National ICT R&D Fund

Technical R&D Projects

Funded Projects

Design and Prototyping of a Software Defined Network Architecture to Detect and Prevent Real-Time BOTNET Attacks

Principal Investigator:
National University of Computer & Emerging Sciences (FAST-NU), Islamabad www.nu.edu.pk
Project Directors:
Dr. Affan A. Syed	affan.syed@nu.edu.pk
Dr. Syed Ali Khayam	ali.khayam@seecs.edu.pk
Project Details:
Start Date: February, 2012	Duration: 24 months
Project Cost: PKR 13.23 million	Project Funding: PKR 13.23 million
Project Status:
Technical Progress Reports Submitted: NA Pending Reports: None. Deliverables Submitted: NA Pending Deliverables: None.
Financial Audit Report: NA
Project URL: http://www.isb.nu.edu.pk/affan/botnet

Executive Summary

With a projected per annum sale of 244.5 million IP-connected devices by 2013 the vision of the “Internet-of-Things”, where most consumer electronic devices are reachable through internet, is nearing realization. However, this connectivity is a double-edged sword, as hackers can control these devices by exploiting system vulnerabilities. Each infected machine or bot can then self-propagate by discovering other connected devices to exploit, thus forming a network of infected machines, generally called a botnet. Botnets also have a command and control (C&C) interface through which the original hacker, the botmaster, can use the CPU cycles and network access of the bot. This ability allows botmasters to rent their botnet’s computer power and network bandwidth to, for example, send spam or launch DDOS attacks. This economic incentive makes botnets the most significant (above viruses or worms) threat to the internet infrastructure today.

This proposal aims to develop a prototype real-time botnet detection system, in collaboration with the industrial partner, Nayatel. This proposed system will provide ISPs with the ability to track and block, in real-time, botnet infections and attacks. Moreover, it is believed that by focusing on the ability of ISPs to block the botnet attack traffic the economic incentive for any botnet can be minimized.

The proposed solution comprises of two novel aspects: a software-defined ISP network architecture to allow real-time blocking of botnet flows using OpenFlow-enabled home routers, and a distributed algorithm for real-time botnet detection. The project team will first build a prototype solution that will evaluate both real data collected at Nayatel and a small emulated network. The project team will collaborate with researchers at University of California at Berkeley (UCB) who will help in defining the ground-truth of botnet infection on the same data sets, thus allowing to scientifically evaluate the efficacy of the proposed botnet detection framework.

On successful completion of the prototype, Nayatel will deploy the final robust solution on their network. Nayatel will also work on refining this framework and offer it to their customers as a value-added or enterprise solution.

The broader impact of the proposal mainly involves fostering close academia and industry relationship. The N3 group (NUST, NU, and Nayatel) will provide a working model for developing ICT capability indigenously. Beyond this industry-academia collaboration; local expertise in software-defined networking (SDN) will be developed, which is an up-and-coming networking paradigm being embraced by industry giants like Google, Facebook, Microsoft, Twitter etc. The project team will also have interaction with the top-most security and networking researchers at UCB and will target broad and impactful patents and publications. Such efforts will bring positive international recognition for academia and ICT industry of Pakistan.