• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.17-24
• /
• 2016

Many companies and organizations are building a mobile office environment using the LTE network, the national disaster network and Air Force LTE network are built for public safety and national defense. However the recent threats on information security have been evolving from information leakage to DDoS attacks to neutralize the service. Especially, the type of device such as Smart phones, smart pad, tablet PC, and the numbers are growing exponentially and As performance of mobile device and speed of line develop rapidly, DDoS attacks in the mobile environment is becoming a threat. So far, universal countermeasure to DDoS attacks has been interception the network and server step, Yet problem regarding DDoS attack traffic on mobile network and expenditure of network resources still remains. Therefore, this paper analyzes the traffic type distributed in the private mobile network such as the National Disaster Network, and Air Force LTE network in order to preemptively detect DDoS attacks on terminal step. However, as direct analysis on traffic distributed in the National Disaster Network, and Air Force LTE network is restricted, transmission traffics in Minecraft and uploading video file upload which exhibit similar traffic information are analyzed in time series, thereby verifing its effectiveness through establishment of DDoS attacks standard in mobile network and application that detects and protects DDoS attacks

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.3B
• /
• pp.152-158
• /
• 2008

Recently, DDoS (Distributed Denial of Service) attack has emerged as one of the major threats and it's main characteristic is to send flood of data packets toward a specific victim. Thus, several attack detection schemes which monitor the destination IP address of packets have been suggested. The existing Bloom Filter based attack detection scheme is simple and can support real-time monitoring. However, since this scheme monitors the separate fields of destination IP address independently, wrong detection is comparatively high. In this paper, in order to solve this drawback, an efficient Bloom Filter based destination address monitoring scheme is proposed, which monitors not only separate fields but also relationship among separate fields. In the results of simulation, the proposed monitoring scheme outperforms the existing Bloom Filter based detection scheme. Also, to improve the correctness of detection, multi-layerd structure is proposed and the correctness of result is improved according to the number of layers and extra tables.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.12
• /
• pp.2555-2562
• /
• 2009

The algorithm that is proposed in this paper defined a probability function to count connection process and connection-end process to apply TRW algorithm to voice network. Set threshold to evaluate the algorithm that is proposed, Based on the type of connection attack traffic changing the probability to measure the effectiveness of the algorithm, and Attack packets based on the speed of attack detection time was measured. At the result of evaluation, proposed algorithm shows that DDoS attack starts at 10 packets per a second and it detects the attack after 1.2 seconds from the start. Moreover, it shows that the algorithm detects the attack in 0.5 second if the packets were 20 per a second.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.73-79
• /
• 2023

Cyber threats are evolving and becoming more sophisticated with the development of new technologies, and consequently the number of service failures caused by DDoS attacks are continually increasing. Recently, DDoS attacks have numerous types of service failures by applying a large amount of traffic to the domain address of a specific service or server. In this paper, after generating the data of the Syn Flooding attack, which is the representative attack type of bandwidth exhaustion attack, the data were compared and analyzed using Random Forest, Decision Tree, Multi-Layer Perceptron, and KNN algorithms for the effective detection of attacks, and the optimal algorithm was derived. Based on this result, it will be useful to use as a technique for the detection policy of Syn Flooding attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1215-1224
• /
• 2014

Various research was done to protect user's private data from malicious application which expose user's private data and abuse exposed data. However, a new type of malicious application were appeared. And these malicious applications use a smart phone as a new tools to perform secondary attack. Therefore, in this paper, we propose a method to detect the DDoS attack application installed inside the mobile device using the Android logging system.

• KEPCO Journal on Electric Power and Energy
• /
• v.1 no.1
• /
• pp.55-59
• /
• 2015

Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.39-52
• /
• 2011

An application-layer attack can effectively achieve its objective with a small amount of traffic, and detection is difficult because the traffic type is very similar to that of legitimate users. We have discovered a unique characteristic that is produced by a difference in client intention: Both a legitimate user and DDoS attacker establish a session through a 3-way handshake over the TCP/IP layer. After a connection is established, they request at least one HTTP service by a Get request packet. The legitimate HTTP user waits for the server's response. However, an attacker tries to terminate the existing session right after the Get request. These different actions can be interpreted as a difference in client intention. In this paper, we propose a detection algorithm for application layer DDoS attacks based on this difference. The proposed algorithm was simulated using traffic dump files that were taken from normal user networks and Botnet-based attack tools. The test results showed that the algorithm can detect an HTTP-Get flooding attack with almost zero false alarms.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.8
• /
• pp.5256-5262
• /
• 2014

Recently, Distributed Denial of Service (DDoS) attacks, such as spreading malicious code, cyber-terrorism, have occurred in government agencies, the press and the financial sector. DDoS attacks are the simplest Internet-based infringement attacks techniques that have fatal consequences. DDoS attacks have caused bandwidth consumption at the network layer. These attacks are difficult to detect defend against because the attack packets are not significantly different from normal traffic. Abnormal traffic is threatening the stability of the network. Therefore, the abnormal traffic by generating indications will need to be detected in advance. This study examined the abnormal traffic detection technique using a forecasting model-based trend model.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.9
• /
• pp.55-66
• /
• 2009

In this paper, I will discuss how the Internet has spread rapidly in our lives. Large portals and social networks experience service attacks that access personal customers' databases. This interferes with normal service through DDoS (Distribute Denial of Service Attack), which is the topic I want to discuss. Among the types of DDoS, TCP SYN Flooding attacks are rarely found because they use few traffics and its attacking type is regular transaction. The purpose of this study is to find and suggest the method for accurate detection of the attacks. Through the analysis of TCP SYN Flooding attacks, we find that these attacks cause Backscatter effect. This study is about the algorithm which detects the attacks of TCP SYN Flooding by the study of Backscatter effect.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.652-654
• /
• 2021

Attacks such as DDoS are detected by the intrusion detection system and can be prevented early. DDoS attack traffic was analyzed using the decision tree. Deterministic features with high importance were found, and the accuracy was verified by proceeding the decision tree for only those properties. And the contents of false positive and false negative traffic were analyzed. As a result, the accuracy of one attribute was 98% and the two attributes were 99.8%, respectively.