• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.1C
• /
• pp.107-115
• /
• 2005

ATC (Abnormal traffic controller) is presented as next generation security technology to securely support reliable Internet service and to guarantee network survivability, which is deployed in Internet access point. The key concept of the ATC is abnormal traffic monitoring and traffic control technology. When fault factors exist continuously and/or are repeated, abnormal traffic control guarantees service completeness as much as possible. The ATC with control policy on abnormal traffic is superior to the ATC with blocking policy as well as conventional network node, when the ratio of effective traffic to abnormal traffic is higher than $30{\%}.$ When traffic intended unknown attack occurs, network IDS is high false positive probability and so is limited to apply. In this environment, the ATC can be a key player to help the network node such as router to control abnormal traffic.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.18 no.5
• /
• pp.679-684
• /
• 2008

The slow port scan attack detection is the one of the important topics in the network security. We suggest an abnormal traffic control framework to detect slow port scan attacks using fuzzy rules. The abnormal traffic control framework acts as an intrusion prevention system to suspicious network traffic. It manages traffic with a stepwise policy: first decreasing network bandwidth and then discarding traffic. In this paper, we show that our abnormal traffic control framework effectively detects slow port scan attacks traffic using fuzzy rules and a stepwise policy.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.4C
• /
• pp.296-304
• /
• 2005

ATCoP(Abnormal traffic controller based on prediction) is presented to securely support reliable Internet service and to guarantee network survivability, which is deployed in Internet access point. ATCoP is a method to control abnormal traffic that is entering into the network When unknown attack generates excessive traffic, service survivability is guaranteed by giving the priority to normal traffic than abnormal traffic, that is reserving some channels for normal traffic. If the reserved channel number increases, abnormal traffic has lower quality service by ATCoP system and then its service survivability becomes worse. As an analytic result, the proposed scheme maintains the blocking probability of normal traffic on the predefined level in the specific interval of input traffic.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.2
• /
• pp.313-329
• /
• 2011

To provide a seamless network to customers, Internet service providers must promptly detect and control abnormal traffic. One approach is to shorten the traffic information measurement cycle. However, performance degradation is inevitable if traffic measurement servers merely shorten the cycle and measure all traffic. This paper presents a software architecture that can measure traffic more frequently without degrading performance by estimating the level of abnormal traffic. The algorithm in the architecture estimates the values of the interface group objects in MIB by using the IP group objects thereby reducing the number of measurements and the size of measured data. We evaluated this architecture on part of Internet service provider's IP network. When the traffic was measured 5 times more than before, the CPU usage and TPS of the proposed scheme was 7% and 41% less than that of the original scheme while the false positive rate and false negative rate were 3.2% and 2.7% respectively.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.17 no.3
• /
• pp.32-39
• /
• 2009

Due to the lack of navigable airspace caused by worldwide air traffic increases, air traffic control(ATC) services are becoming more complex, which results in the increase of aircraft accidents. To cope with these challenges, major aviation institutes abroad are actively conducting research regarding the human factors affecting controllers but as of late, no such specialized activities have been found in Korea. Due to the dynamic attributes of ATC operations, management of controller's situation awareness(SA) and workload, and knowledge on the impact of abnormal aircraft to controllers are very important. Furthermore, using actual flight data of each country will lead to valuable results, because individually, it has different airspace characteristics and air traffic volumes. This study assumed that air traffic difficulties would affect the controller's SA and workload. To testify the above hypothesis, the abnormal air traffic situations are simulated by using ATC simulator. The findings indicated that the effect of traffic situations containing abnormal aircraft on the controller's SA and workload, it led to demand increase and supply decrease in SA, and increased mental demand, temporal demand, effort and mean workload score in the workload.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.84-92
• /
• 2006

To defeat abnormal traffic driven by DoS (Denial-of-Service) or DDoS (Distributed DoS), there has been a variety of researches or studies in a few decades. In this paper, we present the results of theoretical performance analysis between attack prevention schemes and attack mitigation schemes. The former is a scheme that prevents abnormal incoming traffic from forwarding into a specific network based on filtering rules, and the latter is a scheme that makes some perimeter or intermediate routers, which exist on the traffic forwarding path, prevent abnormal traffic based on their own abnormal traffic information, or that mitigates abnormal traffic by using quality-of-service mechanisms at the gateway of the target network. The aspects of theoretical performance analysis are defined as the transit rates of either normal traffic or false-positive traffic after an attack detection routine processes its job, and we also present the concrete network bandwidth rates to control incoming traffic.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1568-1570
• /
• 2005

The internet is already a part of life. It is very convenient and people can do almost everything with internet that should be done in real life. Along with the increase of the number of internet user, various network attacks through the internet have been increased as well. Also, Large-scale network attacks are a cause great concern for the computer security communication. These network attack becomes biggest threat could be down utility of network availability. Most of the techniques to detect and analyze abnormal traffic are statistic technique using mathematical modeling. It is difficult accurately to analyze abnormal traffic attack using mathematical modeling, but network simulation technique is possible to analyze and simulate under various network simulation environment with attack scenarios. This paper performs modeling and simulation under virtual network environment including $NGSS^{1}$ system to analyze abnormal traffic-flooding attack.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.364-367
• /
• 2008

Many different types of network equipments are deployed in a large-scale IP network. In this operating environment, network service providers suffer from difficulty in controlling various equipments simultaneously in case network faults happen in their overall or regional network due to physical link failure or abnormal traffic. This paper presents a policy-based methodology to control many different types of network equipments at the same time in abnormal cases. The key idea is that NMS(Network Management System) keeps vendor-neutral control policies in normal times and that when an abnormal case occurs in network, NMS transforms the selected policy into vendor-specific control commands and enforces them to various equipments simultaneously.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.7
• /
• pp.1831-1853
• /
• 2012

By sending periodically short bursts of traffic to reduce legit transmission control protocol (TCP) traffic, the low-rate denial of service (LDoS) attacks are hard to be detected and may endanger covertly a network for a long period. Traditionally, LDoS detecting methods mainly concentrate on the attack stream with feature matching, and only a limited number of attack patterns can be detected off-line with high cost. Recent researches divert focus from the attack stream to the traffic anomalies induced by LDoS attacks, which can detect more kinds of attacks with higher efficiency. However, the limited number of abnormal characteristics and the inadequacy of judgment rules may cause wrong decision in some particular situations. In this paper, we address the problem of detecting LDoS attacks and present a scheme based on the fluctuant features of legit TCP and acknowledgment (ACK) traffic. In the scheme, we define judgment criteria which used to identify LDoS attacks in real time at an optimal detection cost. We evaluate the performance of our strategy in real-world network topologies. Simulations results clearly demonstrate the superiority of the method proposed in detecting LDoS attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.4
• /
• pp.69-76
• /
• 2009

The construction of Internet IP-based Network is composed of router and switch models in a variety of companies. The construction by various models causes the complexity of the management and control as different types of CLI is used by different company to filter out abnormal traffics like worm, virus, and DDoS. To improve this situation, IETF is working on enacting XML based configuration standards from NETCONF working group, but currently few commands processing at the level of operation layer on NETCONF are only standardized and it's hard for unified control operation process between different make of system as different company has different XML command to filter out abnormal traffics. This thesis proposes ways to prevent abnormal attacks and increase efficiency of network by re-routing the abnormal traffics coming thru unified control for different make of systems into Sinkhole router and designing a control system to efficiently prevent various attacks after checking the possibility of including abnormal traffics from unified control operation.