Project Nozzle: Software-Defined Enterprise Network Security
Despite huge levels of investment in IT infrastructure the current state of operational enterprise network security continues to be abysmal. Existing appliance-based solutions are closed, inflexible, unscaleable and expensive. As enterprise network speeds increase to 100 Gb/s and beyond a new approach is required.
Nozzle combines software-defined networking (SDN) and network function virtualisation (NFV) in a novel way to decouple “data collection” from “data analytics”, thus enabling the use of machine learning and AI methods for cyber-security analytics in software while maintaining high speed data forwarding in (OpenFlow and P4) programmable hardware.
- Craig Russell (D61),
- Minzhao Lyu (UNSW, D61),
- Jawad Ahmed (UNSW, D61),
- Vijay Sivaraman (UNSW),
- Hassan Habibi Gharakheili (UNSW)
- Nozzle is co-funded by DSTG and AARNet and will be undergoing operational trials on a campus network in 2019.
- Jawad Ahmed, Hassan Habibi Gharakheili, Qasim Raza, Craig Russell and Vijay Sivaraman, “Real-Time Detection of DNS Exfiltration and Tunneling from Enterprise Networks”, accepted to IFIP/IEEE International Symposium on Integratyed Network Management 2019.
- Minzhao Lyu, Hassan Habibi Gharakheili, Craig Russell and Vijay Sivaraman, “Mapping an Enterprise Network by Analysing DNS Traffic”, submitted to PAM2019.