Introduction
Under this project, we have researched and developed an accurate and real-time enterprise intrusion detection and prevention solution to detect zero-day network attacks. This solution consists of two main components: a passive anomaly detector and an active anomaly detector. The active anomaly detector preemptively and quickly detects Internet-scale and targeted threats and also facilitates attack forensics. The anomaly detector evaluates existing and new traffic features of incoming and outgoing traffic for real-time attack characterization. These features have been used for attack detection in novel information-theoretic, statistical, and machine learning frameworks. The second component of the proposed solution, the passive anomaly detector, has been designed to capture incoming traffic that is bound for inactive IP addresses and ports inside an enterprise network. The passive detector develops a baseline model of mis-configured incoming network traffic. Deviations from this model have been used to detect malicious traffic patterns. The datasets collected and the anomaly detectors developed in this project can be downloaded from this webpage.
-
Project Director:
Dr. Syed Ali Khayam
Assistant Professor
NUST School of Electrical Engineering and Computer Science (NUST- SEECS)
ali.khayam@seecs.edu.pk -
Project Co-Director:
Ali Sajjad
Lecturer
NUST School of Electrical Engineering and Computer Science (NUST- SEECS)
ali.sajjad@seecs.edu.pk