Network Security Workshop
Chairman :
Yoshiaki Kasahara (kasahara AT nc.kyushu-u.ac.jp)
Yasuichi Kitamura (kita AT jp.apan.net)
Members :
Objectives :
  • To raise the security awareness and knowledge within APAN community.
  • To exchange experience and knowledge in network security technologies and issues.
  • To cooperate with other international security efforts to raise security awareness, capabilities and interoperation globally.
Security related topics includes protection of the physical, intellectual, and electronic assets of the APAN and other network, including its security policies, network access controls, virus protection, network administration, auditing, and transaction security.
Target Audience :
Researchers, Scientists, Network Engineers.
Expected Number of Participants :
40
Agenda :
Session Chair: Yoshiaki Kasahara
  1. Botnet Detection Based on ICMP Infiltration - Slides

    Speaker: Navaneethan C. Arjuman (Universiti Sains Malaysia)

    Abstract

    Today botnet has been major malwares threat globally that involved billion of dollars has been spending over the years to overcome this threat globally.

    The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. The simplicity of the ICMP protocol has led to the lack of awareness of the various security issues it has. The ICMP itself can be used as a tool for causing possible attacks.

    The key objective of this presentation is try to address issues related vulnerability of ICMP protocols that would used by attacker to gain access the targeted system and proposed possible mitigation solution to address these related issues.

    Biography:

    Mr. Navaneethan C. Arjuman is presently Head of iNetmon Project with National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia and also fellow of Malaysian MyBrain/MyPhd Programme.

    He is also currently pursuing his Phd in the area of cyber security. He is a trained engineer by profession and holds 1st Class Honours degree in Communication and Signal processing from Staffordshire University, United Kingdom. He is also the Certified IPv6 Trainer.

    Mr. Navaneethan has served as CEO and Director of KHEC Systems Sdn Bhd and KHEC Solutions (India) Pvt Ltd. KHEC Group is IT solutions provider that has office both in Malaysia and India. Prior to this appointment, he has served as CEO and Director of iNetmon Sdn Bhd. He also served as Senior Manager at BayCom Sdn. Bhd., provider of Satellite Services prior his appointment with iNetmon Sdn Bhd. Prior to his appointment with Baycom, he was a Senior Channel Manager with Maxis Communications Bhd. He also served as a Lecturer in Sedaya University (formerly known as Sedaya College) prior to his appointment with Maxis Communications Bhd.

  2. Detecting Colluding Gray Hole Attacks in a Wireless Mesh Network - Slides

    Speaker: Shankar Karuppayah (Universiti Sains Malaysia)

    Abstract

    Gray hole attacks are a type of denial of service (DoS) attacks where one (or more) malicious node selectively drops forwarding packets. These attacks lead to wastage of network resources and are harder to be detected if the nodes are colluding and concealing their misbehaviours. This talk proposes a method to detect these attacks in a Wireless Mesh Networks (WMNs) scenario of colluding nodes.

    This method is based on an algorithm called channel-aware detection (CAD) to detect these attacks while considering normal packet losses such as medium access collision and bad channel quality. The proposed method enforces a two-way hop-by-hop traffic monitoring, and uses collaborative neighbourhood monitoring mechanism.

    The traffic monitoring mechanism consists of packet transmission overhearing and packet count history, which are done at the forwarding nodes while the neighborhood monitoring mechanism consists of router nodes which are in the transmission range (not in the forwarding path), that observe the nodes in the forwarding path for misbehaviours.

    The analysis of the proposed method shows that the network performance is improved with the implementation of the proposed method. The method successfully distinguishes between Gray Hole attackers and normal packet losses.

    Biography:

    Mr. Shankar Karuppayah is presently an Academic Staff Training Scheme (ASTS) fellow at Universiti Sains Malaysia (USM) in the National Advanced IPv6 Centre (NAv6).

    He earned his B.Sc. (HONS) in Computer Science from the Universiti Sains Malaysia in 2009 and his M.Sc. in Engineering (Software Systems Engineering) which is based on the RWTH Aachen University Model syllabus, from King Mongkut's University of Technology North Bangkok, Thailand in 2011.

    Mr. Shankar was awarded the ASTS position by USM based on his excellent performance, both curricular and co-curricular, during his bachelor studies. This position entitles him to pursue his studies up to a PhD in the field of Network Security with funding from USM under the ASTS programme.

    During his M.Sc. studies, he was also awarded a DAAD scholarship by the German government for the duration of his master's programme. This includes a one-year funding in Bangkok, Thailand (coursework only) and another in Aachen, Germany to conduct his internship and master's thesis. In July 2011, Mr. Shankar joined the NAv6 Security group as a researcher and will continue to be there until he pursues his PhD studies elsewhere. He will return to NAv6 as a lecturer after his PhD studies.

  3. A Practical Approach to Manage Phishing Incident with URL Filtering - Slides

    Speaker:Jullawadee Maneesilp (Kasetsart University, Thailand)

    Abstract

    Phishing, one of the most critical Internet attacks, has been tremendously growing in the recent years. These attacks are frauds that critically and economically affect many websites and organizations and threaten their network security. Fraudsters and hackers have continuously applied more advanced and complex techniques to convert the organization websites to the seemingly trusted financial websites to gain confidential user information. One of the most attacked organizations is education institution. Generally, education institutions organize their network-management systems by dividing into many sub-departments. This hierarchical structure causes challenge in management effectiveness and network-security enforcement.

    UniNet, the research and education network services in Thailand, has continuously reported phishing attacks for many years. In this work, we propose a design and development of phishing-management system that allows network administrators to solve the phishing attacks more effectively and rapidly. The proposed system aims to provide the network administrators multiple levels of management and respond to the phishing attacks by using three different units: (1) the ticket management, (2) the URL update automator, and (3) the web filtering. This system generates automatic notification received from a user to every involved administrator in order to rapidly take down the phishing site as well as filter such page in the same time. A High performance web filtering supported high speed traffic is developed to prevent further accesses of phishing page from the Internet. Moreover, our proposed system is designed to globally track and report the phishing attack until the overall task is completely solved. In this workshop, we will discuss the challenge of problem, the design, and the procedure demonstration of our proposed system which support 10 GigE backbone network in details.

    Biography:

    Jullawadee Maneesilp is an IT government officer of the Pollution Control Department, Bangkok, Thailand. She received her Bachelor and Master of Engineering in Computer Engineering from Kasetsart University, Bangkok, Thailand in 1999 and 2002, respectively. She was awarded the Royal Thai Government Scholarship to obtain her master's and her doctoral degree in Computer Science in 2005. She attained her Master of Science and Ph.D. in Computer Science from the University of Louisiana at Lafayette, USA in 2007 and 2011, respectively. Her Ph.D. dissertation topic is RFID technology for 3-D localization and full coverage and her currently research interests are network security and wireless sensor network technology.

  4. Active and Passive Monitoring and Analysis of Unused IP Header From Covert Channel Point of View - Slides

    Speakers: Katsuhiro Horiba (KEIO University), Yohei Kuga (Keio University, Japan)

    Abstract

    Our research shows how IP packet including Option fields, can transparent in the Internet.

    In case of data communication over the IP network, IP header is always indispensable. A type of Covert Channel which is hidden data communication unintended network policy, is using unused field in the communication Protocols. IP is one of the most usable one in the Internet because nobody can't avoid using IP headers for Internet communications. In particular, we focus on the Option field in the IP header. The IP Option fields are used for many purposes that the research of measuring the Internet topology and inter-domain covert channel communications. However, some report insisted ISP have filtered or drop the packets which have additional informations such as using some of IP Option so far.

    In view of ISP operators, all of packets' header which have possibility of covert channel should be verified. But traffic quantity have been increasing so far, thus individual packet verification is difficult today.

    Our key question is how transparent the IP packet with Options field in the global Internet. We proposed active and passive measurement methods and we discuss the probability of storage type covert communication.

    In active measurement, we installed detectors on the Planetlab, an our academic AS(ASN 2500 WIDE) and enterprise nodes, and checking reachability each other. In passive measurement, we installed optical tap at DIX-IE(public IX), NTT-NET (our Transit AS) to survey usage of the IP Options and trace CAIDA's anonymized dataset as commercial traffic dataset.

    As a result, our contribution is following two points. First, we built the stationary measurement environment to check the reachability of each IP Option packets between major ISPs. Second, we provide continuous IP Option header transparency for researchers who investigate the Internet using special packet.

    Biography:

    Katsuhiro Horiba is a doctor student at Graduate School of Media and Governance Keio University Japan and member of WIDE Project. He is currently research assistant at KEIO and NICT. He is an operator of the academic AS(AS2500 WIDE). His main research topic is future internet technology particularly virtual network, software defined network and its measurement.

    Yohei Kuga is a doctor student at Jun Murai laboratory at Graduate School of Media and Governance, Keio University, Japan. He is currently research assistant at KEIO and NICT. His main research topic is regional topology measurement and measurement tools.

Remarks :

© Copyright 2009-2012 APAN | | Last updated: 01 Feb 2012