• Title/Summary/Keyword: Harmful Traffic

Search Result 42, Processing Time 0.022 seconds

Harmful Traffic Detection by Web Traffic Analysis (웹 트래픽 분석을 통한 유해 트래픽 탐지)

  • Shin, Hyun-Jun;Choi, Il-Jun;Chu, Byoung-Gyun;Oh, Chang-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.2 s.46
    • /
    • pp.221-229
    • /
    • 2007
  • Security of the port TCP/80 has been demanded by reason that the others besides web services have been rapidly increasing use of the port. Existing traffic analysis approaches can't distinguish web services traffic from application services when traffic passes though the port. monitoring method based on protocol and port analysis were weak in analyzing harmful traffic using the web port on account of being unable to distinguish payload. In this paper, we propose a method of detecting harmful traffic by web traffic analysis. To begin, traffic Capture by real time and classify by web traffic. Classed web traffic sorts each application service details and apply weight and detect harmful traffic. Finally, method propose and implement through coding. Therefore have a purpose of these paper to classify existing traffic analysis approaches was difficult web traffic classified normal traffic and harmful traffic and improved performance.

  • PDF

DDoS Attack Detection on the IPv6 Environment (IPv6환경에서 DDoS 침입탐지)

  • Koo, Min-Jeong;Oh, Chang-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.6 s.44
    • /
    • pp.185-192
    • /
    • 2006
  • By mistaking normal packets for harmful traffic, it may not offer service according to the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DUoS(Distributed DoS) attack like the Internet worm. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWIB and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.

  • PDF

Traffic Gathering and Analysis Algorithm for Attack Detection (공격 탐지를 위한 트래픽 수집 및 분석 알고리즘)

  • Yoo Dae-Sung;Oh Chang-Suk
    • The Journal of the Korea Contents Association
    • /
    • v.4 no.4
    • /
    • pp.33-43
    • /
    • 2004
  • In this paper, a traffic trend analysis based SNMP algorithm is proposed for improving the problem of existing traffic analysis using SNMP. The existing traffic analysis method has a vulnerability that is taken much time In analyzing by using a threshold and not detected a harmful traffic at the point of transition. The method that is proposed in this paper can solve the problems that the existing method had, simultaneously using traffic trend analysis of the day, traffic trend analysis happening in each protocol and MIB object analysis responding to attacks instead of using the threshold. The algorithm proposed in this paper will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks. When traffic happens, it can detect the abnormality through the three analysis methods previously mentioned. After that, if abnormal traffic overlaps in at least two of the three methods, we can consider it as harmful traffic. The proposed algorithm will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks.

  • PDF

Harmful Traffic Detection by Protocol and Port Analysis (프로토콜과 포트 분석을 통한 유해 트래픽 탐지)

  • Shin Hyun-Jun;Choi Il-Jun;Oh Chang-Suk;Koo Hyang-Ohk
    • The Journal of the Korea Contents Association
    • /
    • v.5 no.5
    • /
    • pp.172-181
    • /
    • 2005
  • The latest attack type against network traffic appeared by worm and bot that are advanced in DDoS. It is difficult to detect them because they are diversified, intelligent, concealed and automated. The exisiting traffic analysis method using SNMP has a vulnerable problem; it considers normal P2P and other application program to be harmful traffic. It also has limitation that does not analyze advanced programs such as worm and bot to harmful traffic. Therefore, we analyzed harmful traffic out Protocol and Port analysis. We also classified traffic by protocol, well-known port, P2P port, existing attack port, and specification port, apply singularity weight to detect, and analyze attack availability. As a result of simulation, it is proved that it can effectively detect P2P application, worm, bot, and DDoS attack.

  • PDF

Attack Detection Algorithm Using Exponential Smoothing Method on the IPv6 Environment (IPv6 환경에서 지수 평활법을 이용한 공격 탐지 알고리즘)

  • Koo Hyang-Ohk;Oh Chang-Suk
    • The Journal of the Korea Contents Association
    • /
    • v.5 no.6
    • /
    • pp.378-385
    • /
    • 2005
  • Mistaking normal packets for harmful traffic may not offer service in conformity with the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DDoS(Distributed Denial of Service) attack. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWOX and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.

  • PDF

Intrusion Prevention Using Harmful Traffic Analysis (유해 트래픽 분석을 이용한 침입 방지)

  • Chang, Moon-Soo;Koo, Hyang-Ohk;Oh, Chang-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.4 s.36
    • /
    • pp.173-179
    • /
    • 2005
  • The continuous development of computing technique and network technology bring the explosive growth of the Internet, it accomplished the role which is import changes the base facility in the social whole and public infra, industrial infrastructure, culture on society-wide to Internet based environment. Recently the rapid development of information and technology environment is quick repeated the growth and a development which is really unexampled in the history but it has a be latent vulnerability, Therefore the damage from this vulnerability like worm, hacking increases continually. In this paper, in order to resolve this problem, implement the analysis system for harmful traffic for defending new types of attack and analyzing the traffic takes a real-time action against intrusion and harmful information packet.

  • PDF

A Study ou Iuternet Traffic Coutrol: Blockiug of harmful information based on IP spoofing (인터넷 트래픽 제어에 관한 연구: IP 주소 위조 기법을 사용한 유해 정보 차단 시스템)

  • Paek Seon-uck
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.5 no.5
    • /
    • pp.447-453
    • /
    • 2004
  • In this paper, we propose a new system to block harmful Internet information based on IP spoofing. The proposed system is located on a organization's internal network and monitors all outgoing traffic and lets all this traffic go outside. Once the proposed system detects a host's access to a harmful site, it sends the host a pseudo RST packet that pretends to be the response from the harmful site, and prevents the connection between the host and the harmful site. The proposed software system is installed on only a server, and need not be installed on user hosts at all. Thus we can maintain and upgrade the blocking system easily. The performance evaluation of the proposed system shows that it effectively blocks the access to the harmful sites. Since the proposed system is based on IP spoofing, it can be used badly as a hacking tool. Finally we propose some methods to eliminate this possibility.

  • PDF

Detection of Traffic Flooding Attack using SNMP on the IPv6 Environment (IPv6 환경에서 SNMP를 이용한 트래픽 폭주공격 탐지)

  • Koo Hyang-Ohk;Baek Soon-Hwa;Oh Chang-Suk
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2005.05a
    • /
    • pp.83-86
    • /
    • 2005
  • Recently, demage of denial of service attack and worm attack has grown larger and larger every year. But Research of harmful traffic detection is not sufficient when the IPv4 environment is replaced with the IPv6 environment in near future. The purpose of this paper is attact detection which has been detected harmful traffic monitoring on the IPv6 using the Internet management protocol SNMP.

  • PDF

Design of Harmful Traffic Analysis System (유해트래픽 분석 시스템 설계)

  • Chang Moon-Soo;Koo Hyang-Ohk;Oh Chang-Suk
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2005.05a
    • /
    • pp.87-90
    • /
    • 2005
  • The rapid development of computing and network environment has brought about the potential vulnerability. Therefore the damage from this vulnerability like Worm, hacking increases continually. In order to resolve this problem, implement the analysis system for mischievous traffic for defending new types of attack and analyzing the traffic takes a real-time action against intrusion and harmful information packet.

  • PDF

Implementation of User Connection Prevention System through LAN Monitoring from Internet Harmful Site (LAN 모니터링을 통한 인터넷 유해 사이트의 사용자 접속 방지 시스템 개발)

  • Park, Hyoung-Bae;Chung, Joong-Soo
    • Journal of the Korean Institute of Telematics and Electronics S
    • /
    • v.36S no.8
    • /
    • pp.1-7
    • /
    • 1999
  • The Internet is emerging as a powerful tool in the area of information and communication technology. The WWW has been especially contributed to increase the internet demand because of its browser which has "Graphic User Interface". Nowadays number of hosts that supply harmful information such as pornographic materials, and the infringement of human rights is rapidly increased. Access to such materials is very easy. Therefore security system which will protect young users from access to harmful host is needed. This paper presents implementation of user system has database about harmful hosts at the Internet and monitors that the user traffic over LAM get touch with the hosts. The system can not make the user access the harmful host because it can over LAN. The performance analysis on the developed system monitoring the traffic over LAN of Andong university is carried out. The performance analysis of monitoring results satisfies with preventing users from the connection to the internet harmful sites.

  • PDF