Yong-Hee Jeon

Analysis of SEND Protocol through Implementation and Simulation

Neighbor Discovery (ND) protocol has been proposed to discover neighboring hosts and routers in IPv6 wired or wireless local networks. Even though ND protocol is very useful, it has a weakness to security because it allows a malicious user to impersonate a legitimate host or a router by forging ND protocol messages. To address the security problem, IETF (Internet Engineering Task Force) has proposed SEcure Neighbor Discovery (SEND) protocol. The key functions of SEND protocol include address ownership proof mechanism, ND protocol message protection mechanism, reply attack prevention mechanism, and router authentication mechanism. In this paper, we analyze SEND protocol in the view point of security through several experiments. For this, we implement SEND protocol in IPv6 real system and develop a simulation environment. Based on the experimental results, we also propose a monitoring-based ND message differentiation scheme which is able to make up for security vulnerability of SEND protocol effectively.

Modeling and Performance Analysis on the Response Capacity against Alert Information in an Intrusion Detection System

Summary In this paper, we propose an intrusion detection system(IDS) architecture which can detect and respond against the generation of abnormal traffic such as malicious code and Internet worms. We model the system, design and implement a simulator using OPNET Modeller, for the performance analysis on the response capacity of alert information in the proposed system. At first, we model the arrival process of alert information resulted from abnormal traffic. In order to model the situation in which alert information is intensively produced, we apply the IBP(Interrupted Bernoulli Process) which may represent well the burstiness of traffic. Then we perform the simulation in order to gain some quantitative understanding of the system for our performance parameters. Based on the results of the performance analysis, we analyze factors which may hinder in accelerating the speed of security node, and would like to present some methods to enhance performance.

Multi-Domain Security Management Framework and Its Performance Evaluation for Protecting BcN Infrastructure

Summary BcN(Broadband convergence Network) is being deployed in order to support a variety of network applications, with enhanced capabilities of QoS(Quality of Service) provisioning and security, and IPv6. In a high-speed network environment such as BcN, it is more likely for the network resources to be exposed to various intrusion activities. The propagation speed of intrusion is also expected to be much faster than in the existing Internet. In this paper, we present a multi-domain security management framework which may be used for a global intrusion detection at multiple domains of BcN and describe its characteristics. For the performance evaluation, we first present test results for the security node and compare with other products. Then we design and implement an OPNET simulator for the proposed framework, and present some simulation results. In the simulation model, we focus on the performance of alert information in the security overlay network.

Design and Implementation of Linux-based Integrated Security System(LISS) Using Open Security Tools

The wide spread of Internet makes susceptible to the attacks via communication Web from hackers using the vulnerability of both computer and network systems. In this paper, we design and implement an integrated security system, named as LISS(Linux-based Integrated Security System) in which an integrated security management is possible. This system is based on the open operating system, Linux and consists of open security tools, which is effective in security management of Linux based-servers. We also construct a test-bed in order to testify the performance of the LISS. It is revealed that the implemented system captures all the attack Patterns generated from Network Mapper.

Communication Models and Performance Evaluation for the Delivery of Data and Policy in a Hybrid-Type Intrusion Detection System

Much research efforts are being exerted for the study of intrusion detection system(IDS). However little work has been for the communication medels and performance eveluation of the IDS. Here we present a communication framework for doing hybrid intrusion detection in which agents are used for local intrusion detections with a centralized data anaysis componenta for a global intrusion detection at multiple domains environment. We also assume the combination of host-based and network-based intrusion detection systems in the oberall framework. From the local domain, a set of information such as alert, and / or log data are reported to the upper level. At the root of the hierarchy, there is a global manager where data coalescing is performed. The global manager delivers a security policy to its lower levels as the result of aggregation and correlation of intrusion detection alerts. In this paper, we model the communication mechanisms for the hybrid IDS and develop a simular using OPNET modeller for the performance evaluation of transmission capabillities for the delivery of data and policy. We present and compare simulation results based on several scenarios focuding on communication delay.