• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.565-567
• /
• 2002

DDOS공격은 최근 인터넷 환경에서 큰 위험요소로 부각되고 있다. 하지만, DDOS공격을 완벽하게 막아내는 것은 현재까지 알려진 방법으로는 거의 불가능하다. 그 이유는DDOS 공격이 Vulnerability Exploit을 이용한 공격방법이 아니라 Network Resource를 고갈시켜서 공격대상 호스트의 서비스를 차단하기 때문이다. 그래서, DDOS공격을 방어하기 위해서는 DDOS공격 트래픽에 대한 정확한 분석과 탐지가 선행되어야 한다. 본 논문을 통해서 여러 가지 DDOS공격 Traffic의 특징을 살펴보고, Web traffic과의 차이를 통해 DDOS traffic을 탐지하는 방법을 제안하고자 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.8C
• /
• pp.741-747
• /
• 2002

In this paper, we present a new form of DDOS attack and a mechanism to defend systems from it. Up to now the ultimate target of a DDOS attack is a specific host. But in the near future router attacks are expected to appear. Because these kinds of attacks may involve many hosts in the managed domain of a specific router, they will be still more serious than the current DDOS attacks. Also, we present an algorithm to defend against an attack on a router using survivability of the router. By using a survivability of a router, the router can control a quantity of traffic autonomously without an interruption of services even when a DDOS attack occurs.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.268-272
• /
• 2004

Recently most of hacking attack are either DDos attack or worm attack. However detection algorithms against those attacks are insufficient. In this paper, we propose a method which is able to detect attack traffic very efficiently by reducing traffic overhead. In this scheme, network traffics are collected using SNMP and classified. if they are identified as normal traffic, traffic analysis delay timer is started to reduce traffic overhead.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1143-1146
• /
• 2002

1999 년 이후 DDOS 공격에 대한 많은 연구가 이루어지고 있고, 지금까지 많은 대응 방안이 제안되었다. 그 중에서 공격이 이루어질 때 라우터의 최소생존성을 기본 가정으로 하고 라우터의 출력 대역폭를 조절하는 방법이 가장 적합한 방안으로 인식된다. 그러나 실제 희생자주위의 라우터들은 과도한 패킷량으로 인한 생존성을 보장 받기 힘들다. 또한 대역폭 제어만으로는 정상 패킷과 공격 패킷의 구분 없이 전체 트래픽량을 조절하기 때문에, 네트워크 노드들의 보호는 가능하지만, 많은 정상 패킷의 손실로 인한 정상 서비스는 불가능하게 된다. 이러한 문제점을 해결하기 위해서 이웃라우터 상호협력을 통한 공격경로의 묘사 방법과 대응 방법에 있어서 특정패킷집단을 정의하고 패턴 필터링을 통한 공격 패킷의 차단 방안을 제안한다.

• Journal of the Korea Convergence Society
• /
• v.3 no.4
• /
• pp.1-5
• /
• 2012

The fast-paced development in the field of U-Healthcare, which is available anytime and anywhere, is being underway in accordance with the development of IT technology. U-Healthcare technology has various security threats because it is based on network. The purpose of this paper is to examine the threats of DOS / DDOS attacks based on network attacks, and to propose the response technique that fit the situation of the U-Healthcare service by modifying the existing Detecting Early DOS / DDOS attacks through Packet Counting.

• Journal of Convergence Society for SMB
• /
• v.5 no.1
• /
• pp.19-23
• /
• 2015

Distributed Denial of Service attack is a form of denial of service attacks, the attacker to attack a place in a number of points of attack by a wide variety of forms over the network to perform a service on a point attack . Do not use a specific server or client attempts to make a connection to many services available that prevents this attack and so normally used . Corresponding methods of DDoS attacks has a corresponding managerial aspects and technical aspects of the proposed two.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.05a
• /
• pp.174-175
• /
• 2018

최근 ICT 기술이 발전함에 따라 많은 편리함과 경제적 등 이점이 증대함과 동시에 각종 침해사고, 관리 미숙 및 부주의로 생기는 손실 또한 증가하는 추세다. 또한 침해 대응 실무자의 역량강화를 위하여 실제 시스템에서 실습하기는 어렵다. 본 논문에서 사물인터넷 (IoT) 장비들을 봇넷으로 구성한 Mirai 공격 사례를 바탕으로 가상 시스템을 통해 공격 및 방어 훈련 시스템을 구현하였다.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.47-54
• /
• 2013

Ad-hoc network is composed of mobile nodes and has a vulnerability of attack like on conventional wire networks. So, many studies have been conducted to apply the traceback mechanism on wire network to Ad-hoc network. In this paper, a new mechanism that can trace back to IP source of spoofing DDoS packet using iTrace message on Ad-hoc network is proposed. The proposed mechanism implements ICMP Traceback message and the traceback path between agents allocated in local network and a server located in management network. Also the proposed mechanism can trace the position of attacker even after an attack is over and has extendability through standardization by using a mechanism that IETF proposed. Result of performance evaluation shows a great improvement in terms of load, integrity, safety, traceback function as compared with conventional mechanisms.

• Journal of Convergence for Information Technology
• /
• v.7 no.2
• /
• pp.1-9
• /
• 2017

Recently, the DDoS attack using the amplifier method makes it difficult to distinguish the normal traffic from the normal server and it is difficult to detect even the attack detection. Since the SSDP protocol is a common protocol widely used in IoT devices, it is used as a DDoS amplification attack. In this paper, we analyze the reflector attack of SSDP which is one of the DDoS and suggest a technical proposal to detect and defend against the attack by managing the Mac address of each device. Also, we propose a control structure to protect the reflection attack of SSDP in Home IoT. The efficiency of the proposed system has been verified by performing an experimental attack on the virtual environment.

• KNOM Review
• /
• v.22 no.3
• /
• pp.20-24
• /
• 2019

Blockchain is a distributed ledger-based technology where all nodes participating in the blockchain network are connected to the P2P network. When a transaction is created in the blockchain network, the transaction is propagated and validated by the blockchain nodes. The verified transaction is sent to peers connected to each node through P2P network, and the peers keep the transaction in the memory pool. Due to the nature of P2P networks, the number and type of transactions delivered by a blockchain node is different for each node. As a result, all nodes do not have the same memory pool. Research is needed to solve problems such as attack detection. In this paper, we analyze transactions in the memory pool before solving problems such as transaction fee manipulation, double payment problem, and DDos attack detection. Therefore, this study collects transactions stored in each node memory pool of Bitcoin and Ethereum, a cryptocurrency system based on blockchain technology, and analyzes how much common transactions they have using jacquard similarity.