session 1341: case studies – network security
DESCRIPTION
Session 1341: Case Studies – Network Security. Research & Development. Moderator: Bryan Cline OPNET Technologies, Inc. Network Intrusion Simulation Using OPNET. Shabana Razak, Mian Zhou, Sheau-Dong Lang *. University of Central Florida and National Center for Forensic Science *. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/1.jpg)
Copyright © 2002 OPNET Technologies, Inc. 1
Session 1540: Case Studies – New Directions in Wireless Modeling
Session 1341: Case Studies – Network Security Research & Development
Moderator: Bryan ClineOPNET Technologies, Inc.
![Page 2: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/2.jpg)
Copyright © 2002 OPNET Technologies, Inc. 2
Session 1540: Case Studies – New Directions in Wireless Modeling
Network Intrusion Simulation Using OPNET
Shabana Razak, Mian Zhou, Sheau-Dong Lang*
University of Central Florida
and National Center for Forensic Science*
![Page 3: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/3.jpg)
Copyright © 2002 OPNET Technologies, Inc. 3
Session 1540: Case Studies – New Directions in Wireless Modeling
Simulation of Network Intrusion • Identify intrusion activities
• Evaluate effectiveness of IDS (Intrusion Detection System)
• Analyze network performance degradation due to IDS overhead
• Study issues related to simulation efficiency
![Page 4: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/4.jpg)
Copyright © 2002 OPNET Technologies, Inc. 4
Session 1540: Case Studies – New Directions in Wireless Modeling
Our Approach to Intrusion Simulation
• Use MIT/Lincoln Lab’s TCPDUMP files
pre-process data source to extract packet inter-arrival times, duration of source data, a list of IP addresses
• Build a network model corresponding to the extracted IP addresses, and a firewall node
• Use OPNET to simulate source data, including intrusion detection using the firewall
![Page 5: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/5.jpg)
Copyright © 2002 OPNET Technologies, Inc. 5
Session 1540: Case Studies – New Directions in Wireless Modeling
Example: Simulation of DOSNuke Attack
• It is a denial-of-service attack which sends Out-Of-Band data (MSG_OOB) to port 139 (NetBIOS), crashing a Windows NT system
• The attack’s signature contains a NetBIOS handshake followed by NetBIOS packets with the “urg” flag set
• The packet format of our OPNET simulation contains only the IP addresses, port numbers, and the flags
![Page 6: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/6.jpg)
Copyright © 2002 OPNET Technologies, Inc. 6
Session 1540: Case Studies – New Directions in Wireless Modeling
DOSNuke Simulation: Network Model
The network model contains 10 virtual PCs (PC0 is hacker, PC1 is victim), and a firewall that filters packets to/from the victim
![Page 7: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/7.jpg)
Copyright © 2002 OPNET Technologies, Inc. 7
Session 1540: Case Studies – New Directions in Wireless Modeling
DOSNuke Simulation: Packet Generator
Node structure of the packet generator
The attribute panel of the packet generator, with scripted packet inter-arrival times calculated from pre-processing the source data
![Page 8: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/8.jpg)
Copyright © 2002 OPNET Technologies, Inc. 8
Session 1540: Case Studies – New Directions in Wireless Modeling
DOSNuke Simulation: Statistics of packet rates at firewall
Packet rates at the firewall that filters the DOSNuke attack packets, clearly showing initial and 3 later peaks
![Page 9: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/9.jpg)
Copyright © 2002 OPNET Technologies, Inc. 9
Session 1540: Case Studies – New Directions in Wireless Modeling
Example: Simulation of ProcessTable Attack
Number of distinct port connections directed at the victim, clearly showing rapid increases during 3 time intervals
![Page 10: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/10.jpg)
Copyright © 2002 OPNET Technologies, Inc. 10
Session 1540: Case Studies – New Directions in Wireless Modeling
Efficiency of intrusion simulation using OPNET
OPNET Simulation Time
0
2
4
6
8
10
12
30 60 70 80 90 100 114
Time duration of source data in seconds
OP
NE
T s
imu
lati
on
tim
e in
seco
nd
s
Simulation runs on a Pentium 4 PC, 1.5 GHz CPU and 256 MB RAM
Simulation time for ProcessTable attack with the durations of data file ranging from 30 to 114 seconds, and a total of 5525 packets (approx. linear growth)
![Page 11: Session 1341: Case Studies – Network Security](https://reader035.vdocuments.mx/reader035/viewer/2022062422/56813785550346895d9f1ca4/html5/thumbnails/11.jpg)
Copyright © 2002 OPNET Technologies, Inc. 11
Session 1540: Case Studies – New Directions in Wireless Modeling
Conclusion and Further Research
• Our work demonstrated several applications of intrusion simulation using OPNET:
Detecting intrusions by displaying and identifying patterns of suspicious data packets Analyzing network performance and the intrusion detection overhead Evaluating the effectiveness of the IDS
• Further challenges include improving simulation efficiency, pre-processing source data using filtering strategies