Windows Security Suite

In the world of today where Cyber Threats are on rise and hackers are constantly trying to get into computers to steal confidential information. The organizations are not only the ones on the hit list, the end users are vulnerable too. Thus, companies have been building too many security solutions f

Project Title

Windows Security Suite

Project Area of Specialization

Cyber Security

Project Summary

In the world of today where Cyber Threats are on rise and hackers are constantly trying to get into computers to steal confidential information. The organizations are not only the ones on the hit list, the end users are vulnerable too. Thus, companies have been building too many security solutions for organizations most of which are out of the reach of end users and are not affordable. There was a gap in Cyber Security Products specifically for the end users to be built which should help ease the end users to keep an eye on what’s going on in their system. Network Intrusion Traffic Blocker aims at providing a standalone application for everyone with 4 different modules. The security researchers, end users, developers, IT administrators, network administrators will be able to use this application. The application provides Network Packet Sniffer with the functionality to detect DOS attacks on the system. It also includes the firewall status checker, antivirus status checker, ping utility, PowerShell utility and finally the red teaming module which consists of PowerShell script which performs vulnerability scan on the provided windows environment and finds all possible vulnerabilities/loopholes which can be exploited to help aid end users secure their systems before any attacker gets into system.

Project Objectives

The purpose of our IDS is to help computer systems on how to identify attacks, and that ID is collecting information from several different sources within the computer systems and networks and compares this information with pre-existing patterns of discrimination as to whether there are attacks or weaknesses.

• Monitoring and analyzing both user and network activities and display all the information in an orderly and categorized fashion.

• Assessing system and network integrity and allowing the modules of the system to interact with the system and network to properly identify attacks.

• Ability to recognize patterns of attacks and categorized them base on several metrics (Category, probability and detectability etc.).

• Analysis of abnormal activity behavior in applications and services of the user and properly detecting these abnormal behaviors with a low false positive rate.

• Generating alert for Dos attacks and blocking them with a click of a button

Moreover, the end users will be able to use Ping Utility to troubleshoot network level problems. Firewall and AV Status module to keep an eye on the status of their operating system built-in security posture. 

PosterShell Utility will help the end users to write, execute, debug and save the powershell scripts on the fly. Thus, eliminating the need to use other applications and command-line to write scripts.

Finally the Red Teaming module will consist of built-in PowerShell scripts built specifically to check the system level vulnerabilities. If found any it will be reported to the end user on the basis of which necessary patches can be applied.

Project Implementation Method

Our system will be a Windows Desktop application that will be developed to detect the attacks of cyber-criminals on normal unsuspecting individuals and large-scale companies. The major goal is to detect intrusions in timely format and block the intrusion so that the end user may be able to use it without any extensive training. There are applications available but some possess too less features and others have too many unnecessary features causing data to become obsolete and unnecessary. Our proposed system has three main modules. The first will be a monitoring GUI; It is to be operated by the admin with unique id and password. The Monitoring will capture all incoming data packets of the TCP/IP layer and output it in a list to the end user. The captured packets will then be sent to both the signature detection and anomaly detection modules and an alert will be generated if an intrusion is detected. The signature detection module will be able to detect all incoming attacks on the network and block them by the user permission. The anomaly detection module will utilize machine-learning algorithms to detect attacks. Finally, an alert will be sent to firewall to block the intrusion, this will then allow users to detect cyber-attacks related to the TCP/IP layer.The Network Intruder Detection System will be a Windows Desktop application that will be developed to detect the attacks of cyber-criminals on normal unsuspecting individuals and large-scale companies. The major goal is to detect intrusions in timely format and block the intrusion so that the end user may be able to use it without any extensive training. There are applications available but some possess too less features and others have too many unnecessary features causing data to become obsolete and unnecessary. Our proposed system has three main modules. The first will be a monitoring GUI; It is to be operated by the admin with unique id and password. The Monitoring will capture all incoming data packets of the TCP/IP layer and output it in a list to the end user. The captured packets will then be sent to both the signature detection and anomaly detection modules and an alert will be generated if an intrusion is detected. The signature detection module will be able to detect all incoming attacks on the network and block them by the user permission. The anomaly detection module will utilize machine-learning algorithms to detect attacks. Finally, an alert will be sent to firewall to block the intrusion, this will then allow users to detect cyber-attacks related to the TCP/IP layer.

Benefits of the Project

The main objective on the basis of which this project is designed is to help aid all end-users ranging from home users, network administrators, IT administrators to cyber security enthusiasts to collect network traffic analyze it and detect network level attacks. Also, Network Intrusion Traffic Blocker provides with 4 different modules aiding everyone to troubleshoot, detect current security posture of computer system, troubleshoot network level problems, and write PowerShell scripts and to check for system wide security vulnerabilities.

•The main objective is to monitor and analyze the system level traffic including the user traffic, background traffic and system level traffic and to display it in a user friendly and organized manner.

•Network Intrusion Traffic Blocker is to be properly assessed with system and network to make sure all of the modules work as intended with the system to properly capture the network packets.

•Automatically alerting the end user if any attack is happening over the network to take necessary actions.

•On providing single click from the end user, blocking the malicious IP by adding it into to current system firewall rule. 

•Providing the end user with Ping Utility GUI to check whether the system is up and running or not. It is specifically designed for IT and Network administrators as end user’s do not use ping command.

• Firewall and Anti-Virus status will be checked and the user will be alerted if they are turned off. The user will be having the capability to turn them on with providing a single click.

 •IT Administrators will be having PowerShell Utility to write, execute and troubleshoot their PowerShell scripts on the fly. They will be able to save these scripts on the system as well.

•Custom built PowerShell scripts to check system wide vulnerabilities and to alert the user when any vulnerability is found providing end user with necessary details to fix those issues.

Technical Details of Final Deliverable

The modules would be able analysis the data and finds patterns in it, which resemble predefined attack conditions. The end module gathers data from both the anomaly detection and signature detection module and outputs the probability of an attack. This module also monitors both the detection modules and updates them.

• Collecting the outputs of anomaly-based detector and signature-based detector

• Calculating the attack probability

• Controlling the security levels of the detectors • Locating pre-defined signatures in data

• Calculating the attack probability

• Sending the data to hybrid detection module Decoding payload data for detection modules

• Sending captured packets to a GUI for user

• Manage services provided by the IDS.

• Blocking of intrusion

• Ping Utility Module

• Firewall and AV Status Checker 

• PowerShell Utility

• Red Teaming module for system level security assessments.

Final Deliverable of the Project

HW/SW integrated system

Core Industry

Security

Other Industries

Others , Health , Security , Telecommunication

Core Technology

Others

Other Technologies

Others

Sustainable Development Goals

Decent Work and Economic Growth, Industry, Innovation and Infrastructure, Peace and Justice Strong Institutions, Partnerships to achieve the Goal

Required Resources

If you need this project, please contact me on contact@adikhanofficial.com