The Experts below are selected from a list of 99 Experts worldwide ranked by ideXlab platform
Yuan-sun Chu - One of the best experts on this subject based on the ideXlab platform.
-
ASIC design and implementation for VoIP intrusion prevention system
2016 International Conference on Applied System Innovation (ICASI), 2016Co-Authors: Ming-jen Chen, Chih-chao Wen, Hsin-chen Lin, Yuan-sun ChuAbstract:With the growing of Internet, voice over IP (VoIP) becomes more popular telephony application. VoIP is an Internet Protocol, which is used for voice transmission over Internet. The main advantages of VoIP are low calling expense, low construction cost, easy scalability, and good voice quality. McAfee Labs pointed out that VoIP technology is still very progressive, but VoIP defense strategies are lagging far behind. Therefore, VoIP attack is a very serious problem. Voice over IP Security Alliance (VOIPSA) proposed that Intrusion Detection/ Prevention Systems are useful to find unusual behaviour from VoIP traffic. In this paper, the ASIC design and implementation for VoIP Intrusion Prevention System (IPS) with hierarchical architecture of Statistical Anomaly-based Detection (SAD) and Stateful Protocol Anomaly Detection (SPAD) modules is proposed. SAD is used to offload SPAD loading to increase VoIP IPS processing performance. And Profile Analysis (PA) module is proposed to decrease SAD false positive ratio by updating SAD profile threshold based on SPAD results. If attack traffic is 10% of all traffic, the processing speed of VoIP IPS system will increases 8.89% than the system without SAD module. And 60% attack traffic will increase about 50% processing speed. VoIP IPS throughput can achieve up to 2.66Gbps.
-
ISCAS - An ASIC for SMTP Intrusion Prevention System
2009 IEEE International Symposium on Circuits and Systems, 2009Co-Authors: Ming-jen Chen, Kuan-ping Chien, Chia-ying Huang, Bo-chao Cheng, Yuan-sun ChuAbstract:Email is one of the most important applications in communication. Due to the convenience and importance of emails, SMTP attack and spam mail have become the most serious problems in email service. A single security technique is not enough to protect the email system from attacks. In this paper, we propose a hardware-based design of the SMTP Intrusion Prevention System (IPS) with Virus Detection Engine. The SMTP IPS is based on stateful Protocol Anomaly Detection and high speed virus Detection. It forms an Unified Threat Management (UTM) to the email system. The ASIC of SMTP IPS can supports at least 4.12 Gbps for parallel Detection of SMTP and virus attack.
-
NPC - SIPS: a stateful and flow-based intrusion prevention system for email applications
Lecture Notes in Computer Science, 2007Co-Authors: Bo-chao Cheng, Ming-jen Chen, Yuan-sun Chu, Andrew Chen, Sujadi Yap, Kuo-pao FanAbstract:In the fast-growing internet applications, email becomes more and more important in communication. SMTP attacks and spam have become one of the most serious problems. Particularly, the SMTP attacks and spam varies on email, for example spoofing address, illegal characters, sending in bulk, too many SMTP commands and so on. A single security technique is not enough to protect the system from these attacks and spam. In this paper, we propose a SMTP Intrusion Prevention System (SIPS) which bases on the concept of Stateful Protocol Anomaly Detection and Flow-based Inspection. SIPS is implemented by a finite state machine to inspect all coming email flows. It is according to the media type of email flow and their characteristics. On the test of a real email environment, our approach can prevent attacks on SMTP attack (mail bomb) average about 95.4% and spam average about 91.1%.
Ming-jen Chen - One of the best experts on this subject based on the ideXlab platform.
-
ASIC design and implementation for VoIP intrusion prevention system
2016 International Conference on Applied System Innovation (ICASI), 2016Co-Authors: Ming-jen Chen, Chih-chao Wen, Hsin-chen Lin, Yuan-sun ChuAbstract:With the growing of Internet, voice over IP (VoIP) becomes more popular telephony application. VoIP is an Internet Protocol, which is used for voice transmission over Internet. The main advantages of VoIP are low calling expense, low construction cost, easy scalability, and good voice quality. McAfee Labs pointed out that VoIP technology is still very progressive, but VoIP defense strategies are lagging far behind. Therefore, VoIP attack is a very serious problem. Voice over IP Security Alliance (VOIPSA) proposed that Intrusion Detection/ Prevention Systems are useful to find unusual behaviour from VoIP traffic. In this paper, the ASIC design and implementation for VoIP Intrusion Prevention System (IPS) with hierarchical architecture of Statistical Anomaly-based Detection (SAD) and Stateful Protocol Anomaly Detection (SPAD) modules is proposed. SAD is used to offload SPAD loading to increase VoIP IPS processing performance. And Profile Analysis (PA) module is proposed to decrease SAD false positive ratio by updating SAD profile threshold based on SPAD results. If attack traffic is 10% of all traffic, the processing speed of VoIP IPS system will increases 8.89% than the system without SAD module. And 60% attack traffic will increase about 50% processing speed. VoIP IPS throughput can achieve up to 2.66Gbps.
-
ISCAS - An ASIC for SMTP Intrusion Prevention System
2009 IEEE International Symposium on Circuits and Systems, 2009Co-Authors: Ming-jen Chen, Kuan-ping Chien, Chia-ying Huang, Bo-chao Cheng, Yuan-sun ChuAbstract:Email is one of the most important applications in communication. Due to the convenience and importance of emails, SMTP attack and spam mail have become the most serious problems in email service. A single security technique is not enough to protect the email system from attacks. In this paper, we propose a hardware-based design of the SMTP Intrusion Prevention System (IPS) with Virus Detection Engine. The SMTP IPS is based on stateful Protocol Anomaly Detection and high speed virus Detection. It forms an Unified Threat Management (UTM) to the email system. The ASIC of SMTP IPS can supports at least 4.12 Gbps for parallel Detection of SMTP and virus attack.
-
NPC - SIPS: a stateful and flow-based intrusion prevention system for email applications
Lecture Notes in Computer Science, 2007Co-Authors: Bo-chao Cheng, Ming-jen Chen, Yuan-sun Chu, Andrew Chen, Sujadi Yap, Kuo-pao FanAbstract:In the fast-growing internet applications, email becomes more and more important in communication. SMTP attacks and spam have become one of the most serious problems. Particularly, the SMTP attacks and spam varies on email, for example spoofing address, illegal characters, sending in bulk, too many SMTP commands and so on. A single security technique is not enough to protect the system from these attacks and spam. In this paper, we propose a SMTP Intrusion Prevention System (SIPS) which bases on the concept of Stateful Protocol Anomaly Detection and Flow-based Inspection. SIPS is implemented by a finite state machine to inspect all coming email flows. It is according to the media type of email flow and their characteristics. On the test of a real email environment, our approach can prevent attacks on SMTP attack (mail bomb) average about 95.4% and spam average about 91.1%.
Bo-chao Cheng - One of the best experts on this subject based on the ideXlab platform.
-
ISCAS - An ASIC for SMTP Intrusion Prevention System
2009 IEEE International Symposium on Circuits and Systems, 2009Co-Authors: Ming-jen Chen, Kuan-ping Chien, Chia-ying Huang, Bo-chao Cheng, Yuan-sun ChuAbstract:Email is one of the most important applications in communication. Due to the convenience and importance of emails, SMTP attack and spam mail have become the most serious problems in email service. A single security technique is not enough to protect the email system from attacks. In this paper, we propose a hardware-based design of the SMTP Intrusion Prevention System (IPS) with Virus Detection Engine. The SMTP IPS is based on stateful Protocol Anomaly Detection and high speed virus Detection. It forms an Unified Threat Management (UTM) to the email system. The ASIC of SMTP IPS can supports at least 4.12 Gbps for parallel Detection of SMTP and virus attack.
-
NPC - SIPS: a stateful and flow-based intrusion prevention system for email applications
Lecture Notes in Computer Science, 2007Co-Authors: Bo-chao Cheng, Ming-jen Chen, Yuan-sun Chu, Andrew Chen, Sujadi Yap, Kuo-pao FanAbstract:In the fast-growing internet applications, email becomes more and more important in communication. SMTP attacks and spam have become one of the most serious problems. Particularly, the SMTP attacks and spam varies on email, for example spoofing address, illegal characters, sending in bulk, too many SMTP commands and so on. A single security technique is not enough to protect the system from these attacks and spam. In this paper, we propose a SMTP Intrusion Prevention System (SIPS) which bases on the concept of Stateful Protocol Anomaly Detection and Flow-based Inspection. SIPS is implemented by a finite state machine to inspect all coming email flows. It is according to the media type of email flow and their characteristics. On the test of a real email environment, our approach can prevent attacks on SMTP attack (mail bomb) average about 95.4% and spam average about 91.1%.
Priyadarsi Nanda - One of the best experts on this subject based on the ideXlab platform.
-
border gateway Protocol Anomaly Detection using failure quality control method
Trust Security And Privacy In Computing And Communications, 2012Co-Authors: Muhammad Mujtaba, Priyadarsi NandaAbstract:Border Gateway Protocol (BGP) is the de-facto inter-domain routing Protocol used across thousands of Autonomous Systems (AS) joined together in the Internet. Security has been a major issue for BGP. Nevertheless, BGP suffers from serious threats even today, like Denial of Service (DoS) attack and misconfiguration of routing information. BGP is one of the complex routing Protocols and hard to configure against malicious attacks. However, it is important to detect such malicious activities in a network, which could otherwise cause problems for availability of services in the Internet. In this paper we use the Failure Quality Control (FQC), a technique to detect Anomaly packets in the network for real time intrusion Detection.
-
TrustCom - Border Gateway Protocol Anomaly Detection Using Failure Quality Control Method
2012 IEEE 11th International Conference on Trust Security and Privacy in Computing and Communications, 2012Co-Authors: Muhammad Mujtaba, Priyadarsi NandaAbstract:Border Gateway Protocol (BGP) is the de-facto inter-domain routing Protocol used across thousands of Autonomous Systems (AS) joined together in the Internet. Security has been a major issue for BGP. Nevertheless, BGP suffers from serious threats even today, like Denial of Service (DoS) attack and misconfiguration of routing information. BGP is one of the complex routing Protocols and hard to configure against malicious attacks. However, it is important to detect such malicious activities in a network, which could otherwise cause problems for availability of services in the Internet. In this paper we use the Failure Quality Control (FQC), a technique to detect Anomaly packets in the network for real time intrusion Detection.
Hadi Zamani Sabzi - One of the best experts on this subject based on the ideXlab platform.
-
Border Gateway Protocol Anomaly Detection Using Neural Network
2019 IEEE International Conference on Big Data (Big Data), 2019Co-Authors: Mohsen Karimi, Ali Jahanshahi, Abbas Mazloumi, Hadi Zamani SabziAbstract:Having reliable and stable connectivity to the Internet dramatically depends on how Border Gateway Protocol (BGP) can avoid bad-behaviour events by detecting them on time. Despite a lot of efforts have gone into detecting BGP anomalies during the last decade, it is still a challenging issue due to emerging new abnormal behaviours both from the attackers and network misconfigurations. In this work, we propose a Neural Network classifier to detect the abnormal BGP events caused by worm attacks in the network. The results show that our method outperforms the previous work in both generality and accuracy.
-
BigData - Border Gateway Protocol Anomaly Detection Using Neural Network
2019 IEEE International Conference on Big Data (Big Data), 2019Co-Authors: Mohsen Karimi, Ali Jahanshahi, Abbas Mazloumi, Hadi Zamani SabziAbstract:Having reliable and stable connectivity to the Internet dramatically depends on how Border Gateway Protocol (BGP) can avoid bad-behaviour events by detecting them on time. Despite a lot of efforts have gone into detecting BGP anomalies during the last decade, it is still a challenging issue due to emerging new abnormal behaviours both from the attackers and network misconfigurations. In this work, we propose a Neural Network classifier to detect the abnormal BGP events caused by worm attacks in the network. The results show that our method outperforms the previous work in both generality and accuracy.