What is RnD?
Research and Development
Our primary focus is on research aimed at analyzing and processing internet traffic data. The key areas of our research include the following:
Classification of Internet Resources
01
  • Projects: NetVision, Linxera/Packet, Pulsar-DPI.

  • Objective: With over 90% of internet traffic now encrypted, there is a growing need to identify the websites or applications accessed by users and determine their categories.

  • Outcome: Development of classifiers for encrypted traffic to provide actionable insights into user activity.
Handling Data Leaks in Unencrypted Traffic
04
  • Objective: Identify leaked user credentials such as emails, passwords, logins, and other data that may provide value to clients.

  • Focus: Analyzing unencrypted traffic for relevant and actionable information.
Disclosure of information on Social Media and Messaging Users
03
  • Scenario: A user in a Telegram group may anonymously publish inappropriate content with hidden contact details.

  • Objective: Develop methods to locate and identify such individuals within encrypted traffic.

  • Outcome: Tools and techniques to support investigations involving user de-anonymization in social media and messaging platforms.
Identifying Call
Participants (Packet Project)
02
  • Challenge: Most users now prefer calling via encrypted messaging platforms like WhatsApp and Telegram, which are not visible in traditional CDR (Call Detail Records) methods.

  • Solution: We develop methods to detect when a user is making a call through a messenger and find ways to identify the call participant despite encryption.
Our research primarily revolves around data transmitted over the internet, including encrypted and unencrypted traffic. We deliver actionable insights, innovative tools, and advanced methods to meet specific project and client needs.
Focus of Our Work
Development and Coding
05
  • Projects: Creation of custom bots for platforms like Telegram to assist in de-anonymization.
  • Improvement of IPDR parsers to support additional messaging apps and protocols.
  • Outcome: Enhanced tools to process and extract valuable insights from internet data.
Collaboration with Machine Learning (ML) Teams
08
  • Data Preparation: Provide datasets for training ML models.
  • Example: For our projects, we prepare datasets that allow ML models to predict user actions, such as cryptocurrency transfers.
Researching Specific Mobile Applications
07
  • Example: VPN applications on smartphones.
  • Objective: Extract project-relevant data, such as the IP addresses VPNs connect to.
  • Use Cases:Pulsar-DPI: Block unwanted VPN connections.
  • Linxera/Packet: Identify VPN usage by subscribers.
Researching Data Transmission Protocols)
06
  • Focus Areas: VPNs, messaging protocols, blockchain networks, and encrypted communications.
  • Objective: Extract useful information for specific project requirements.
  • Outcome: Advanced understanding of protocols to facilitate network analysis and monitoring.
Our research primarily revolves around data transmitted over the internet, including encrypted and unencrypted traffic. We deliver actionable insights, innovative tools, and advanced methods to meet specific project and client needs.
Focus of Our Work
Lab
MVNO Laboratory by Huawei
The compact MVNO laboratory is designed for testing and developing technical solutions related to virtual mobile networks. It allows simulation of subscriber scenarios, testing service stability, and evaluating new functionalities before production deployment.
Purpose of the MVNO Laboratory
The core network is the backbone of the MVNO infrastructure, enabling connection management, routing, and service delivery. It ensures seamless interaction between network components, subscriber devices, and external systems.
Core Network (EPC)
A Mobile Virtual Network Enabler (MVNE) provides the business infrastructure for Mobile Virtual Network Operators (MVNOs). This includes billing, operations support, core network services, and provisioning. By leveraging MVNE solutions, MVNOs can focus on customer service, product innovation, brand marketing, and user engagement, while minimizing capital expenditure risks.
What Is a Mobile Virtual Network Enabler (MVNE)?
Key
Virtualized Components:
01
MME (Mobility Management Entity):
  • Manages user mobility, session control, and authentication.

  • Handles signaling protocols S1-MME and NAS.
06
IMS (IP Multimedia Subsystem) – Optional:
  • Supports multimedia IP services, including VoLTE and video calls.
03
PGW (Packet Data Network Gateway):
  • Manages external network access (internet, corporate networks).

  • Provides QoS control, NAT, and firewall functions.
04
HSS (Home Subscriber Server):
  • Centralized subscriber database for authentication and policies.

  • Supports Diameter protocol for integration with MME.
05
PCRF (Policy and Charging Rules Function):
  • Implements real-time traffic management and charging rules.

  • Configures QoS policies for various services (voice, video, internet).
02
SGW (Serving Gateway):
  • Routes user data traffic between the base station and the PGW.

  • Supports session handovers between base stations.
Advantages of the Laboratory
  • Compact and flexible configuration.

  • Fast deployment for testing and experimentation.

  • Cost-efficient infrastructure compared to full-scale networks.

  • Secure environment for simulating scenarios without impacting real users.
Key Protocols and Interfaces
  • SIP (Session Initiation Protocol): Manages multimedia sessions via IMS.
  • S1: Between eNodeB and MME.

  • S11: For session management between MME and SGW.
  • GTP (GPRS Tunneling Protocol): For traffic tunneling across SGW, PGW, and eNodeB.

  • Diameter: Ensures communication between HSS, PCRF, and core components.

  • S1 and S11 Interfaces:
Core Network
Functional Tasks
  1. Testing voice, SMS, and data services for proper interaction.
  2. Real-time policy and charging scenario validation.
  3. Authentication and registration testing for SIM card activation.
  4. QoS optimization for data and voice transmission.
  5. Integration testing with external billing and monitoring platforms.
Monitoring
Objective:
To enhance the efficiency of technical support by minimizing incident response time, preventing failures, and reducing workload on specialists through AI-powered data analysis and infrastructure monitoring.
AI-Driven Monitoring Automation in Technical Support
  • Logging systems (ELK Stack, Fluentd, Prometheus, Grafana).
  • Monitoring sensors and agents deployed across infrastructure.
  • Collection Tools:
  • Logs from hardware and network devices (e.g., base stations, servers, routers).
  • Application and system logs (e.g., Core Network, billing platforms).
  • Performance metrics (CPU, memory, network).
  • User behavior data (connection counts, failed calls, data transfer errors).
  • Data Sources:
Real-Time Data Collection
  • Anomaly Detection: Identifying unexpected load spikes or increased failure rates.
  • Predictive Analytics: Forecasting equipment failures and network bottlenecks.
  • Event Correlation: Determining cause-and-effect relationships between incidents.
  • Analytical Functions:
  • Time-series analysis for predicting future network failures.
  • Neural Networks (LSTM):
  • Anomaly detection models: Isolation Forest, Autoencoders, and Prophet for time-series analysis.
  • Classification and failure prediction based on historical data.
  • Machine Learning (ML):
  • Technologies Used:
AI-Powered Data Analysis
  • ETL processes (Extract, Transform, Load).
  • Preprocessing using Python libraries like Pandas and TensorFlow.
  • AI Tools:
  • Data cleaning (removal of duplicates, handling missing values).
  • Standardizing data formats across logs and metrics.
  • Event timestamping and correlation.
  • Preprocessing:
  • Centralized data storage (e.g., Data Lake, Apache Kafka, BigQuery).
  • Data Consolidation:
Data Aggregation and Preprocessing
  • Prioritization of alerts based on severity.
  • Reducing false positives by analyzing alert patterns and eliminating duplicates.
  • AI Role:
  • Real-time notifications for critical events.
  • Alerts sent to messengers (Slack, Telegram), emails, or ITSM systems (ServiceNow, Jira).
  • Alert System:
Automatic Alerts and Notifications
  • Automated performance reports summarizing key metrics and incidents.
  • Key metrics include MTTR (Mean Time to Recovery), incident volume, and issue types.
  • AI-Generated Reports:
  • Real-time infrastructure status displayed via BI tools like Grafana.
  • Monitoring Dashboards:
Visualization and Reporting
  • AI generates step-by-step action plans for support teams.
  • Example: “PGW error detected. Check external network connections and initiate diagnostic tests.”
  • Recommendations for Operators:
  • High CPU usage → Automatic resource scaling.
  • Unstable network interface → Automatic restart of interfaces.
  • Examples:
  • AI-initiated actions to resolve issues automatically (e.g., service restarts, load redistribution).
  • Self-Healing Mechanisms:
Automated Decision-Making
Monitoring
Objective:
To enhance the efficiency of technical support by minimizing incident response time, preventing failures, and reducing workload on specialists through AI-powered data analysis and infrastructure monitoring.
AI-Driven Monitoring Automation in Technical Support
  • Logging systems (ELK Stack, Fluentd, Prometheus, Grafana).
  • Monitoring sensors and agents deployed across infrastructure.
  • Collection Tools:
  • Logs from hardware and network devices (e.g., base stations, servers, routers).
  • Application and system logs (e.g., Core Network, billing platforms).
  • Performance metrics (CPU, memory, network).
  • User behavior data (connection counts, failed calls, data transfer errors).
  • Data Sources:
Real-Time Data Collection
  • Anomaly Detection: Identifying unexpected load spikes or increased failure rates.
  • Predictive Analytics: Forecasting equipment failures and network bottlenecks.
  • Event Correlation: Determining cause-and-effect relationships between incidents.
  • Analytical Functions:
  • Time-series analysis for predicting future network failures.
  • Neural Networks (LSTM):
  • Anomaly detection models: Isolation Forest, Autoencoders, and Prophet for time-series analysis.
  • Classification and failure prediction based on historical data.
  • Machine Learning (ML):
  • Technologies Used:
AI-Powered
Data Analysis
  • ETL processes (Extract, Transform, Load).
  • Preprocessing using Python libraries like Pandas and TensorFlow.
  • AI Tools:
  • Data cleaning (removal of duplicates, handling missing values).
  • Standardizing data formats across logs and metrics.
  • Event timestamping and correlation.
  • Preprocessing:
  • Centralized data storage (e.g., Data Lake, Apache Kafka, BigQuery).
  • Data Consolidation:
Data Aggregation and Preprocessing
  • Prioritization of alerts based on severity.
  • Reducing false positives by analyzing alert patterns and eliminating duplicates.
  • AI Role:
  • Real-time notifications for critical events.
  • Alerts sent to messengers (Slack, Telegram), emails, or ITSM systems (ServiceNow, Jira).
  • Alert System:
Automatic Alerts and Notifications
  • Automated performance reports summarizing key metrics and incidents.
  • Key metrics include MTTR (Mean Time to Recovery), incident volume, and issue types.
  • AI-Generated Reports:
  • Real-time infrastructure status displayed via BI tools like Grafana.
  • Monitoring Dashboards:
Visualization
and Reporting
  • AI generates step-by-step action plans for support teams.
  • Example: “PGW error detected. Check external network connections and initiate diagnostic tests.”
  • Recommendations for Operators:
  • High CPU usage → Automatic resource scaling.
  • Unstable network interface → Automatic restart of interfaces.
  • Examples:
  • AI-initiated actions to resolve issues automatically (e.g., service restarts, load redistribution).
  • Self-Healing Mechanisms:
Automated
Decision-Making
Benefits of AI-Driven Monitoring Automation
Reduced Response Time: Early detection and prevention of issues.
01
Lower Workload: Automation of routine tasks and reduction of false alerts.
02
Improved Service Quality: Predictive analysis minimizes downtime and improves QoS.
03
Resource Optimization: Efficient utilization of computational and network resources.
04
Data-Driven Insights: AI processes large data volumes to uncover hidden patterns.
05
Issue: Increased call failures within a network segment.
  • Anomaly detection identifies the problem at the SGW level.
  • Automatic diagnostics check connection status and resource loads.
  • Recommendation generated: “Redistribute traffic to a backup server.”
The issue is resolved before escalation, and support specialists are notified of the completed actions.
AI Actions:
Result:
Data Collection and Preparation
01
  • Cleaning and normalization of data using AI tools.
  • Traffic classification: legitimate, anomalous, or malicious.
  • Identification of key traffic or attack characteristics.
  • Data Processing:
  • Network traffic logs (PCAP files, NetFlow).
  • Archives of malware samples and vulnerabilities.
  • Attack logs (e.g., DDoS, SQL injections, phishing).
  • Historical data from SIEM systems and sandbox environments.
  • Data Sources:
Signature Generation
03
  • Removal of redundant attributes to minimize false positives.
  • Signature Optimization:
  • AI generates new signatures based on detected patterns.
  • **Example:**When analyzing network traffic, AI detects SQL injection characteristics and generates a signature.
  • Automatic Signature Creation:
Pattern Detection and Analysis
02
  • Anomaly Detection: AI identifies unusual patterns in network traffic (e.g., activity spikes or abnormal packet headers).
  • Discovery of New Signatures: AI models generate “digital fingerprints” for new attack methods.
  • Database Comparison: Matching discovered patterns against known threats to determine uniqueness or similarity.
  • AI Functions:
  • Autoencoders: Detect hidden anomalies.
  • LSTM (Long Short-Term Memory): Analyze traffic sequences over time.
  • CNN (Convolutional Neural Networks): Identify attacks using "digital fingerprints" in signatures.
  • Deep Learning (DL):
  • Algorithms like Random Forest, Gradient Boosting, and Logistic Regression for detecting known anomalies.
  • Machine Learning (ML):
  • AI Models for Analysis:
Signatures
Signature research involves analyzing and creating digital patterns (signatures) used to detect anomalies, attacks, malicious traffic, or unusual network behavior. These signatures form the foundation of IDS/IPS (Intrusion Detection/Prevention Systems), antivirus software, firewalls, and other cybersecurity solutions.
AI-Powered Signature Research
What Is Signature Research?
Attack Classification Automation
04
  • DDoS Attacks.
  • Malware (malicious software).
  • Network and OS vulnerabilities.
  • Attack Categories:
  • Natural Language Processing (NLP) and ML classify attacks based on behavior and characteristics.
  • AI Tools:
  • Outcome:
  • AI automatically maps generated signatures to relevant threat categories for deployment in IDS/IPS systems.
Continuous Learning and Improvement
06
  • Models continuously adapt to new attack behaviors and improve accuracy over time.
  • Reinforcement Learning:
  • Insights from technical support help AI models refine predictions.
  • Successfully detected threats are added to the training database.
  • Feedback Loop:
Predictive Analysis and Zero-Day Detection
05
  • AI identifies unknown threats using anomaly behavior analysis that deviates from standard traffic patterns.
  • Predictive ML models generate signatures for new, potential threats based on historical data
  • Zero-Day Threat Detection:
  • Example:
  • AI detects an unusual HTTP request format in network traffic.
  • The behavior resembles an attack but does not match existing signatures.
  • AI generates a preliminary signature for validation.
Signature research involves analyzing and creating digital patterns (signatures) used to detect anomalies, attacks, malicious traffic, or unusual network behavior. These signatures form the foundation of IDS/IPS (Intrusion Detection/Prevention Systems), antivirus software, firewalls, and other cybersecurity solutions.
Signatures
AI-Powered Signature Research
What Is Signature Research?
Benefits of Using AI
for Signature Research
Automation: ignatures are generated and updated without manual intervention.
01
Zero-Day Detection: AI uncovers previously unknown threats through anomaly analysis
02
Reduced False Positives: Improved signature optimization minimizes false alarms.
03
Faster Response Times: AI quickly identifies and generates signatures for new threats.
04
Adaptability: AI models learn from new data and adjust to changes in attacker behavior.
05