• Title/Summary/Keyword: Network Attack

Search Result 1,267, Processing Time 0.026 seconds

Distributed Attack Analysis and Countermeasure (분산처리 공격에 대한 방어방법 연구)

  • Shin, Miyea
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.1
    • /
    • pp.19-23
    • /
    • 2015
  • Distributed Denial of Service attack is a form of denial of service attacks, the attacker to attack a place in a number of points of attack by a wide variety of forms over the network to perform a service on a point attack . Do not use a specific server or client attempts to make a connection to many services available that prevents this attack and so normally used . Corresponding methods of DDoS attacks has a corresponding managerial aspects and technical aspects of the proposed two.

  • PDF

Known-Key Attacks on 4-Branch GFN-2 Structures with SP F-Functions (SP F-함수를 갖는 4-브랜치 GFN-2 구조에 대한 기지키 공격)

  • Hong, Deukjo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.5
    • /
    • pp.795-803
    • /
    • 2020
  • In this paper, we study known-key distinguishing and partial-collision attacks on GFN-2 structures with SP F-functions and various block lengths. Firstly, we show the known-key distinguishing attack is possible up to 15 rounds. Secondly, for the case that the last round function has the shuffle operation, we show that the partial-collision attack is possible up to 14 rounds. Finally, for the case that the last round function has no shuffle operation, we show that the partial-collision attacks are possible up to 11 rounds.

A SYN flooding attack detection approach with hierarchical policies based on self-information

  • Sun, Jia-Rong;Huang, Chin-Tser;Hwang, Min-Shiang
    • ETRI Journal
    • /
    • v.44 no.2
    • /
    • pp.346-354
    • /
    • 2022
  • The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

An Attack Origin Traceback Mechanism using ICMP Message on Ad-hoc Network (Ad-hoc 네트워크에서 ICMP메시지를 이용한 공격 근원지 역추적 기법)

  • Jeong, Gi Seog
    • Convergence Security Journal
    • /
    • v.13 no.3
    • /
    • pp.47-54
    • /
    • 2013
  • Ad-hoc network is composed of mobile nodes and has a vulnerability of attack like on conventional wire networks. So, many studies have been conducted to apply the traceback mechanism on wire network to Ad-hoc network. In this paper, a new mechanism that can trace back to IP source of spoofing DDoS packet using iTrace message on Ad-hoc network is proposed. The proposed mechanism implements ICMP Traceback message and the traceback path between agents allocated in local network and a server located in management network. Also the proposed mechanism can trace the position of attacker even after an attack is over and has extendability through standardization by using a mechanism that IETF proposed. Result of performance evaluation shows a great improvement in terms of load, integrity, safety, traceback function as compared with conventional mechanisms.

Extraction of System-Wide Sybil-Resistant Trust Value embedded in Online Social Network Graph (온라인 소셜 네트워크 그래프에 내포된 시스템-차원 시빌-저항 신뢰도 추출)

  • Kim, Kyungbaek
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.12
    • /
    • pp.533-540
    • /
    • 2013
  • Anonymity is the one of main reasons for substantial improvement of Internet. It encourages various users to express their opinion freely and helps Internet based distributed systems vitalize. But, anonymity can cause unexpected threats because personal information of an online user is hidden. Especially, distributed systems are threatened by Sybil attack, where one malicious user creates and manages multiple fake online identities. To prevent Sybil attack, the traditional solutions include increasing the complexity of identity generation and mapping online identities to real-world identities. But, even though the high complexity of identity generation increases the generation cost of Sybil identities, eventually they are generated and there is no further way to suppress their activity. Also, the mapping between online identities and real identities may cause high possibility of losing anonymity. Recently, some methods using online social network to prevent Sybil attack are researched. In this paper, a new method is proposed for extracting a user's system-wide Sybil-resistant trust value by using the properties embedded in online social network graphs. The proposed method can be categorized into 3 types based on sampling and decision strategies. By using graphs sampled from Facebook, the performance of the 3 types of the proposed method is evaluated. Moreover, the impact of Sybil attack on nodes with different characteristics is evaluated in order to understand the behavior of Sybil attack.

Social Engineering Attack Graph for Security Risk Assessment: Social Engineering Attack Graph framework(SEAG)

  • Kim, Jun Seok;Kang, Hyunjae;Kim, Jinsoo;Kim, Huy Kang
    • Journal of the Korea Society of Computer and Information
    • /
    • v.23 no.11
    • /
    • pp.75-84
    • /
    • 2018
  • Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

Survey on the use of security metrics on attack graph

  • Lee, Gyung-Min;Kim, Huy-Kang
    • Journal of the Korea Society of Computer and Information
    • /
    • v.23 no.12
    • /
    • pp.95-105
    • /
    • 2018
  • As the IT industry developed, the information held by the company soon became a corporate asset. As this information has value as an asset, the number and scale of various cyber attacks which targeting enterprises and institutions is increasing day by day. Therefore, research are being carried out to protect the assets from cyber attacks by using the attack graph to identify the possibility and risk of various attacks in advance and prepare countermeasures against the attacks. In the attack graph, security metric is used as a measure for determining the importance of each asset or the risk of an attack. This is a key element of the attack graph used as a criterion for determining which assets should be protected first or which attack path should be removed first. In this survey, we research trends of various security metrics used in attack graphs and classify the research according to application viewpoints, use of CVSS(Common Vulnerability Scoring System), and detail metrics. Furthermore, we discussed how to graft the latest security technologies, such as MTD(Moving Target Defense) or SDN(Software Defined Network), onto the attack graphs.

A Design of Flexible Testbed for Network Security Evaluation (네트워크 보안 평가를 위한 유연한 테스트베드 설계)

  • Im, Yi-Jin;Choi, Hyoung-Kee;Kim, Ki-Yoon
    • Journal of KIISE:Information Networking
    • /
    • v.37 no.1
    • /
    • pp.16-26
    • /
    • 2010
  • We present a testbed for collecting log information and evaluating network security under various attacks. This testbed is modeled on real Internet, where attack traffic coexists with normal traffic. Attacks can be produced either by attack tools directly or by data sets including attack traffic. It costs less time and money than existing ones which are both costly and often time consuming in constructing. Also, it can be easily revised or extended according to the traffic types or the uses. Therefore, using our testbed can make various tests more efficient and facilitate collecting log information of sensors with attacks. We discuss how to use our testbed through replay procedures of DDoS attack and worm. We also discuss how we surmount some difficulty in constructing the testbed.

Secure route determination method to prevent sinkhole attacks in INSENS based wireless sensor networks (INSENS 기반의 무선 센서 네트워크에서 싱크홀 공격을 방어하기 위한 강화된 경로 설정 기법)

  • Song, Kyu-Hyun;Cho, Tae-Ho
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.26 no.4
    • /
    • pp.267-272
    • /
    • 2016
  • Wireless sensor networks (WSNs) are vulnerable to external intrusions due to the wireless communication characteristics and limited hardware resources. Thus, the attacker can cause sinkhole attack while intruding the network. INSENS is proposed for preventing the sinkhole attack. INSENS uses the three symmetric keys in order to prevent such sinkhole attacks. However, the sinkhole attack occurs again, even in the presence of INSENS, through the compromised node because INSENS does not consider the node being compromised. In this paper, we propose a method to counter the sinkhole attack by considering the compromised node, based on the neighboring nodes' information. The goals of the proposed method are i) network reliability improvement and ii) energy conservation through effective prevention of the sinkhole attack by detecting compromised nodes. The experimental results demonstrate that the proposed method can save up to, on average, 19.90% of energy while increasing up to, on average, 71.50%, the report reliability against internal sinkhole attacks in comparison to INSENS.

Host based Feature Description Method for Detecting APT Attack (APT 공격 탐지를 위한 호스트 기반 특징 표현 방법)

  • Moon, Daesung;Lee, Hansung;Kim, Ikkyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.5
    • /
    • pp.839-850
    • /
    • 2014
  • As the social and financial damages caused by APT attack such as 3.20 cyber terror are increased, the technical solution against APT attack is required. It is, however, difficult to protect APT attack with existing security equipments because the attack use a zero-day malware persistingly. In this paper, we propose a host based anomaly detection method to overcome the limitation of the conventional signature-based intrusion detection system. First, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data set that are occurred during running both malware and normal executable file. Further, each process is represented as 83-dimensional vector that profiles the frequency of appearance of features. the vector also includes the frequency of features generated in the child processes of each process. Therefore, it is possible to represent the whole behavior information of the process while the process is running. In the experimental results which is applying C4.5 decision tree algorithm, we have confirmed 2.0% and 5.8% for the false positive and the false negative, respectively.