Design and Prototyping of a Software Defined Network Architecture to Detect and Prevent Real-Time BOTNET Attacks

Principal Investigator’s Organization (PIO):

National University of Computer & Emerging Sciences (FAST-NU), Islamabad

Principal Investigator (PI):

Dr. Affan A. Syed, Dr. Syed Ali Khayam

Summary

This project developed a prototype real-time botnet detection system, in collaboration with the industrial partner, Nayatel. This system provided ISPs with the ability to track and block, in real-time, botnet infections and attacks. The solution comprised of two novel aspects: a software-defined ISP network architecture to allow real-time blocking of botnet flows using OpenFlow-enabled home routers, and a distributed algorithm for real-time botnet detection. The project team first built a prototype solution that evaluated both real data collected at Nayatel and a small emulated network. The project team also collaborated with researchers at University of California at Berkeley (UCB) who helped in defining the ground-truth of botnet infection on the same data sets, thus allowing to scientifically evaluate the efficacy of the proposed botnet detection framework. The project team also interacted with the top-most security and networking researchers at UCB and targetted broad and impactful patents and publications. Such efforts brought positive international recognition for academia and ICT industry of Pakistan.

Start Date 01-Feb-2012

Duration 24 months

Budget PKR 13.23 million

Status  Closed Project

Progress Report View Progress Report

Publications   N/A

Thematic Area  Security

Project Website 
http://www.sysnet.org