Executive Summary

Over the last decade, system security threats have evolved from human intruders to sophisticated malware. With the evolution of these attack methodologies, the field of intrusion detection has inevitably evolved with detection of malicious network attacks becoming its main focus. This research project includes indigenous design and development of a state-of-the- art enterprise network security solution in Pakistan. This security solution will detect zero-day (previously unknown) attacks in real-time. The solution consists of two main modules: i) An active anomaly detector that will be deployed at the network perimeter; ii) A passive network monitor that can detect Internet-scale as well as targeted threats and will also facilitate attack forensics. The proposed network security software will be tested on academic and industrial networks in Pakistan. After its development and testing in the end-user environment, this software solution will be made publicly available under an open-source license. Due to its cutting-edge nature, this software solution has the potential of establishing an international repute for Pakistan in the highly profitable and potent network security market. The key benefits of this project are:

• Network security has become a fundamental concern for uninterrupted operation of any large-scale enterprise. Therefore, the purposed network security solution will benefit many different industries. However some direct beneficiaries are: 1) Core Network Service Providers like PTCL who bear the burnt of congestion and excessive traffic created by malware propagation and DDoS attacks. The provision of clean bandwidth to the customers will be a very attractive offering by these Network Service Providers. 2) Enterprises that solicit and conduct international projects (e.g., software development companies, transcription companies, call centers, etc.). Network unavailability during attacks can result in severe credibility issues and financial losses for these companies. 3) Computers in academic institutions are generally infested with malware because the students are unaware of the security implications of the software that they download from the Internet. Therefore, academic institutions will also be direct beneficiaries of this product.

• This product will make the data traffic very safe on both the inter-enterprise and intra-enterprise fronts, providing the complete security against zero-day attacks across the enterprise.

• The software will be used to analyze and categorize the active attacks on the core and access networks in real-time.

• During the software development and design stage, a detailed efficiency analysis of existing volumetric and feature-based anomaly detection techniques will be conducted.

• As the project is open source, its outputs will be sustainable and extendable,        thereby providing a basis for future research in the field of network security.

For project website, please click