• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.412-415
• /
• 2004

As computers and networks become popular, corporation or country organization composes security network including various kinds information protection system to protect informations and resources from internet and is operating system and network. But current firewall and IDS(Intrusion Detection System) of the network level suffers from many vulnerabilities in internal computing informations and resources. In this paper, we design of ICMP-based Traceback System using a ICMP Traceback Message for efficiently traceback without change structure of routers. ICMP-based Traceback System. Create of ICMP message is managed by “Traceback Agent” mirroring port for router. Victim's systems that are received the message store it and “Traceback Manager” is detect a attack(like a DDoS). Using a information of this message starting a traceback and detecting a source of attacker, so response a attack.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37A no.9
• /
• pp.772-779
• /
• 2012

In the current MANET, DOS or DDOS attacks are increasing, but as MANET has limited bandwidth, computational resources and battery power, the existing traceback mechanisms can not be applied to it. Therefore, in case of traceback techniques being applied to MANET, the resource of each node must be used efficiently. However, in the traceback techniques applied to an existing ad hoc network, as a cluster head which represents all nodes in the cluster area manages the traceback, the overhead of the cluster head shortens each node's life. In addition, in case of multi-hop clustering, as one Cluster head manages more node than one, its problem is getting even worse. This paper proposes TNA(Traceback against Network Attacks) based on multihop clustering using the depth of tree structure in order to reduce the overhead of distributed information management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.173-186
• /
• 2003

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive dating. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a 'advanced ICW Traceback' mechanism, which is based on the modified pushback system with secure router mechanism. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source, by which we can diminish network overload and enhance Traceback performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.31-37
• /
• 2011

Recently, MANET(Mobile Ad-hoc Network) is developing increasingly in the wireless network. MANET has weakness because phases change frequently and MANET doesn't have middle management system. Every node which consists of MANET has to perform data forwarding, but traceback is not reliable if these nodes do malicious action owing to attack. It also is not easy to find location of attacker when it is attacked as moving of nodes. In this paper, we propose a hierarchical-based traceback method that reduce waste of memory and can manage path information efficiently. In order to manage trace path information and reduce using resource in the cluster head after network is formed to cluster, method which recomposes the path efficiently is proposed. Proposed method in this paper can reduce path trace failure rate remarkably due to moving of nodes. It can also reduce the cost for traceback and time it takes to collect information.

• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.17-26
• /
• 2007

A serious problem to fight attacks through network is that attackers use incorrect or spoofed IP addresses in attack packets. Due to the stateless nature of the internet structure, it is a difficult problem to determine the source of these spoofed IP packets. While many IP traceback techniques have been proposed, they all have shortcomings that limit their usability in practice. In this paper we propose new IP marking techniques to solve the IP traceback problem. We have measured the performance of this mechanism and at the same time meeting the efficient marking for traceback and low system overhead.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.277-280
• /
• 2008

Security policy that use defense system such as Intrusion Detection System or Firewall is limited to passive response that only manage important data and resources. This paper analyzes security problem and maximum of passive response, provides a responsive way to Pharming attack which is one kind of hacking. This paper also includes ICMP-based traceback system that uses ICMP traceback Message about invasion that is decided through hacking. With this paper we can intercept damage of personal information leakage and property loss that is done through Pharming attacks.

• The Journal of Korean Association of Computer Education
• /
• v.8 no.1
• /
• pp.65-72
• /
• 2005

In this study, we suggest a new mechanism on the design and implementation of IP Traceback system against DDos/DRDoS by Zombie and Reflector attack based on spoofed IP packets. After analysis and comparing on the state-of-arts of several IP traceback mechanisms, we can find their own pros and cons primitives. And then we performed simulations on reflector based DRDoS network packets. In first, we suggest a NS-2 based IP traceback module and implement it for finding its real DRDoS attacker. As a results, we can find advanced new IP traceback scheme for providing enhanced proactive functionality against DRDoS attack.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.19-24
• /
• 2013

MANET has a highly dynamic topology because it consists of only mobile nodes. Various attacks using these characteristics exist. Among them, damage of the attacks based flooding such as DoS or DDos is large and traceback of the attack node is not easy. It is because route information by moving of intermediate nodes which pass the data changes frequently. In this paper, we propose table-based traceback technique to perform efficient traceback although route information by moving of nodes changes frequently. Cluster head manages route management table in order to form cluster status table and network topology snapshot for storing the location information of mobile nodes when cluster member nodes change. Also, bloom filter is used to reduce the amount of storing route information. The performance of the proposed technique is confirmed through experiment.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2112-2115
• /
• 2003

In this paper, we describe a SSAS (stepping stones attack simulator) that is automatic tool for testing and evaluation in TCP connection traceback system. The SSAS can pass multiple hosts that are included with hacker, middle-path hosts and victim’s system. And SSAS can also attack through commands to exploit the victim’s system. Usually, hackers do not expose their real attack positions through compromising the middle-path hosts like stepping-stones. Namely, hackers perform the stepping stones attacks in Internet. The SSAS can be utilized by developments and tests of the various countermeasure techniques of hacking. Specially, in this paper, it is used to test the performance of TCP connection traceback system.

• Journal of information and communication convergence engineering
• /
• v.7 no.2
• /
• pp.157-163
• /
• 2009

With the wide usage of internet in many fields, networks are being exposed to many security threats, such as DDoS attack and worm/virus. For enterprise network, prevention failure of network security causes the revealing of commercial information or interruption of network services. In this paper, we propose a method of prevention of DDoS attacks for enterprise network based on traceback and network traffic analysis. The model of traceback implements the detection of IP spoofing attacks by the cooperation of trusted adjacent host, and the method of network traffic analysis implements the detection of DDoS attacks by analyzing the traffic characteristic. Moreover, we present the result of the experiments, and compare the method with other methods. The result demonstrates that the method can effectively detect and block DDoS attacks and IP spoofing attacks.