• KNOM Review
• /
• v.23 no.1
• /
• pp.10-17
• /
• 2020

As the threat of Distributed Denial-of-Service attacks that exploit weakly secure IoT devices has spread, research on source-side Denial-of-Service attack detection is being activated to quickly detect the attack and the location of attacker. In addition, a collaborative source-side attack detection technique that shares detection results of source-side networks located at individual sites is also being activated to overcome regional limitations of source-side detection. In this paper, we evaluate the performance of a collaborative source-side DDoS attack detection using statistical weights. The statistical weight is calculated based on the detection rate and false positive rate corresponding to the time zone of the individual source-side network. By calculating weighted sum of the source-side DoS attack detection results from various sites, the proposed method determines whether a DDoS attack happens. As a result of the experiment based on actual DNS request to traffic, it was confirmed that the proposed technique reduces false positive rate 2% while maintaining a high attack detection rate.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.3
• /
• pp.916-937
• /
• 2023

Most of the existing Distributed Denial-of-Service mitigation schemes in Software-Defined Networking are only implemented in the network domain managed by a single controller. In fact, the zombies for attackers to launch large-scale DDoS attacks are actually not in the same network domain. Therefore, abnormal traffic of DDoS attack will affect multiple paths and network domains. A single defense method is difficult to deal with large-scale DDoS attacks. The cooperative defense of multiple domains becomes an important means to effectively solve cross-domain DDoS attacks. We propose an efficient multi-domain DDoS cooperative defense mechanism by integrating blockchain and SDN architecture. It includes attack traceability, inter-domain information sharing and attack mitigation. In order to reduce the length of the marking path and shorten the traceability time, we propose an AS-level packet traceability method called ASPM. We propose an information sharing method across multiple domains based on blockchain and smart contract. It effectively solves the impact of DDoS illegal traffic on multiple domains. According to the traceability results, we designed a DDoS attack mitigation method by replacing the ACL list with the IP address black/gray list. The experimental results show that our ASPM traceability method requires less data packets, high traceability precision and low overhead. And blockchain-based inter-domain sharing scheme has low cost, high scalability and high security. Attack mitigation measures can prevent illegal data flow in a timely and efficient manner.

• Journal of KIISE
• /
• v.42 no.10
• /
• pp.1254-1267
• /
• 2015

Recently, excessive installations of APs have caused WLAN interference, and many techniques have been suggested to solve this problem. The AP aggregation technique serves to reduce active APs by moving station connections to a certain AP. Since this technique forcibly moves station connections, the transmission performance of some stations may deteriorate. The AP transmit power control technique may cause station disconnection or deterioration of transmission performance when power is reduced under a certain level. The combination of these two techniques can reduce interference through AP aggregation and narrow the range of interferences further through detailed power adjustment. However, simply combining these techniques may decrease the probability of power adjustment after aggregation and increase station disconnections upon power control. As a result, improvement in performance may be insignificant. Hence, this study suggests a scheme to combine the AP aggregation and the AP transmit power control techniques in OpenFlow-based WLAN to ameliorate the disadvantages of each technique and to reduce interferences efficiently by performing aggregation for the purpose of increasing the probability of adjusting transmission power. Simulations reveal that the average transmission delay of the suggested scheme is reduced by as much as 12.8% compared to the aggregation scheme and by as much as 18.1% compared to the power control scheme. The packet loss rate due to interference is reduced by as much as 24.9% compared to the aggregation scheme and by as much as 46.7% compared to the power control scheme. In addition, the aggregation scheme and the power control scheme decrease the throughput of several stations as a side effect, but our scheme increases the total data throughput without decreasing the throughput of each station.