• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1568-1570
• /
• 2005

The internet is already a part of life. It is very convenient and people can do almost everything with internet that should be done in real life. Along with the increase of the number of internet user, various network attacks through the internet have been increased as well. Also, Large-scale network attacks are a cause great concern for the computer security communication. These network attack becomes biggest threat could be down utility of network availability. Most of the techniques to detect and analyze abnormal traffic are statistic technique using mathematical modeling. It is difficult accurately to analyze abnormal traffic attack using mathematical modeling, but network simulation technique is possible to analyze and simulate under various network simulation environment with attack scenarios. This paper performs modeling and simulation under virtual network environment including $NGSS^{1}$ system to analyze abnormal traffic-flooding attack.

• Journal of the Korea Society for Simulation
• /
• v.12 no.4
• /
• pp.25-40
• /
• 2003

With the growing usage of the networks, the world-wide Internet has become the main means to exchange data and carry out transactions. It has also become the main means to attack hosts. To solve the security problems which occur in the network such as Internet, we import software products of network security elements like an IDS (Intrusion Detection System) and a firewall. In this paper, we have designed and constructed the general simulation environment of network security model composed of multiple IDSes and a firewall which coordinate by CNP (Contract Net Protocol) for the effective detection of the intrusion. The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls the execution of agents or a contractee, who performs intrusion detection. In the network security model, each model of simulation environment is hierarchically designed by DEVS(Discrete Event system Specification) formalism. The purpose of this simulation is that the application of rete pattern-matching algorithm speeds up the inference cycle phases of the intrusion detection expert system and we evaluate the characteristics and performance of CNP architecture with rete pattern-matching algorithm.

• Journal of the Korea Society for Simulation
• /
• v.10 no.4
• /
• pp.51-64
• /
• 2001

It is quite necessary that an organization's information network should be equipped with a proper security system based on its scale and importance. One of the effective methods is to use the simulation model for deciding which security policy and mechanism is appropriate for the complex network. Our goal is to build a foundation of knowledge-based modeling and simulation environment for the network security. With this environment, users can construct the abstracted model of security mechanisms, apply various security policies, and quantitatively analyze their security performance against possible attacks. In this study, we considered security domain from several points of view and implemented the models based on a systematic modeling approach. We enabled the model to include knowledge in modular fashion and provided well-defined guidelines for transforming security policy to concrete rule set.

• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.197-206
• /
• 2003

With the growing usage of the networks, the world-wide Internet has become the main means to exchange data and carry out transactions. It has also become the main means to attack hosts. To solve the security problems which occur in the network such as Internet, we import software products of network security elements like an IDS (Intrusion Detection System) and a firewall. In this paper, we have designed and constructed the General Simulation Environment of Network Security model composed of multiple IDSes and a firewall which coordinate by CNP (Contract Net Protocol) for the effective detection of the intrusion. The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls tie execution of agents or a contractee, who performs intrusion detection. In the Network Security model, each model of simulation environment is hierarchically designed by DEVS (Discrete EVent system Specification) formalism. The purpose of this simulation is to evaluate the characteristics and performance of CNP architecture with rete pattern matching algorithm and the application of rete pattern matching algorithm for the speeding up the inference cycle phases of the intrusion detection expert system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.2
• /
• pp.13-26
• /
• 2001

This paper presents the network security modeling methodology and simulation using the hierarchical and modular modeling and simulation framework. Recently, Howard and Amoroso developed the cause-effect model of the cyber attack, defense, and consequences, Cohen has been proposed the simplified network security simulation methodology using the cause-effect model, however, it is not clear that it can support more complex network security model and also the model-based cyber attack simulation. To deal with this problem, we have adopted the hierarchical and modular modeling and simulation environment so called the System Entity Structure/Model Base (SES/MB) framework which integrates the dynamic-based formalism of simulation with the symbolic formalism of AI. Several simulation tests performed on sample network system verify the soundness of our method.

• Journal of the Korea Society for Simulation
• /
• v.11 no.2
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.155-162
• /
• 2003

Today's network consists of a large number of routers and servers running a variety of applications. Policy-based network provides a means by which the management process can be simplified and largely automated. In this paper we build a foundation of policy-based network modeling and simulation environment. The procedure and structure for the induction of policy rules from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Base) are developed. The structure also transforms the policy rules into PCIM (Policy Core Information Model). The effect on a particular policy can be tested and analyzed through the simulation with the PCIMs and SVDB.

• Proceedings of the KSRS Conference
• /
• 2004.10a
• /
• pp.712-715
• /
• 2004

War game Simulation System is a simulation system of military operation. In order to ensure all of the data that are running are secure, this system has to emphasize the security policy. In this paper, we analyze the running environment and the weakness of the security about exiting system. For improving the weakness, we design and implement this security system that is consisted of three components: Authentication System, Encryption System and Network Security System. Therefore, we can apply War game Simulation System to security system and improve the secure performance of this one.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.101-106
• /
• 2004

Recently, a network defense simulator becomes essential in studying cyber incidents because the cyber terror become more and more interesting. The network defense simulator is a tool to estimate damages and an effectiveness of a defense mechanism by modeling network intrusions and defense mechanisms. Using this tool, users can find efficient ways of preventing a cyber terror and recovering from the damage. Previous simulators start the simulation after entire scenario has made and been loaded to simulation engine. However, in this way it can't model human judgement and behavior, and it can't simulate the real cyber terror very well. In this paper, we have added a dynamic simulation component to our previous network security simulator. This component improved accurate modeling of network intrusions and defense behaviors. We have also proposed new modified architecture of the simulation system. Finally we have verified correct simulation results from stammer worn simulation.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.565-572
• /
• 2001

Recently, due to the open architecture of the internet and wide spread of internet users, the cyber terror threatens to the network\`s weak point are tending grow. Until now, information security solutions are passive on security host and particular security system. This passive information security solution is weak from the attacks through the networks connected worldwide internet systems, and has limitation on the defense against cyber terror attacks. Therefore, network level integrated security function must be provided. In this paper, we consider technology limitations on the information security problems and its environment. Then we present the architecture and functions of policy-based information security services for network level active information security function. This paper also includes design of target system, which provide information security services. Finally, we discuss network level system deployment direction and discuss with Network Security Simulation.