Younghee Park

• Ph.D. in North Carolina State University
• Professor (Associate) at San Jose State University

Collaborative intrusion detection approach uses the shared detection signature between the collaborative participants to facilitate coordinated defense. In the context of collaborative intrusion detection system (CIDS), however, there is no research focusing on the efficiency of the shared detection signature. The inefficient detection signature co...

Performance prediction in wireless mobile networks is essential for diverse purposes in network management and operation. Particularly, the position of mobile devices is crucial to estimating the performance in the mobile communication setting. With its importance, this paper investigates mobile communication performance based on the coordinate inf...

Deep learning-based intrusion detection systems have advanced due to their technological innovations such as high accuracy, automation, and scalability, to develop an effective network intrusion detection system (NIDS). However, most of the previous research has focused on model generation through intensive analysis of feature engineering instead o...

The integration of Software-Defined Network (SDN) and Network Function Virtualization (NFV) is an innovative network architecture that abstracts lower-level functionalities through the separation of the control plane from the data plane and enhances the management of network behavior and network services in real time. It provides unprecedented prog...

Software-defined wide-area network (SD-WAN) is an emerging and advanced networking platform extending software-defined networking (SDN) across multiple networking domains. Because SD-WAN manages the data plane in the networking domains separated by the public Internet, SD-WAN provides a distinct environment and challenges from SDN, including greate...

An electronic voting system can enable greater democracy by allowing virtual and remote voting and facilitating greater participation. However, the e-voting systems have experienced allegations due to corruption and unfair practices including voter impersonation, fraud, or duplicate votes. This has caused a decline in transparency and faith in the...

Network intrusion detection systems (IDS) has efficiently identified the profiles of normal network activities, extracted intrusion patterns, and constructed generalized models to evaluate (un)known attacks using a wide range of machine learning approaches. In spite of the effectiveness of machine learning-based IDS, it has been still challenging t...

Collaborative intrusion detection system (CIDS) shares the critical detection-control information across the nodes for improved and coordinated defense. Software-defined network (SDN) introduces the controllers for the networking control, including for the networks spanning across multiple autonomous systems, and therefore provides a prime platform...

Blockchain-based cryptocurrency replaces centralized institutions with a distributed network of Internet-based miners to generate currency and process financial transactions. Such blockchain systems reach consensus using proof of work (PoW), and the miners participating in PoW join mining pools to reduce the variance for more stable reward income....

Energy is required for networking and computation and is a valuable resource for unplugged systems such as mobile, sensor, and embedded systems. Energy denial-of-service (DoS) attack where a remote attacker exhausts the victim’s battery via networking remains a critical challenge for the device availability. While prior literature proposes mitigati...

Software-Defined Networking (SDN) has been changing inflexible networks in software-based programmable networks for more flexibility, scalability, and visibility into networking. At the same time, it brings many new security challenges, but there are very few educational materials for students in learning about SDN security. In this workshop, we pr...

Moving target defense (MTD) is useful for thwarting network reconnaissance and preventing unauthorized access. While previous research in MTD focuses on protecting the endnodes, we leverage software-defined networking (SDN) to implement MTD on the data-plane switches, which significantly decreases the controller communication overhead and enables q...

In the neighbourhood-based collaborative filtering (CF) algorithms, a user similarity measure is used to find other users similar to an active user. Most of the existing user similarity measures rely on the co-rated items. However, there are not enough co-rated items in sparse dataset, which usually leads to poor prediction. In this article, a new...

A virtual firewall based on Network Function Virtualization (NFV) with Software Defined Networking (SDN) provides high scalability and flexibility for low-cost monitoring of legacy networks by dynamically deploying virtual network appliances rather than traditional hardware-based appliances. However, full utilization of virtual firewalls requires e...

Vehicular ad-hoc network (VANET) is the key component of intelligent transportation system (ITS) for various services like road safety and traffic efficiency. However, current VANET architectures provide less flexibility and scalability for vehicle-to-vehicle communication because of static underlying network infrastructure. Based on the software d...

Software-Defined Networking (SDN) represents a major shift from ossified hardware-based networks to programmable software-based networks. It introduces significant granularity, visibility, and flexibility into networking, but at the same time brings new security challenges. Although the research community is making progress in addressing both the o...

The importance to our society of emergency network communications cannot be underestimated. The loss of communication and network systems in a state of emergency denies victims of disaster and city emergency response teams critical information about the crisis. It is essential to restore communication systems and service in order to ensure continuo...

Energy is required for networking and computation and is a valuable resource for unplugged embedded systems. Energy DoS attack where a remote attacker exhausts the victim's battery by sending networking requests remains a critical challenge for the device availability. While prior literature proposes mitigation- and detection-based solutions, we pr...

Background Online consumer reviews have become a baseline for new consumers to try out a business or a new product. The reviews provide a quick look into the application and experience of the business/product and market it to new customers. However, some businesses or reviewers use these reviews to spread fake information about the business/product...

Traditional Intrusion Detection Systems (IDSes) are generally implemented on vendor proprietary appliances or middleboxes, which usually lack a general programming interface, and their versatility and flexibility are also very poor. Emerging Network Function Virtualization (NFV) technology can virtualize IDSes and elastically scale them to deal wit...

Network Function Virtualization (NFV) is a critical part of a new defense paradigm providing high flexibility at a lower cost through software-based virtual instances. Despite the promise of the NFV, the original Intrusion Detection System (IDS) designed for NFV still draws heavily on processing power and requires significant CPU resources. In this...

Consumers often rely on online reviews and opinions posted on social media to make a decision when they purchase products or services. This article addresses what are collectively referred to as opinion spam, which are opinions posted by fake reviewers who seek to promote or tear down target entities for financial gain. This has led industry and ac...

The main advantage of software defined networking (SDN) is that it allows intelligent control and management of networking though programmability in real time. It enables efficient utilization of network resources through traffic engineering, and offers potential attack defense methods when abnormalities arise. However, previous studies have only i...

Unmanned aerial vehicles (UAVs) are an emerging technology with the potential to revolutionize commercial industries and the public domain outside of the military. UAVs would be able to speed up rescue and recovery operations from natural disasters and can be used for autonomous delivery systems (e.g., Amazon Prime Air). An increase in the number o...

Recent findings have shown that network and system attacks in Software-Defined Networks (SDNs) have been caused by fallacious network applications who misuse APIs in an SDN controller. Such attacks can both crash the controller and change the internal data structure in the controllers, causing serious damage to the infrastructure of SDN-based netwo...

Recent findings have shown that network and system attacks in Software-Defined Networks (SDNs) have been caused by malicious network applications that misuse APIs in an SDN controller. Such attacks can both crash the controller and change the internal data structure in the controller, causing serious damage to the infrastructure of SDN-based networ...

To defend against network reconnaissance for unauthorized access of the packet forwarding path, we leverage software-defined networking (SDN) and build moving target defense (MTD) by randomizing network addresses. We distinguish our work from prior research by implementing MTD at the data plane and on all nodes along the forwarding path. Thus, our...

Software-defined networking (SDN) provides network operators a high level of flexibility and programm ability through the separation of the control plane from the data plane. When initiating traffic, users are required to install flow rules that direct the traffic routing. This process requires communication between control and data plane and resul...

Network Function Virtualization (NFV) together with cloud technology enables users to request creating flexible virtual networks (VNs). Users also have specific security requirements to protect their VNs. Especially, due to changeable network perimeters, constant VM migrations, and user-centric security needs, VNs require new security features that...

Data has been often offloaded to the cloud for high accessibility due to the advanced cloud infrastructure. However,we often ignore the safety of our data and completely rely on the cloud service provider. Data protection and encryption are the most important foundations in order to construct reliable and secure cloud environments. Recently, a lot...

Data has been often offloaded to the cloud for high accessibility due to the advanced cloud infrastructure. However, we often ignore the safety of our data and completely rely on the cloud service provider. Data protection and encryption are the most important foundations in order to construct reliable and secure cloud environments. Recently, a lot...

User data on mobile devices are always transferred into Cloud for flexible and location-independent access to services and resources. The issues of data security and privacy data have been often reverted to contractual partners and trusted third parties. As a matter of fact, to project data, data encryption and user authentication are fundamental r...

Advanced Metering Infrastructure (AMI) has evolved to measure and control energy usage in communicating through metering devices. However, the development of the AMI network brings with it security issues, including the increasingly serious risk of malware in the new emerging network. Malware is often embedded in the data payloads of legitimate met...

Detection of malicious software (malware) continues to be a problem as hackers devise new ways to evade available methods. The proliferation of malware and malware variants requires new advanced methods to detect them. This paper proposes a method to construct a common behavioral graph representing the execution behavior of a family of malware inst...

Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with r...

Metamorphic malware changes its internal structure on each infection while maintaining its function. Although many detection techniques have been proposed, practical and effective metamorphic detection remains a difficult challenge. In this paper, we analyze a previously proposed eigenvector-based method for metamorphic detection. The approach cons...

Decoy technology and the use of deception are useful in securing critical computing systems by confounding and confusing adver-saries with fake information. Deception leverages uncertainty forc-ing adversaries to expend considerable effort to differentiate real-istic useful information from purposely planted false information. In this paper, we pro...

Tracing interactive attack traffic that traverses stepping stones (i.e., intermediate hosts) is challenging, as the packet headers, lengths, and contents can all be changed by the stepping stones. The traffic timing (delays between packets) has therefore been studied as a means of tracing traffic. One such technique uses traffic timing as a side ch...

Malicious software (malware) is a serious problem in the Internet. Malware classification is useful for detection and analysis of new threats for which signatures are not available, or possible (due to polymorphism). This paper proposes a new malware classification method based on maximal common subgraph detection. A behavior graph is obtained by c...

Botnets pose serious threats to the Internet. In spite of substantial efforts to address the issue, botnets are dramatically spreading. Bots in a botnet execute commands under the control of the botnet owner or controller. A first step in protecting against botnets is identification of their presence, and activities. In this paper, we propose a met...

Tracing interactive traffic that traverses stepping stones (i.e., intermediate hosts) is challenging, as the packet headers, lengths, and contents can all be changed by the stepping stones. The traffic timing has therefore been studied as a means of tracing traffic. One such technique uses traffic timing as a side channel into which a watermark, or...