• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.411-417
• /
• 2016

Since the development of Graphic Processing Unit (GPU) in 1999, the development speed of GPUs has become much faster than that of CPUs and currently, the computational power of GPUs exceeds CPUs dozens and hundreds times in terms of decimal calculations and costs much less. Owing to recent technological development of hardwares, general-purpose computing and utilization using GPUs are on the rise. Thus, in this paper, we have identified the elements to be considered for the Smart Grid Security. Focusing on a Performance Improvement of the Basic Algorithm for the Stateful Inspection to Detect DDoS Attacks using CUDA. In the program, we compared the search speeds of GPU against CPU while they search for the suffix trees. For the computation, the system constraints and specifications were made identical during the experiment. We were able to understand from the results of the experiment that the problem-solving capability improves when GPU is used. The other finding was that performance of the system had been enhanced when shared memory was used explicitly instead of a global memory as the volume of data became larger.

• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.862-865
• /
• 2011

지난 3 월 3 일 발생한 분산서비스 거부 공격의 경우 보안 패치 업데이트를 방해하는 현상이 신고되어 공격 시작 전에 악성코드가 분석됨으로 초동 대응이 가능하였다. 하지만 일반적인 분산서비스 거부 공격은 이러한 초동 분석이 불가능한 경우가 대부분이다. 따라서 네트워크에서 공격 트래픽을 효과적으로 탐지 차단하는 DDoS 탐지 엔진이 필요하다. 또한 빠른 트래픽 증가로 인하여 10Gbps Ethernet 사용이 일반화 되고 있고, 이미 수 백 Gbps 의 공격 트래픽이 수시로 발생하고 있다. 본 논문에서는 선로 속도 10Gbps 성능의 분산서비스거부 공격 탐지 칩 셋의 구현에 대해 기술한다. 칩 구현을 위한 고려 사항, 엔진 구조, 하드웨어 합성 결과 및 시스템에 장착된 칩의 성능에 대하여 소개하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.459-469
• /
• 2023

The number of IoT devices is explosively increasing due to the development of embedded equipment and computer networks. As a result, cyber threats to IoT are increasing, and currently, malicious codes are being distributed and infected to IoT devices and exploited for DDoS. Currently, IoT devices that are the target of such an attack have various installation environments and have limited resources. In addition, IoT devices have a characteristic that once set up, the owner does not care about management. Because of this, IoT devices are becoming a blind spot for management that is easily infected with malicious codes. Because of these difficulties, the threat of malicious codes always exists in IoT devices, and when they are infected, responses are not properly made. In this paper, we will design an malware detection system for IoT in consideration of the characteristics of the IoT environment and present detection rules suitable for use in the system. Using this system, it will be possible to construct an IoT malware detection system inexpensively and efficiently without changing the structure of IoT devices that are already installed and exposed to cyber threats.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.449-455
• /
• 2021

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.5
• /
• pp.1726-1743
• /
• 2014

DDoS (Distributed Denial of Service) has been a continuous threat to the cyber world with the growth in cyber technology. This technical evolution has given rise to a number of ultra-sophisticated ways for the attackers to perform their DDoS attack. In general, the attackers who generate the denial of service, use the vulnerabilities of the TCP. Some of the vulnerabilities like SYN (synchronization) flooding, and IP spoofing are used by the attacker to create these Distributed Reflected Denial of Service (DrDoS) attacks. An attacker, with the assistance of IP spoofing creates a number of attack packets, which reflects the flooded packets to an attacker's intended victim system, known as the primary target. The proposed scheme, Efficient Spoofed Flooding Defense (ESFD) provides two level checks which, consist of probing and non-repudiation, before allocating a service to the clients. The probing is used to determine the availability of the requested client. Non-repudiation is taken care of by the timestamp enabled in the packet, which is our major contribution. The real time experimental results showed the efficiency of our proposed ESFD scheme, by increasing the performance of the CPU up to 40%, the memory up to 52% and the network bandwidth up to 67%. This proves the fact that the proposed ESFD scheme is fast and efficient, negating the impact on the network, victim and primary target.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.217-224
• /
• 2008

EThis paper is study regarding banking institution and DoS attack regarding government organization which occurred in 2008. We used a tool aggressive actual DoS You install the N-IDS which used Snort in networks in order to detect a DoS attack. Storages of Winpcap and a packet to detect a packet and MySQL, HSC, to analyze. We install NET Framework etc. E-Watch etc. analyzes Packet regarding a DoS attack of a hacker and TCP, UDP etc. information, Port, MAC and IP information etc. through packet analysis tools. There is a meaning you analyze data regarding the cyber DoS, DDoS attack that is dysfunction of Ubiquitous Information Society, and it generates forensics data regarding an invader and back-tracking analysis data, and to ensure safe Internet information system through this paper study.

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.339-350
• /
• 2010

Despite lots of efforts to obtain an accurate picture of structure at the level of individual ASes, there is a few application works using the AS-level Internet topology. In this paper, we show that the power-law fits the number of down-stream customer ASes very well and also present the distributions of AS links with the "public view" from UCLA IRL laboratory. Moreover, we obtain the distributions of source-destination pairs of routing hops for two sites in Korea and the United States, and then we propose a new method to decide the randomness of Internet traffic using the obtained distributions and the BGP valley-free routing policy. The randomness of traffic must be a portent of outbreak of the distributed denial-of-service attacks.

• Annual Conference of KIPS
• /
• 2008.05a
• /
• pp.935-938
• /
• 2008

DoS/DDoS 공격과 웜 공격으로 대표되는 트래픽 폭주 공격은 그 특성상 사전 차단이 어렵기 때문에 빠르고 정확한 탐지는 공격 탐지 시스템이 갖추어야 할 필수요건이다. 기존의 SNMP MIB 기반 트래픽 폭주공격 탐지 방법은 1 분 이상의 탐지 시간을 요구하였다. 본 논문은 SNMP MIB 객체의 상관 관계를 이용한 빠른 트래픽 폭주 공격 탐지 알고리즘을 제안한다. 또한 빠른 탐지 시간으로 발생되는 시스템의 부하와 탐지 트래픽을 최소화하는 방안도 함께 제시한다. 공격 탐지 방법은 3 단계로 구성되는데, 1 단계에서는 MIB 정보의 갱신주기를 바탕으로 탐지 시점을 결정하고, 2 단계에서는 MIB 정보간의 상관 관계를 이용하여 공격의 징후를 판단하고, 3 단계에서는 프로토콜 별 상세 분석을 통하여 공격 탐지뿐만 아니라 공격 유형까지 판단한다. 따라서 빠르고 정확하게 공격을 탐지할 수 있고, 공격 유형을 분류해 낼 수 있어 신속한 대처가 가능해 질 수있다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06a
• /
• pp.124-127
• /
• 2008

DoS/DDoS로 대표되는 트래픽 폭주 공격은 대상 시스템뿐만 아니라 네트워크 대역폭, 프로세서 처리능력, 시스템 자원 등에 악영향을 줌으로써 네트워크에 심각한 장애를 유발할 수 있다. 따라서 신속한 트래픽 폭주 공격의 탐지는 안정적인 서비스 제공 및 시스템 운영에 필수요건이다. 전통적인 패킷 수집을 통한 DoS/DDoS의 탐지방법은 공격에 대한 상세한 분석은 가능하나 설치의 확장성 부족, 고가의 고성능 분석시스템의 요구, 신속한 탐지를 보장하지 못한다는 문제점을 갖고 있다. 본 논문에서는 15초 단위의 SNMP MIB 객체 정보를 바탕으로 SVDD(support vector data description)를 이용하여 보다 빠르고 정확한 침입탐지와 쉬운 확장성, 저비용탐지 및 정확한 공격유형별 분류를 가능케 하는 새로운 시스템을 설계 및 구현하였다. 실험을 통하여 만족스러운 침입 탐지율과 안전한 false negative rate, 공격유형별 분류율 수치 등을 확인함으로써 제안된 시스템의 성능을 검증하였다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.10
• /
• pp.6310-6316
• /
• 2014

The increase in the Internet and smart device users requires high-level network security. Network security consists of Web Firewall, Network Firewall, IPS, DDoS system, UTM (Unified Treat Management), VPN, NAC (Network Access Control), Wireless security, Mobile security, and Virtualization. Most network security solutions running on IPv4, and IPv6 network services are not sufficiently ready. Therefore, in this paper, this study designed and implemented important functions of Network Access Control (NAC), which include IPv6 host detection, isolation, blocking and domain assignment for the IPv6 network. In particular, domain assignment function makes 128 bits IPv6 address management easy. This system was implemented on a KISA IPv6 test-bed using well known devices. Finally, the test result showed that all IPv6 based wired and wireless devices were well-controlled (detection, blocking, isolation and domain assignment).