noble-kidd
Uploaded by
11 SLIDES
248 VUES
110LIKES

Session 1341: Case Studies – Network Security

DESCRIPTION

This case study presents a detailed approach to network intrusion simulation using OPNET technology. Conducted by researchers from the University of Central Florida and the National Center for Forensic Science, the study explores how intrusion detection systems (IDS) can identify attack patterns, assess their effectiveness, and analyze the associated network performance degradation. By simulating various attacks, such as the DOSNuke attack, the authors demonstrate the efficiency of their methods and highlight challenges in improving simulation processes for better efficiency and accuracy.

1 / 11

Télécharger la présentation

Session 1341: Case Studies – Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 1341: Case Studies – Network Security Research & Development Moderator: Bryan Cline OPNET Technologies, Inc.

  2. Network Intrusion Simulation Using OPNET Shabana Razak, Mian Zhou, Sheau-Dong Lang* University of Central Florida and National Center for Forensic Science*

  3. Simulation of Network Intrusion • Identify intrusion activities • Evaluate effectiveness of IDS (Intrusion Detection System) • Analyze network performance degradation due to IDS overhead • Study issues related to simulation efficiency

  4. Our Approach to Intrusion Simulation • Use MIT/Lincoln Lab’s TCPDUMP files • pre-process data source to extract packet inter-arrival times, duration of source data, a list of IP addresses • Build a network model corresponding to the extracted IP addresses, and a firewall node • Use OPNET to simulate source data, including intrusion detection using the firewall

  5. Example: Simulation of DOSNuke Attack • It is a denial-of-service attack which sends Out-Of-Band data (MSG_OOB) to port 139 (NetBIOS), crashing a Windows NT system • The attack’s signature contains a NetBIOS handshake followed by NetBIOS packets with the “urg” flag set • The packet format of our OPNET simulation contains only the IP addresses, port numbers, and the flags

  6. DOSNuke Simulation: Network Model The network model contains 10 virtual PCs (PC0 is hacker, PC1 is victim), and a firewall that filters packets to/from the victim

  7. DOSNuke Simulation: Packet Generator The attribute panel of the packet generator, with scripted packet inter-arrival times calculated from pre-processing the source data Node structure of the packet generator

  8. DOSNuke Simulation: Statistics of packet rates at firewall Packet rates at the firewall that filters the DOSNuke attack packets, clearly showing initial and 3 later peaks

  9. Example: Simulation of ProcessTable Attack Number of distinct port connections directed at the victim, clearly showing rapid increases during 3 time intervals

  10. Efficiency of intrusion simulation using OPNET Simulation runs on a Pentium 4 PC, 1.5 GHz CPU and 256 MB RAM Simulation time for ProcessTable attack with the durations of data file ranging from 30 to 114 seconds, and a total of 5525 packets (approx. linear growth)

  11. Conclusion and Further Research • Our work demonstrated several applications of intrusion simulation using OPNET: • Detecting intrusions by displaying and identifying patterns of suspicious data packets  Analyzing network performance and the intrusion detection overhead  Evaluating the effectiveness of the IDS • Further challenges include improving simulation efficiency, pre-processing source data using filtering strategies

More Related