NALA
NETWORK AI LOG-BASED ANALYZER

Real-Time AI Detection of Botnets, Malware and Network Threats

By:

Havi Lead Security Engineer

Overview

AI-based, open-source tool for detecting and blocking network backdoors in real time.

• AI-based, open-source tool for detecting and blocking network backdoors in real time.
• Uses Zeek and Suricata for deep traffic visibility and signature-based detection.
• Integrates OpenAI APIs and AbuseIP intelligence for anomaly detection and enrichment.
• Provides real-time threat response with automated blocking and alerting.
• Includes an investigation panel for analysis, triage, and reporting.

Problem

Stealthy Threats

Traditional tools miss backdoors

Slow Detection

Legacy systems can't keep up in real-time

High Costs

Advanced security breaks the bank

Complexity

Hard to deploy and maintain

Our Solution

An open-source, AI-powered security solution that's powerful yet simple to use

Goals & Objectives

The project aims to improve threat detection and simplify response through AI.

Detect and block threats in real time
Ensure easy installation and low technical barrier
Enable integration via flexible APIs
Support both small and enterprise-scale environments
Deliver a clear, user-friendly monitoring interface

Project Scope

Defining the boundaries and deliverables of our AI-powered network security solution

Included

AI engine for detecting network anomalies
Real-time log and traffic analysis
Web and mobile monitoring interfaces
Integration with Suricata and Splunk
Deployment on Raspberry Pi 5

Excluded

Manual threat analysis workflows
Proprietary software components
On-premise AI model training

Work Breakdown Structure

1. Planning & Requirements Gathering
2. Prototype Development (Engine + Dataset)
3. Detection Module & Parser
4. Tool & System Integration
5. UI Development
6. Testing & Validation
7. Deployment & Documentation

Excluded:

Manual threat analysis workflows
Proprietary or commercial software components
On-premise training of large AI models

Timeline & Milestones

• Nov 2024 – Project Initiation
• Jan 2025 – Requirements Finalized
• Mar 2025 – Prototype Complete
• May 2025 – UI & Integration Ready
• Jul 2025 – Testing Completed
• Aug 2025 – Final Deployment
• Sep 2025 – Project Closure

Budget Estimation

Total Budget (Target): $10,000

Actual Estimate: $11,330

Main Costs:

• Cloud AI Training: $6,000
• Deployment Hardware (Raspberry Pi): $750
• Local AI Setup: $2,000
• Tools, Licenses, Security: $780
• Compliance & Monitoring: $750
• Contingency: $700

Efficient use of open-source tools and low-cost hardware kept costs within a manageable range.

Resource Planning

People

• Lead Security Engineer
(design, deployment)
• AI Engineer
(model training, validation)
• Frontend Developer
(UI/dashboard)
• DevOps & IT Admins
(integration, testing)

Tools & Platforms

Development: Python, Flask, Electron
Networking: Suricata, tcpdump, Wireshark
Virtualization: VMware, Proxmox, QEMU
DevOps: Git, CI/CD, Raspberry Pi 5

Risk Assessment

Top Risks & Mitigation Strategies

1

Insufficient Training Data

→ Use synthetic/public datasets

→ Simulate logs for better coverage

3

Legacy System Compatibility

→ Design flexible APIs

→ Use wrappers/adapters

5

Stakeholder Resistance

→ Emphasize ease of use

→ Highlight cost-effectiveness

2

Hardware Limitations

→ Optimize processing

→ Offload to cloud

4

Budget Constraints

→ Phase-based deployment

→ Open-source solutions

Stakeholder Analysis

Key stakeholders and their engagement strategies for successful project implementation

Primary Stakeholders

Havi

Project Lead
S-STEM

Sponsor
SOC Analysts / IT Admins

End Users

Engagement Strategy

Manage Closely

Havi , S-STEM, Clients
Keep Satisfied

CISOs, Compliance Officers
Keep Informed

SOC teams, IT staff, Vendors, Universities, Open-source Community

Reflection & Lessons Learned

Planning with a clear WBS helped maintain focus and scope
Early definition of milestones supported agile delivery
Integration testing was more complex than expected
Open-source tools proved reliable and cost-effective
Team communication was key to resolving unexpected blockers

Successes

Challenges

Improvements

For more information, visit our website:

Here!

By: