The main objective of "Real-time network based anomaly detection and malware analysis for SMEs" is to provide small and medium-sized enterprises (SMEs) with an effective solution for detecting and analyzing network anomalies and malware attacks in real-time.
The system aims to monitor network traffic and identify any abnormal activity that may indicate a security threat, such as the presence of malware, unauthorized access attempts, or data breaches.
The objective is to provide SMEs with a cost-effective and efficient way to protect their networks and sensitive information from cyber attacks. By detecting and responding to security threats in real-time, the system can help minimize the damage caused by attacks and prevent data loss or theft.
Also planned to enhance the efficiency and effectiveness of the system by using AI solutions like ANN and NLP instead of using traditional methods to identify those anomalies.
- Main Research questions
As the worldwide trend moves towards the incorporation of smart technologies, such as smart homes, smart grids, and smart irrigation, there is a growing worry regarding attack and anomaly detection inside the Internet of Things (IoT) domain. Small and medium- sized organizations (SMEs) and smart homes have been vulnerable targets for malicious actors in recent years due to their poor cyber defensive mechanisms, which frequently consist of exploitable basic firewall systems. Many small and medium-sized enterprises (SMEs) have limited operational costs and rely on internet service providers (ISPs) and local firewall or antivirus software to protect their IT. Inadequate security measures and greater susceptibility to cyberattacks may stem from these firms' inability to engage dedicated cybersecurity personnel or to effectively manage their network security. As the
use of IoT infrastructure in a variety of industries continues to expand, this issue is of the
utmost importance.
- Individual research question
1. IT 20147228 – D.L.S.I Punyasiri
The increasing volume and complexity of malware.Time and expertise required for manual analysis of malware.Lack of interoperability between different malware analysis tools and techniques.Traditional methods may not be able to detect certain types of malware or malware that targets specific systems or devices.
2. IT 20232504 – K.N.H De Silva
Given a large-scale network, how can we effectively and efficiently detect anomalous behavior that may indicate the presence of security threats or performance issues?.Modern networks generate a massive amount of data, making it challenging to analyze all network traffic and identify anomalous behavior.Networks can have different topologies, ranging from centralized to distributed, which can impact the performance of network anomaly detection methods.Traditional methods of network anomaly detection can generate a high number of false positives, leading to alert fatigue and reducing the effectiveness of security teams.
3. IT 17179218 – H.A.D.N Perera
Determining whether the new technologies are better at detecting anomalies than traditional methods.They are able to address any limitations of the traditional methods. Assess the feasibility and scalability of implementing the new technologies in real-world IoT environments.determine whether the implementation of new technologies is a viable and effective solution to improve IoT anomaly detection
4. IT 20194130 – M.A.S.B Manchanayaka
How effective is a Raspberry Pi-based firewall in protecting a network against various cyber threats, such as malware, viruses, and hacking attempts?What are the hardware and software requirements for setting up a Raspberry Pi-based firewall, and how can these be optimized for performance and security?.What are the best practices for configuring and managing a Raspberry Pi-based firewall, and how can these be integrated into existing network infrastructure?How can a Raspberry Pi-based firewall be customized and extended to meet specific security needs, such as content filtering, intrusion detection, and traffic shaping?How does a Raspberry Pi-based firewall compare with other commercial and open-source firewall solutions in terms of cost, performance, and functionality?
- Individual Objectives
1. IT 20147228 – D.L.S.I Punyasiri
Extract relevant data points from external data sources to manually create dataset or use predefined data set related to malware analysisPreprocessed the data points using data preprocessing techniquesFeature engineering the data setFine tuning the model until get the optimal accuracy.
2. IT 20232504 – K.N.H De Silva
Extract network packets from the raspberry pi to create dataset or use predefined dataset from external sources.Preprocessed the data points before feed into the NLPCreate bag of word model using NLPFeed the NLP outcome to supervised ML model to predict the anomalies
3. IT 17179218 – H.A.D.N Perera
Manually Create or find most ideal data set related to the IOT anomalies to train the ANN.Create mechanism to extract relevant data points from raspberry pi network logs for future prediction.Maintain and achieve the highest accuracy of ANN model by using the trained dataset.Evaluation of the ANN model prediction accuracy and if not accurate retrain the model.
4. IT 20194130 – M.A.S.B Manchanayaka
Implement raspberry pi firewall by using UFW feature of the device to enhance the security of the IOT and SMEs NetworkPacket Inspection between firewall and connected devicesCreate web based system to manage the raspberry pi firewall easily and user friendly
