1 / 11

Session 1341: Case Studies – Network Security

Session 1341: Case Studies – Network Security. Research & Development. Moderator: Bryan Cline OPNET Technologies, Inc. Network Intrusion Simulation Using OPNET. Shabana Razak, Mian Zhou, Sheau-Dong Lang *. University of Central Florida and National Center for Forensic Science *.

noble-kidd
Download Presentation

Session 1341: Case Studies – Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Session 1341: Case Studies – Network Security Research & Development Moderator: Bryan Cline OPNET Technologies, Inc.

  2. Network Intrusion Simulation Using OPNET Shabana Razak, Mian Zhou, Sheau-Dong Lang* University of Central Florida and National Center for Forensic Science*

  3. Simulation of Network Intrusion • Identify intrusion activities • Evaluate effectiveness of IDS (Intrusion Detection System) • Analyze network performance degradation due to IDS overhead • Study issues related to simulation efficiency

  4. Our Approach to Intrusion Simulation • Use MIT/Lincoln Lab’s TCPDUMP files • pre-process data source to extract packet inter-arrival times, duration of source data, a list of IP addresses • Build a network model corresponding to the extracted IP addresses, and a firewall node • Use OPNET to simulate source data, including intrusion detection using the firewall

  5. Example: Simulation of DOSNuke Attack • It is a denial-of-service attack which sends Out-Of-Band data (MSG_OOB) to port 139 (NetBIOS), crashing a Windows NT system • The attack’s signature contains a NetBIOS handshake followed by NetBIOS packets with the “urg” flag set • The packet format of our OPNET simulation contains only the IP addresses, port numbers, and the flags

  6. DOSNuke Simulation: Network Model The network model contains 10 virtual PCs (PC0 is hacker, PC1 is victim), and a firewall that filters packets to/from the victim

  7. DOSNuke Simulation: Packet Generator The attribute panel of the packet generator, with scripted packet inter-arrival times calculated from pre-processing the source data Node structure of the packet generator

  8. DOSNuke Simulation: Statistics of packet rates at firewall Packet rates at the firewall that filters the DOSNuke attack packets, clearly showing initial and 3 later peaks

  9. Example: Simulation of ProcessTable Attack Number of distinct port connections directed at the victim, clearly showing rapid increases during 3 time intervals

  10. Efficiency of intrusion simulation using OPNET Simulation runs on a Pentium 4 PC, 1.5 GHz CPU and 256 MB RAM Simulation time for ProcessTable attack with the durations of data file ranging from 30 to 114 seconds, and a total of 5525 packets (approx. linear growth)

  11. Conclusion and Further Research • Our work demonstrated several applications of intrusion simulation using OPNET: • Detecting intrusions by displaying and identifying patterns of suspicious data packets  Analyzing network performance and the intrusion detection overhead  Evaluating the effectiveness of the IDS • Further challenges include improving simulation efficiency, pre-processing source data using filtering strategies

More Related