion of security needs to be embedded
into the network core.
will investigate a network-embedded security framework, in which
the endpoints, the edge networks and the network core act in a
coordinated and practical manner to defeat high-rate traffic
attacks. More specifically, under the proposed framework,
packets suspected of being malicious are progressively marked by
network nodes (including the senders, the core and edge routers,
and the receivers) along the packet’s path. Packets with high
maliciousness level are then dropped en-route. To determine a
packet’s maliciousness level, it is proposed that network nodes
correlate the packets passing through them to identify packets
with similar underlying features. Increase in the number and
frequency of similar packets can then be used as an indication
of an ongoing attack. An automated attack signature generator
using packet features will be developed. The project will
investigate security-aware routing and congestion control
techniques that can operate on a network with embedded security
and will also study the impact of this framework on other
protocols, such as exiting congestion control and routing
will significantly contribute in the development of software
tools and protocols that can facilitate development and
deployment of security-aware packet processing and protocols
along a network path. Novel extensions and adaptations of these
tools will also be explored.
proposes to develop theoretically-sound, practical and scalable
security-based packet marking methods, including
security-induced packet marking at wire-speeds within the core
network. It also aims to develop robust strategies for
discarding (or more generally “handling”) of security-marked
malicious packets while ensuring stability, fairness and
convergence objectives for benign and legitimate flows.
The key benefits of this project are:
The proposed security framework deployed at
major Pakistan gateways will allow networking monitoring and
malicious packet dropping in Pakistan’s network core,
thereby protecting Pakistan from high-rate network attacks
and the consequent bandwidth wastage.
The proposed security framework
will allow the designers of the next generation Internet and
Internet Service Providers (ISPs) remote monitoring and
detection at the ISP gateways.
Pakistan Education Research
Network (PERN) can significantly benefit from the proposed
network-embedded security framework, as it will allow
detection and localization of the infected university hosts.
Moreover, the proposed framework can be used to develop a
collaborative and distributed firewall that can be deployed
on PERN’s university edge networks to block traffic from
Patents are planned to be filed based on the proposed