• Proceedings of the KAIS Fall Conference
• /
• 2011.12b
• /
• pp.562-564
• /
• 2011

본 논문에서는 리눅스 운영체제를 기반으로 오픈 소스 침입탐지 시스템인 Snort 등울 LSM(Linux Security Module) 구조의 hooking 부분에 구현시켜 보안 관리자가 의도하는 포트 스캔, DDOS 공격, ARP/IP 위장, 서명 탐지 등이 가능하도록 시스템을 구현하는 방법을 제시하고자 한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.463-467
• /
• 2002

최근 인터넷을 통한 해킹이나 바이러스 침투로 인한 사례들이 증가하고 있다. 2000년 2월, Yahoo, Amazon, CNN에 발생했던 DDoS 공격으로 인해 각 웹 사이트들은 큰 피해를 입었다. 인터넷의 개방성은 사용자들에게 매우 다양한 서비스를 제공하는 반면, 인터넷을 통한 해킹, 바이러스 등의 공격을 위한 도구로서 사용되고 있다. 본 논문은 근래 분산서비스거부 (DDoS) 공격으로 인하여 남용되고 있는 네트워크 자원의 손실을 감소시키기 위해서, 분산서비스거부 (DDoS) 공격을 탐지하고 그 공격에 대해 적절한 대응 조치를 취할 수 있는 시스템인 FDDS (Flow based DDos Detection System)를 제안한다.

• KNOM Review
• /
• v.22 no.3
• /
• pp.20-24
• /
• 2019

Blockchain is a distributed ledger-based technology where all nodes participating in the blockchain network are connected to the P2P network. When a transaction is created in the blockchain network, the transaction is propagated and validated by the blockchain nodes. The verified transaction is sent to peers connected to each node through P2P network, and the peers keep the transaction in the memory pool. Due to the nature of P2P networks, the number and type of transactions delivered by a blockchain node is different for each node. As a result, all nodes do not have the same memory pool. Research is needed to solve problems such as attack detection. In this paper, we analyze transactions in the memory pool before solving problems such as transaction fee manipulation, double payment problem, and DDos attack detection. Therefore, this study collects transactions stored in each node memory pool of Bitcoin and Ethereum, a cryptocurrency system based on blockchain technology, and analyzes how much common transactions they have using jacquard similarity.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2005.11a
• /
• pp.19-24
• /
• 2005

Radio Frequency Identification (RFID) is a technology used to identify the physical objects and get information about the object on which the tag attaches from network. It is expected that RFID will lead IT market from human-oriented to object-oriented. Therefore, RFID technology and services will become wide-spread. But the system of RFID naming service is quite similar to the existing DNS facilities. So it has many weak points against to DDos attack. Furthermore if the MDS server Is under attack, there might be trouble of total RFID networks.In this paper, we propose a new detecting model to find attack traffic at local routers by using Management Information Base (MIB) which is optimized for RFID MDS server.

• The Journal of Korean Association of Computer Education
• /
• v.8 no.1
• /
• pp.65-72
• /
• 2005

In this study, we suggest a new mechanism on the design and implementation of IP Traceback system against DDos/DRDoS by Zombie and Reflector attack based on spoofed IP packets. After analysis and comparing on the state-of-arts of several IP traceback mechanisms, we can find their own pros and cons primitives. And then we performed simulations on reflector based DRDoS network packets. In first, we suggest a NS-2 based IP traceback module and implement it for finding its real DRDoS attacker. As a results, we can find advanced new IP traceback scheme for providing enhanced proactive functionality against DRDoS attack.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.8
• /
• pp.891-900
• /
• 2015

Cloud Computing has recently begun to emerge as a new attack target. The malice DDoS attacks are ongoing to delay and disturb the various services of the Cloud Computing. In this paper, we propose the Hornet-Cloud using security Honeypot technique and resources of Cloud Computing, and design the concept of active-interaction and security functions of Hornet-Cloud simply.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.127-134
• /
• 2011

Malicious botnet has been used for more malicious activities, such as DDoS attacks, sending spam messages, steal personal information, etc. To prevent this, many studies have been preceded. But malicious botnets have evolved and evaded detection systems. In particular, HTTP GET Request attack that exploits the vulnerability of the application layer is used. ALAB of ALADDIN proposed by ETRI is DDoS attack detection system that HTTP GET, Incomplete GET request flooding attack detection algorithm is applied. In this paper, we extend Incomplete GET detection algorithm of ALAB and derive the optimal configuration parameters to verify the validity of the algorithm ALAB by the study of the normal and attack packets.

• Journal of Convergence for Information Technology
• /
• v.7 no.2
• /
• pp.1-9
• /
• 2017

Recently, the DDoS attack using the amplifier method makes it difficult to distinguish the normal traffic from the normal server and it is difficult to detect even the attack detection. Since the SSDP protocol is a common protocol widely used in IoT devices, it is used as a DDoS amplification attack. In this paper, we analyze the reflector attack of SSDP which is one of the DDoS and suggest a technical proposal to detect and defend against the attack by managing the Mac address of each device. Also, we propose a control structure to protect the reflection attack of SSDP in Home IoT. The efficiency of the proposed system has been verified by performing an experimental attack on the virtual environment.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.12-20
• /
• 2016

With the enhancements in existing major industries, cloud computing-based converging services have been created, as well as value-added industries. A variety of converging services are now provided, from personalized services up to industrial services. In Korea, they have become the driving force behind existing industries throughout the whole economy, but mainly in finance, mobile systems, social computing, and home services, based on cloud services. However, not only denial of service (DOS) and distributed DOS (DDOS) attacks have occurred, but also attack techniques targeting core data in storage servers. Even security threats that are hardly detected, such as multiple attacks on a certain target, APT, and backdoor penetration have also occurred. To supplement defenses against these, in this article, a protocol for authority management is designed to provide users with safe storage services. This protocol was studied in cases of integration between a cloud environment and big data-based technology, security threats, and their requirements. Also studied were amalgamation examples and their requirements in technology-based cloud environments and big data. With the protocol suggested, based on this, security was analyzed for attack techniques that occur in the existing cloud environment, as well as big data-based techniques, in order to find improvements in session key development of approximately 55%.