Seungyong Yoon

High performance session state management scheme for stateful packet inspection

This paper relates to a method for performing Stateful Packet Inspection(SPI) in real time using a session table management scheme that allows more efficient generation of session state information. SPI is an important technique to reduce false positive alerts in network intrusion detection system(NIDS). As the number of session increases, this technique requires a higher processing speed, thereby causing performance problems. However, existing software-based solutions cannot perform real-time packet inspection ensuring the wire speed. To guarantee both performance and functionality with respect to statefulness, we designed and implemented SPI-based intrusion detection module in a FPGA to help alleviating a bottleneck in network intrusion detection systems in this paper.

High-Performance Stateful Intrusion Detection System

This paper is related with a stateful intrusion detection technology which is based on session state tracking in network intrusion detection systems (NIDSs). Todays network security systems are required high-performance as well as good functionality since the speed of the Internet is increasing. But most of the software-based NIDSs (e.g. Snort) show inefficiency and even fail to perform for the faster Internet. In this paper, we provide hardware-based stateful intrusion detection module to overcome these shortcomings of software-based solutions. By implementing stateful intrusion detection module in FPGA, we can solve the problem of performance and has capability of intrusion detection in future multi-gigabit network environment. In addition, we can improve the accuracy of intrusion detection with reducing false positive alerts

Security policy decision for automation of security network configuration

IETF has proposed a policy framework called policy-based network management (PBNM). Its best point is to provide automation of network configuration. Currently network area is actively embodying PBNM for QoS provisioning, RSVP admission control, device configuration, and etc. However, security area is not greatly interest in PBNM except IPSec. This paper proposes a PBNM-based security policy decision service, which can provide automation of security network configuration. The proposed policy decision service has capacity that can automatically create/activate a response policy rule on the basis of security status, activate a policy rule on the basis of rule timer, decide a security system best suitable to a policy rule, and select policy rules that should be applied to a security system.

ATPS: adaptive threat prevention system for high-performance intrusion detection and response

The fast extension of inexpensive computer networks has increased the problem of unauthorized access and tampering with data. Many NIDSs are developed till now to respond these network attacks. As network technology presses forward, Gigabit Ethernet has become the actual standard for large network installations. Therefore, software solutions in developing high-speed NIDSs are increasingly impractical. It thus appears well motivated to investigate the hardware-based solutions. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. In this paper, we propose the FPAG-based intrusion detection technique to detect and respond variant attacks on high-speed links. It is possible through novel pattern matching mechanism and heuristic analysis mechanism that is processed on FPGA-based reconfiguring hardware. Most of all, It was designed to fully exploit hardware parallelism to achieve real-time packet inspection, to require a small memory for storing signature. The technique is a part of our proposed system, called ATPS(Adaptive Threat Prevention System) recently developed. That is, the proposed system has hardware architecture that can be capable of provide the high-performance detection mechanism.

Mobile security technology for smart devices

While the number of smartphones increased, the security threats such as violating privacy and malicious code in smart environment increased. In general, the software security scheme is mainly used to protect mobile device from the security threat. However, this security scheme can be easily manipulated and changed. In this paper, we propose MTM hardware based mobile device security technology to prevent data leakage and unauthorized access.

Security threats analysis for Android based Mobile Device

Recently, the number of mobile malware is rapidly growing. In order to cope with mobile malware, the detection and response method of rooting attack is actively studied. However, the damages caused information leakage and financial charge can be occurred without rooting attack. In this paper, we have shown through experiments that it is possible to conduct DDoS attacks, privacy information leakage, and illegal financial charging without rooting attacks, and analyzed security vulnerabilities and threats in detail.

Detection of SMS mobile malware

This paper relates to mobile malware detection for prevention against financial charge caused by the malicious behavior using SMS. In this paper, we propose the method that conducts malicious behavior monitoring and various analysis techniques to detect the attack. This method includes malware installation check, SMS sending and receiving analysis, and signature-based pattern matching. Therefore, we can effectively respond against SMS mobile malware attacks.