• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1496-1499
• /
• 2008

DoS/DDoS로 대표되는 트래픽 폭주 공격은 대상 시스템뿐만 아니라 네트워크 대역폭 및 시스템 자원 등을 고갈시킴으로써 네트워크에 심각한 장애를 유발하기 때문에, 신속한 공격 탐지와 공격유형별 분류는 안정적인 서비스 제공 및 시스템 운영에 필수요건이다. 본 논문에서는 1) 데이터마이닝의 대표적인 분류 모델인 C4.5 알고리즘을 기반으로 SNMP MIB 정보를 사용하여 트래픽 폭주공격을 탐지하고 각 공격유형별 분류를 수행하는 시스템을 설계 및 구현하였다; 2) C4.5에서 추가적으로 제공하는 동작원리에 관한 규칙들을 상세히 분석함으로써 공격탐지 및 공격유형별 분류에 관한 시스템의 의미론적 해석을 시도하였다; 3) C4.5는 주어진 SNMP MIB의 속성들의 정보이익 값을 이용하여 예측모형을 구축하는 알고리즘으로, 특징선택 및 축소의 효과를 추가적으로 얻었다. 따라서 시스템의 운용 시, 제안된 모델은 전체 13개의 MIB 정보 중 5개의 MIB 정보만을 사용하여 보다 신속하고, 정확하며, 또한 가벼운 공격탐지 및 공격유형별 분류를 수행함으로써 네트워크 시스템의 자원관리와 효율적인 시스템 운영에 기여하였다.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.115-121
• /
• 2005

In the present internet environment, various traffic flooding attacks and worm attacks cause economical loss. If IPv4 is substituted by IPv6 because of the lack of IP address, it will be more serious. Therefore, we design and implement the traffic analysis tool which can detect attacks by expecting them encountered in the IPv6 environment. Proposed tool is composed of packet generation module, packet gathering module, discrimination module, and display module in X-windows. As a simulation result, it is proved that it can effectively detect DAD-NA message attack, TCP SYN flooding attack, UDP flooding attack and ICMP flooding attack in the IPv6 environment.

• Journal of the Korea Society of Computer and Information
• /
• v.7 no.3
• /
• pp.143-148
• /
• 2002

Congestion may take place in the ATM network because of high-speed cell transmission features, and cell delay and loss also can be caused by unexpected traffic variation. Thus, traffic control mechanisms are needed. One of them to decrease congestion is the Cell shaping. This paper proposes a hybrid type cell shaper composed of a Leaky Bucket with token pool, Tn with time window, and a spacing control buffer. The simulator BONeS with the ON/OFF traffic source model evaluates the performance of the proposed cell shaping method. Simulation results show that the cell shaping concerning the respective source traffics is adapted to and then controlled on the mean bit rate.

• The Journal of the Korea Contents Association
• /
• v.4 no.4
• /
• pp.33-43
• /
• 2004

In this paper, a traffic trend analysis based SNMP algorithm is proposed for improving the problem of existing traffic analysis using SNMP. The existing traffic analysis method has a vulnerability that is taken much time In analyzing by using a threshold and not detected a harmful traffic at the point of transition. The method that is proposed in this paper can solve the problems that the existing method had, simultaneously using traffic trend analysis of the day, traffic trend analysis happening in each protocol and MIB object analysis responding to attacks instead of using the threshold. The algorithm proposed in this paper will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks. When traffic happens, it can detect the abnormality through the three analysis methods previously mentioned. After that, if abnormal traffic overlaps in at least two of the three methods, we can consider it as harmful traffic. The proposed algorithm will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.1
• /
• pp.45-50
• /
• 2001

Congestion may take place in the ATM network because of high-speed cell transmission features, and cell delay and loss also can be caused by unexpected traffic variation. Thus. traffic control mechanisms are needed. One of them to decrease congestion is the cell shaping. This paper proposes a hybrid type cell shaper composed of a Leaky Bucket with token pool, EWMA with time window, and a spacing control buffer. The simulator BONeS with the ON/OFF traffic source model evaluates the performance of the proposed cell shaping method. Simulation results show that the cell shaping concerning the respective source traffics is adapted to and then controlled on the mean bit rate.

• Information and Communications Magazine
• /
• v.11 no.9
• /
• pp.108-120
• /
• 1994

• Review of Korean Society for Internet Information
• /
• v.5 no.1
• /
• pp.28-36
• /
• 2004

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.13-20
• /
• 2009

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

• Journal of the Institute of Convergence Signal Processing
• /
• v.8 no.1
• /
• pp.39-43
• /
• 2007

In high speed communication networks, the determination of a transmission rate is critical for the stability of a closed-loop network system with the congestion control scheme. In ATM networks, the available bit rate (ABR) service is based on a feedback mechanism, i.e., the network status is transferred to the ABR source by a resource management (RM) cell. RM cells contain the traffic information of the downstream nodes for the traffic rate control. However, the traffic status of the downstream nodes can not be directly transferred to the source node in the IP based networks. In this paper, a new rate-based congestion control scheme using an exponential weighted moving average algorithm is proposed to build an efficient feedback control law for congestion avoidance in high speed communication networks. The proposed congestion control scheme assures the stability of switch buffers and higher link utilization of the network. Moreover, we note that the proposed congestion scheme can flexibly work along with the increasing number of input sources in the network, which results in an improved scalability.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10c
• /
• pp.360-362
• /
• 2000

동적 메트릭을 사용하는 단일 경로 라우팅 방식이 폭주에 대처하는 방법은 폭주 영역을 피해갈 수 있도록 경로를 바꾸어주는 것이다. 그러나, 이러한 라우트 변경은 라우팅 진동을 야기할 수 있고, 폭주에 대응하여 실제적으로 네트워크 상에 존재하는 다중의 경로들을 모두 동시에 이용할 수 없다는 한계점이 있다. 이에 본 논문에서는 라우팅 오버헤드 측면에서 매우 효율적이면서, 라우팅 성능을 높일 수 있는 동적 로드 밸런싱을 수행하는 다중 경로 라우팅 방식인 MP-DLB를 제안하였다. MP-DLB 방식은 hot 목적지에 대해서만 다중 경로를 설정하고, 이들 다중 경로에 대해서만 동적 로드 밸런싱을 수행한다. 제안하는 MP-DLB 방식의 성능을 검토하기 위하여 시뮬레이션을 실험한 결과, MP-DLB는 hot 목적지를 향하여 임의의 라우터에 집중되고 있는 여러 소스로부터의 트래픽을 다중 경로를 이용해 분산 전송함으로써 효과적으로 폭주를 경감시키고 라우팅 성능을 높임을 볼 수 있었다.