last update: March 18th 2006
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Research @ NSL
last update: March 18th 2006
Neeta Jain
CISC Graduate student, University of Delaware
RESEARCH INTEREST
My research interests largely lie in network security. My interest was piqued during the CISC 659 course which I took with Prof. Jelena Mirkovic in Spring 2005.
I implemented the following course projects:
- Implemented a symmetric block cipher encryption and decryption algorithm
- Intrusion prevention by scanning an experimental network set in Emulab, discovering internal configuration and vulnerabilities and then developing rules to protect the network
- Wrote a DOS tool and tested on a network topology on Emulab and analyzed the performance of the network under varying strengths of DOS attacks
Motivated by the above, I joined the NSL lab at the University of Delaware and have been advised by Prof. Jelena Mirkovic in my independent study.
I have been learning and attempting to add new dimensions to the following projects:
DefCOM
DefCOM is a distributed system for DDoS defense. In this system, the nodes span source, victim and core networks and cooperate via an overlay to detect and stop attacks. DefCOM overlay network facilitates communication between nodes and is maintained at all times, regardless of the presence of attacks. When a new defense node decides to join DefCOM, it has to learn the addresses of several DefCOM nodes. Once established, peering relationships may change over time; a node can acquire new peers and lose the old ones based on the flow of traffic and the node’s interest. My work has mainly been in making this peer overlay dynamic by creating and updating peerlists periodically based on traffic flows.
HONEYNET
In this project, I am working on the data capture aspect of honeynets which implies capturing all of the attacker's activity, without the attacker knowing it. It is this captured data that is then analyzed to learn the tools, tactics, and motives of members of the blackhat community. I have added the functionality of building a port table, which contains a list of live IPs and the associated port numbers from the honeynet. Thus, based on the replies sent from the subnet, we can monitor the machines which seem to have been compromised.
