Network Security  

   a) Current Projects:  

      Botnet Detection   (jointly with G. Fedynyshyn, Prof G. Tan)

   b) Completed Projects - partially funded by PA Digital Greenhouse and Cisco Equipment Grant :  

      BGP Security   (Kun Huang)

BGP is vulnerable to certain types of attacks. Some attacks can be mitigated by authenticating BGP messages but some cannot e.g. BGP selective dropping attacks.In this project, we design a new mitigation technique against BGP selective dropping attack.

Selected Publications

  • M. Chuah, K. Huang, "Detecting Selective Dropping Attack in BGP", to appear in LCN workshop on network security, Nov, 2006
  •       BGP Anomaly Detection   (with M. Ganiz, Prof W. Pottenger)

    BGP is the de-facto interdomain routing protocol. Many anomalous events e.g. power outage, worm attacks, misconfigurations cause large surge of BGP messages. In this project, we use a new technique called higher order path analysis to distinguish different BGP anomaly events. Our technique allows us to detect worm outbreaks faster than two existing techniques proposed by other researchers.

    Selected Publications

  • M. Ganiz, W. Pottenger, S. Kanitkar, M. Chuah, "Detection of Interdomain Routing Anomalies based on Higher Order Path Analysis", CSE Technical Report, LU-CSE-06-008, May, 2006. A newer version will appear as a short paper at ICDM, 2006.
  •       Distributed PacketScore  (Wenbin Ma, Vinay Goel, Kun Huang)

            Distributed Denial of Service (DDoS) attacks pose a serious threat to service availability of the victim network by severely degrading its performance. Packetscore is a statistical-based approach that has been proposed to detect and throttle DDoS attack traffic. Simulation results for standalone router scenario indicate that this approach is promising. Currently, we are investigating the distributed Packetscore approach using simulations as well as experiments conducted in DETER.

          Semantic-Aware Intrusion Detection System (Walter Scheirer)

               In protecting today's critical Internet infrastructure, network intrustion detection systems are essential. Popular NIDS implementations often rely on static, manually generated signatures to match malicious traffic. This approach is inadequate to respond to real-time threats of newly emerging malicious codes. Thus, in this project, we hope to produce a prototype called DIAMONDS that provides dynamic intrusion detection. The first phase of this research focused on syntax related analysis of malicious codes and automatic signature generation using sliding window-based algorithms. The second phase of this research is to attempt to data mining techniques to generate semantic-aware signatures.

         b) Network Security Seminars Fall 05