• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.4
• /
• pp.1-10
• /
• 2021

The purpose of the study is to contribute to the positive development of blockchain technology by providing data to examine security vulnerabilities and threats to blockchain-based services and review countermeasures. The findings of this study are as follows. Threats to the security of blockchain-based services can be classified into application security threats, smart contract security threats, and network (P2P) security threats. First, application security threats include wallet theft (e-wallet stealing), double spending (double payment attack), and cryptojacking (mining malware infection). Second, smart contract security threats are divided into reentrancy attacks, replay attacks, and balance increasing attacks. Third, network (P2P) security threats are divided into the 51% control attack, Sybil attack, balance attack, eclipse attack (spread false information attack), selfish mining (selfish mining monopoly), block withholding attack, DDoS attack (distributed service denial attack) and DNS/BGP hijacks. Through this study, it is possible to discuss the future plans of the blockchain technology-based ecosystem through understanding the functional characteristics of transparency or some privacy that can be obtained within the blockchain. It also supports effective coping with various security threats.

• KNOM Review
• /
• v.23 no.1
• /
• pp.10-17
• /
• 2020

As the threat of Distributed Denial-of-Service attacks that exploit weakly secure IoT devices has spread, research on source-side Denial-of-Service attack detection is being activated to quickly detect the attack and the location of attacker. In addition, a collaborative source-side attack detection technique that shares detection results of source-side networks located at individual sites is also being activated to overcome regional limitations of source-side detection. In this paper, we evaluate the performance of a collaborative source-side DDoS attack detection using statistical weights. The statistical weight is calculated based on the detection rate and false positive rate corresponding to the time zone of the individual source-side network. By calculating weighted sum of the source-side DoS attack detection results from various sites, the proposed method determines whether a DDoS attack happens. As a result of the experiment based on actual DNS request to traffic, it was confirmed that the proposed technique reduces false positive rate 2% while maintaining a high attack detection rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.11-16
• /
• 2016

In modern society, the development of Information and Communication Technology has given people a lot of opportunities. But on the other side cyber attack also gives enormous damage to people. Recently Korea has become the target of cyber attack. The threat of it is growing. Especially North Korea has committed hostile actions against South Korea. North Korea has recently attacked the computer networks of South Korea's important national facilities. The types of North Korea's cyber attacks include the followings. First, if we see it with the viewpoint of software, it tries to destroy or control the Internet, infects the networks with viruses, worms, Trojan Horse and Distributed Denial of Service. I suggest the following to solve the problem. First, South Korea should unify the organizations to respond to the attacks of North Korea, as North Korea has a unified organization for the cyber attack. Second, they should think about the establishment of "Cyber Terrorism Prevention Act" to systematically respond to the software attacks.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.276-282
• /
• 2022

One of the most essential foundations upon which big institutions rely in delivering cloud computing and hosting services, as well as other kinds of multiple digital services, is the security of infrastructures for digital and information services throughout the world. Distributed denial-of-service (DDoS) assaults are one of the most common types of threats to networks and data centers. Denial of service attacks of all types operates on the premise of flooding the target with a massive volume of requests and data until it reaches a size bigger than the target's energy, at which point it collapses or goes out of service. where it takes advantage of a flaw in the Transport Control Protocol's transmitting and receiving (3-way Handshake) (TCP). The current study's major focus is on an architecture that stops DDoS attacks assaults by producing code for DDoS attacks using a cloud controller and calculating Round-Tripe Time (RTT).

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.101-108
• /
• 2022

We propose an intrusion detection model that detects denial-of-service(DoS) and distributed reflection denial-of-service(DRDoS) attacks, based on the empirical data of each internet of things(IoT) device by training system and network metrics that can be commonly collected from various IoT devices. First, we collect 37 system and network metrics from each IoT device considering IoT attack scenarios; further, we train them using six types of machine learning models to identify the most effective machine learning models as well as important metrics in detecting and distinguishing IoT attacks. Our experimental results show that the Random Forest model has the best performance with accuracy of over 96%, followed by the K-Nearest Neighbor model and Decision Tree model. Of the 37 metrics, we identified five types of CPU, memory, and network metrics that best imply the characteristics of the attacks in all the experimental scenarios. Furthermore, we found out that packets with higher transmission speeds than larger size packets represent the characteristics of DoS and DRDoS attacks more clearly in IoT networks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.143-145
• /
• 2022

With the spread of the Internet around the world, devices connected to the Internet are gradually increasing. In addition, the number of distributed reflection service attacks (DrDoS), an attack that maliciously requests large responses by deceiving IPs as if the attacker was a victim, using vulnerabilities in application protocols such as DNS, NTP, and CLDAP, is increasing rapidly. It is believed that the security threat of distributed reflection service attacks will not disappear unless ISPs establish appropriate countermeasures to IP Spoofing. Therefore, this paper describes the security threat and response status of distributed reflection service attacks based on IP Spoofing.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1985-1988
• /
• 2003

As the Distributed Denial of Service attack technique is getting smarter, defense method have been developed by various means. Existing defense method baseds on detection technique is not effective to DDoS attack. Because it depend on rule set that is used to detect attack and DDoS attack pattern has become very similar to real traffic pattern. So the rule set is not efficient method to find DDoS attack. To solve this problem, DDoS defense mechanism based on QoS technique has been suggested. In this paper, we summarize existing DDoS defense mechanism and focus on method based on QoS, and introduce a new DDoS defense framework.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.996-998
• /
• 2011

인터넷의 발전과 더불어 네트워크 상에서의 침입 시도가 갈수록 증가되고 다변화되고 있으며, 특히, 네트워크나 서버의 가용성을 위협하는 형태의 서비스 거부(DoS: Denial of Servie) 공격이 최근 급증하고 있다. 따라서, 본 논문에서는 인터넷 서버의 정상적인 서비스 제공을 방해하는 형태의 분산 서비스 거부(DDoS: Distributed Denial of Service) 공격으로부터 서버를 보호하고 원활한 서비스를 제공하기 위한 Secure-NIC 시스템의 설계 및 구현에 대해서 설명한다. 이는 "CISGDP : CPU-Independent Service Guaranteed DDoS Protection" 이라는 설계 개념하에서, 각종 인터넷 서버에 장착되어 DDoS 공격 등의 네트워크 공격에 대하여 서버의 고유 서비스가 지속적으로 보장될 수 있도록 자체 보안 기능을 NIC(Network Interface Card) 형태로 제공한다.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.185-192
• /
• 2006

By mistaking normal packets for harmful traffic, it may not offer service according to the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DUoS(Distributed DoS) attack like the Internet worm. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWIB and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.