Welcome to the Da-Goat-NetworkSec-Tool, a comprehensive network analysis suite crafted with precision and innovation by Team 12, the IDS Sorcerers, for the 2nd Ghabgathon 2024, hosted by KCST. Engineered to address the multifaceted challenges of network security, our suite integrates advanced tools including a Network Scanner, Packet Sniffer, Packet Analyzer, and a robust NIDS (Network Intrusion Detection System) with both misuse and anomaly detection capabilities. Harnessing the power of AI and ML algorithms, combined with cutting-edge data analytics methodologies like decision trees, neural networks, and Weka, we offer an unparalleled solution in network security :)
- Omar Theeb @KCST
- Ahmad Maher @KCST
- Roshdi Aldebeki @KCST
- Salem AbdulNabi @KCST
Note: Please refere to each sub-project readme file to get the most of this repo + all tecchnical details are coverd in each sub-project readme file.
In the ever-evolving digital age, networks face increasing vulnerabilities to a diverse range of security threats. With cyber-attacks growing in sophistication, traditional security tools lag in providing the necessary defense, highlighting the urgent need for a more dynamic and comprehensive approach.
The Da-Goat-Network-Tool emerges as a beacon of innovation, delivering a multifaceted network security solution. By seamlessly integrating network scanning, packet sniffing, packet analyzing, and intrusion detection, our tool offers an exhaustive analysis of network traffic. It adeptly identifies potential vulnerabilities through misuse and anomaly detection with success rate reaches +95%, while the server-based NIDS component further elevates security measures by incorporating firewall functionalities and advanced threat classification techniques.
- Programming Languages: Python and Javascript.
- ANOMILY and MISUSE Based IDS: decision trees and neural networks, pandass, numpy, concurrent.features, math, tensorflow, csv, rrnf, threading, typing, dict, Scikit-learn(sklearn), Weka.
- Server Based IDS: optparse, os, platform, threading, time, traceback, threading, struct, socket, re, platform, optparse, mmap, inspect, cProfile
- Packet Analysis: pyshark, custom tkinter, threading, massege box, metasploit, beautiful soup, psutil, subprocess.
- Network Scanning and Packet Sniffing: Developed with Python's Scapy library.
- Operating System for Development: Windows (10 Pro).
- All datasets used in the ANOMILY and MISUSE Based IDS are available on its data folder
- Packet Sniffer: Captures packets from any selected network adapter, preserving data for subsequent analysis.
- Packet Analyzer: Delivers comprehensive packet analysis with sophisticated filtering capabilities, powered by Wireshark.
- Network Scanner: Efficiently scans and catalogs all devices and services within a network.
- NIDS: Features a dual-mode Intrusion Detection System for both misuse and anomaly detection, complemented by a server-based NIDS for an exhaustive traffic analysis, classification, and representation (IDS with accuracy rates of 94.4% for misuse detection and 99.0% for anomaly detection).
- Advanced Real-Time Monitoring: The tool provides real-time analysis and monitoring of network traffic.
- Customizable Alerts: Users can configure custom alerts based on specific parameters or threat levels.
- Deep Packet Inspection (DPI): Leveraging sophisticated DPI technology, the tool offers detailed analysis of the data part of a packet, going beyond basic header information.
- Automated Threat Response: Integrating with existing security protocols and systems, the suite can automate responses to identified threats, from isolating affected systems to blocking malicious traffic.
- Comprehensive Reporting and Analytics: The suite comes with powerful reporting tools that compile detailed analyses and summaries of network traffic, security incidents, and system performance.
- User and Entity Behavior Analytics (UEBA): By employing UEBA, the tool can detect anomalies in user behavior that could indicate insider threats or compromised accounts.
- Secure Configuration Management: It assists in maintaining optimal security settings across network devices and software, providing guidance on secure configurations and alerting administrators to changes that could introduce vulnerabilities.
- Malware: This includes viruses, worms, trojan horses, ransomware, spyware, adware, and fileless malware.
- Phishing Attacks.
- Man-in-the-Middle (MitM) Attacks.
- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks.
- SQL Injection.
- Cross-Site Scripting (XSS).
- Session Hijacking and Cookie Theft.
- Zero-Day Exploits.
- Advanced Persistent Threats (APTs).
- Insider Threats.
- DNS Tunneling.
- Pass-the-Hash (PtH) Attacks.
- Credential Stuffing.
- Drive-by Downloads.
- Rootkits.
- Logic Bombs.
- Botnets.
- Linux
- Windows 10 and above
- MacOS (Mojave and above)
- Expanding integration with cloud-based services for real-time threat intelligence sharing.
- Advancing AI models to further refine detection accuracy.
- Developing a user-friendly dashboard for enriched real-time monitoring and alerting capabilities.
- Expanding integration with blockchain by using blockchain consensu merkle tree root hash. Consensus mechanisms like Proof-of-Work (PoW) or Proof-of-Stake (PoS) ensure the immutability and reliability of the data.
- Integrating this system with one of the best networksec products "ZTNA 2:0" from the famous org. Paloalto
- Integrating a comprehensive suite like the Da-Goat-Network-Tool posed significant challenges, especially in harmonizing diverse components into a unified platform within 2days frame. Our pursuit of precise threat detection with minimal false positives demanded relentless testing and meticulous refinement of our AI and ML models. Effective collaboration and communication within our diverse team were instrumental in navigating these hurdles successfully.
- Once I have time I will write it :)
- Dr. Omar Y Adam aka "THE CS LEGEND" from KCST
- Mr. Derek Chen (@dc8866) - https://www.linkedin.com/in/yinon-chan
- Ms. Olivia Gallucci (@oliviagallucci) - https://oliviagallucci.com
- @EVTDAnI github
- Dr. Murad Khan from KCST
- Dr. Basil Alothman from KCT
- Dr. Abdullatif Baba from KCST
- Dr. Belal Ali from Paloalto
- Eng. Abdulrehman Serhan from KCST
- Eng. Rami Alghul from F5
- Mr. Saleh Burizq from NCSCKW
- Dr. Mark Gregory from RMIT
- Othman Aldhufari student @KCST
- @stampram github
- @oliviagallucci github
- Mr. Bashar Al-abdulhadi from KUWAITNET
Written by: Omar Theeb <3