• Journal of Information Processing Systems
• /
• v.7 no.1
• /
• pp.137-150
• /
• 2011

Mobile ad hoc networks are expected to be widely used in the near future. However, they are susceptible to various security threats because of their inherent characteristics. Malicious flooding attacks are one of the fatal attacks on mobile ad hoc networks. These attacks can severely clog an entire network, as a result of clogging the victim node. If collaborative multiple attacks are conducted, it becomes more difficult to prevent. To defend against these attacks, we propose a novel defense mechanism in mobile ad hoc networks. The proposed scheme enhances the amount of legitimate packet processing at each node. The simulation results show that the proposed scheme also improves the end-to-end packet delivery ratio.

• International Journal of Computer Science & Network Security
• /
• v.23 no.9
• /
• pp.111-119
• /
• 2023

Mobile Ad-hoc Network (MANET) is an infrastructure-less network that can configure itself without any centralized management. The topology of MANET changes dynamically which makes it open for new nodes to join it easily. The openness area of MANET makes it very vulnerable to different types of attacks. One of the most dangerous attacks is the Resource Consumption Attack (RCA). In this type of attack, the attacker consumes the normal node energy by flooding it with bogus packets. Routing in MANET is susceptible to RCA and this is a crucial issue that deserves to be studied and solved. Therefore, the main objective of this paper is to study the impact of RCA on two routing protocols namely, Ad hoc On-Demand Distance Vector (AODV) and Dynamic Source Routing (DSR); as a try to find the most resistant routing protocol to such attack. The contribution of this paper is a new RCA model (RCAM) which applies RCA on the two chosen routing protocols using the NS-2 simulator.

• Journal of Korea Multimedia Society
• /
• v.16 no.8
• /
• pp.954-961
• /
• 2013

To enhance the efficiency of network, content-centric networking (CCN), one of future Internet architectures, allows network nodes to temporally cache transmitted contents and then to directly respond to request messages which are relevant to previously cached contents. Also, since CCN uses a hierarchical content-name, not a host identity like source/destination IP address, for request/response packet routing and CCN request message does not include requester's information for privacy protection, contents-providers/ network nodes can not identify practical requesters sending request messages. So to send back relevant contents, network nodes in CCN records both a request message and its incoming interfaces on Pending Interest Table (PIT). Then the devices refer PIT to return back a response message. If PIT is exhausted, the device can not normally handle request/response messages anymore. Hence, it is needed to detect/react attack to exhaust PIT. Hence, in this paper, we propose improved detection/reaction schemes against attacks to exhaust PIT. In practice, for fine-grained control, this proposal is applied to each incoming interface. Also, we propose the message framework to control attack traffic and evaluate the performance of our proposal.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.119-129
• /
• 2011

TCP-related Flooding attacks still dominate Distributed Denial of Service Attack. It is a great challenge to accurately detect the TCP flood attack in hish speed network. In this paper, we propose the NIC_Cookie logic implementation, which is a kind of security offload engine against TCP-related DDoS attacks, on network interface card. NIC_Cookie has robustness against DDoS attack itself and it is independent on server OS and external network configuration. It supports not IP-based response method but packet-level response, therefore it can handle attacks of NAT-based user group. We evaluate that the latency time of NIC_Cookie logics is $7{\times}10^{-6}$ seconds and we show 2Gbps wire-speed performance through a benchmark test.

• Journal of Information Processing Systems
• /
• v.11 no.1
• /
• pp.104-115
• /
• 2015

Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.413-418
• /
• 2019

Attacks on existing sensor networks include sniffing, flooding, and spoofing attacks. The basic countermeasures include encryption and authentication methods and switching methods. Wormhole attack, HELLO flood attack, Sybil attack, sinkhole attack, and selective delivery attack are the attacks on the network layer in wireless sensor network (WSN). These attacks may not be defended by the basic countmeasures mentioned above. In this paper, new countermeasures against these attacks include periodic key changes and regular network monitoring. Moreover, we present various threats (attacks) in the network layer of wireless sensor networks and new countermeasures accordingly.

• Journal of Internet Computing and Services
• /
• v.25 no.3
• /
• pp.1-8
• /
• 2024

As the Internet of Things (IoT) has gained significant prominence in our daily lives, most IoT devices rely on over-the-air technology to automatically update firmware or software remotely via the network connection to relieve the burden of manual updates by users. And preserving security for OTA interface is one of the main requirements to defend against potential threats. This paper presents a simulation of an attack scenario on the commoditized System-on-a-chip, ESP32 chip, utilized for drones during their OTA update process. We demonstrate three types of attacks, WiFi cracking, ARP spoofing, and TCP SYN flooding techniques and postpone the OTA update procedure on an ESP32 Drone. As in this scenario, unpatched IoT devices can be vulnerable to a variety of potential threats. Additionally, we review the chip to obtain traces of attacks from a forensics perspective and acquire memory forensic artifacts to indicate the SYN flooding attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.5
• /
• pp.1726-1743
• /
• 2014

DDoS (Distributed Denial of Service) has been a continuous threat to the cyber world with the growth in cyber technology. This technical evolution has given rise to a number of ultra-sophisticated ways for the attackers to perform their DDoS attack. In general, the attackers who generate the denial of service, use the vulnerabilities of the TCP. Some of the vulnerabilities like SYN (synchronization) flooding, and IP spoofing are used by the attacker to create these Distributed Reflected Denial of Service (DrDoS) attacks. An attacker, with the assistance of IP spoofing creates a number of attack packets, which reflects the flooded packets to an attacker's intended victim system, known as the primary target. The proposed scheme, Efficient Spoofed Flooding Defense (ESFD) provides two level checks which, consist of probing and non-repudiation, before allocating a service to the clients. The probing is used to determine the availability of the requested client. Non-repudiation is taken care of by the timestamp enabled in the packet, which is our major contribution. The real time experimental results showed the efficiency of our proposed ESFD scheme, by increasing the performance of the CPU up to 40%, the memory up to 52% and the network bandwidth up to 67%. This proves the fact that the proposed ESFD scheme is fast and efficient, negating the impact on the network, victim and primary target.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.5
• /
• pp.507-526
• /
• 2009

Since SIP uses a text-based message format and is open to the public Internet, it provides a number of potential opportunities for Denial of Service (DoS) attacks in a similar manner to most Internet applications. In this paper, we propose an effective detection method for SIP flooding attacks in order to deal with the problems of conventional schemes. We derive the upper bound of the possible number of SIP messages, considering not only the network congestion status but also the different properties of individual SIP messages such as INVITE, BYE and CANCEL. The proposed method can be easily extended to detect flooding attacks by other SIP messages.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.679-689
• /
• 2012

There were clear differences between the DDoS attack on 7th July 2009 and the rest of them prior to the attack. Despite It had emitted relatively small sized packets per infected PC, the attack was very successful making use of HTTP Flooding attack by aggregating small sized packets from the well sized zombie network. As the objective of the attack is not causing permanent damage to the target system but temporal service disruption, one should ensure the availability of the target server by deploying effective defense strategy. In this paper, a novel HTTP based DDoS defense mechanism is introduced with capacity based defense-in-depth strategy.