Bo-Heung Chung

Kernel-level intrusion detection system for minimum packet loss

Supporting dynamic rule change with minimum packet loss is one of the key issues for intrusion detection. To detect intrusion, in general, Intrusion Detection System(IDS) has a copy step where P packet is captured at kernel level and it is used for detection in user level. While doing this job, the next packet cannot be captured because this procedure isn¿t finished yet. This paper proposes the Kernel-level Intrusion Detection System(KIDS) which can detect various network attacks with minimum packet loss. This system is executed in kernel as a kernel program, and can detect intrusion at kernel level without copy step. Dynamic rule change is done quickly through appending and setting a delete mark operation. After this work, it is not needed to reboot a kernel and new type of network attack can be detected easily. With the help of this dynamic rule change, waiting time of detection process is minimized and its job can be continued as quickly as possible. Due to these features, the packet loss is greatly reduced.

Incorporating intrusion detection functionality into IXP2800 network processor based router

Network processor (NP)-based network devices enable us to easily add functionalities by program update. This paper suggests the method of developing intrusion detection system by use of micro-engine program on Intel IXP2800 NP based router system

Design of packet detection system for high-speed network environment

As matching rules used in packet detection systems are more complicated, performance accelerating techniques are more needed. In this paper, we review a packet matching problem in NIDS and suggest a new fast packet matching teehnique which can adapt to packet matching rules made up of multiple fields. It first prepares a table which is arranged intrusion detection rules on the basis of comparative basis value extracted in each fields, finds a correct rule after comparing the comparative basis value with each field in every incoming new packets. Suggesting technique helps high speed packet matching system.

The Study on the Cyber Security Requirements of Cyber-Physical Systems for Cyber Security Frameworks

A cyber-physical system(CPS) is a collection of cyber and physical components that interact with each other to achieve a particular application. Here, the CPS is emerged the reliability and security problems. Particularly, the defect of reliability in the data/control transmission under the CPS can lead to serious damage. We discuss the reliability and security problem on CPS architecture. Then we would suggest the considerations of cyber security in industrial control systems built with CPS.

The Design of Signature Selection for Protecting Illegal Outflow of Sensitive Information in Mobile Device

Illegal outflow of important data in a mobile device is a sensitive and main issue in mobile security. Within restricted resources such as small memory size and low battery capacity, simple and efficient method is needed to lessen much effort for preventing this illegal activity. In this paper, we discuss a protection technique taking into account these considerations. Some data is extracted from important file, it is used to prevent illegal file transfer and modification. To avoid attacker’s easy prediction the location of the selection of this data, it is selected within whole extent of the file by equal distribution. To avoid huge increase of selected data than that of specific location selection, through analysis of the length and number of files, the number of selection is restricted at minimum size. To decrease computational overhead to calculate the number and location of the data to be selected, it will be done that pre-computation for this information in advance. With the help of this technique, it has advantages that illegal outflow in a mobile device can be protected and prohibited effectively and a mobile device can be managed securely within low overhead.

Kernel-level intrusion detection method using simplification and grouping

This paper proposes the kernel-level intrusion detection method (KIDM) using simplification and grouping of intrusion detection rules. These rules group into group-rule and common-rule generated by simplification. The intrusion detection is separated into common detection and extended detection step. The packet is checked by common detection using the common-rule. If this step detects nothing, the packet is forwarded to its destination. If not, it is passed into the extended detection using the group-rule. Through grouping of similar detection rules, the search space and searching time can be greatly minimized. Using the simplified rule in intrusion detection, the packet inspection time can be largely reduced. With the help of these two steps, fast and effective intrusion detection is possible in network nodes such as router and switch