• The Journal of the Korea Contents Association
• /
• v.3 no.4
• /
• pp.48-54
• /
• 2003

Recently it frequently occur that remote host or network device breaks down because of various traffic flooding attacks. This kind of attack is classified an one of the most serious attacks of it can be used to a need of other hackings. This research is gathering system's informations for detecting a traffic flooding attack using the SNMP MIB. We analyze the traffic characteristic applying the critical value commonly used in analytical procedure of traffic flooding attacks. As a result or this analysis, traffic flooding attacks have a special character of its on. The proposed algorithm in this paper would be more available to a previous detecting method and a previous protecting method.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.273-277
• /
• 2004

In this paper, We used thresholds $\varepsilon$, $\theta$ a to improve traffic flooding attack detection method using SNMP in opposition to frequent traffic flooding attack. accordingly, we can use system resources more efficient as execute traffic analysys by threshold.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.278-282
• /
• 2004

Recently traffic flooding attack has happened faster and faster owing to expansion of the worm attack and development of the method of traffic flooding attack. The method in the past time is problematic in detecting the recent traffic flooding attacks, which are running quickly. Therefore, this paper aims to establish the algorithm which reduces the time of detection to traffic flooding attack in collecting and analyzing traffics.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.115-121
• /
• 2005

In the present internet environment, various traffic flooding attacks and worm attacks cause economical loss. If IPv4 is substituted by IPv6 because of the lack of IP address, it will be more serious. Therefore, we design and implement the traffic analysis tool which can detect attacks by expecting them encountered in the IPv6 environment. Proposed tool is composed of packet generation module, packet gathering module, discrimination module, and display module in X-windows. As a simulation result, it is proved that it can effectively detect DAD-NA message attack, TCP SYN flooding attack, UDP flooding attack and ICMP flooding attack in the IPv6 environment.

• Journal of Korea Multimedia Society
• /
• v.17 no.8
• /
• pp.988-994
• /
• 2014

Software Defined Network (SDN) is a new technology in computer network area which enables user to centralize control plane. The security issue is important in computer network to protect system from attackers. SYN flooding attack is one of Distributed Denial of Service attack methods which are popular to degrade availability of targeted service on Internet. There are many methods to protect system from attackers, i.e. firewall and IDS. Even though firewall is designed to protect network system, but it cannot mitigate DDoS attack well because it is not designed to do so. To improve performance of DDOS mitigation we utilize another mechanism by using SDN technology such as OpenFlow and sFlow. The methodology of sFlow to detect attacker is by capturing and sum cumulative traffic from each agent to send to sFlow collector to analyze. When sFlow collector detect some traffics as attacker, OpenFlow controller will modify the rule in OpenFlow table to mitigate attacks by blocking attack traffic. Hence, by combining sum cumulative traffic use sFlow and blocking traffic use OpenFlow we can detect and mitigate SYN flooding attack quickly and cheaply.

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.13-20
• /
• 2009

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1568-1570
• /
• 2005

The internet is already a part of life. It is very convenient and people can do almost everything with internet that should be done in real life. Along with the increase of the number of internet user, various network attacks through the internet have been increased as well. Also, Large-scale network attacks are a cause great concern for the computer security communication. These network attack becomes biggest threat could be down utility of network availability. Most of the techniques to detect and analyze abnormal traffic are statistic technique using mathematical modeling. It is difficult accurately to analyze abnormal traffic attack using mathematical modeling, but network simulation technique is possible to analyze and simulate under various network simulation environment with attack scenarios. This paper performs modeling and simulation under virtual network environment including $NGSS^{1}$ system to analyze abnormal traffic-flooding attack.

• Proceedings of the Korea Contents Association Conference
• /
• 2003.11a
• /
• pp.109-112
• /
• 2003

A traffic flooding attack is an attack type that interfere with normal service by running out network bandwidth, process throughput, and system resource. It can be recognized intuitively by network slowdown, connect impossibility state and detected more exactly by collecting and analyzing packets that generate traffic flooding. In this paper, the packet analysis scheme is proposed for the more precise detection.

• Journal of Communications and Networks
• /
• v.12 no.4
• /
• pp.375-381
• /
• 2010

A flooding attack, such as DoS or Worm, can be easily created or even downloaded from the Internet, thus, it is one of the main threats to servers on the Internet. This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The incremental mining approach makes the system suitable for detecting, and thus, responding to an attack in real-time. This system is evaluated by 47 flooding attacks, only one of which is missed, with no false positives occurring. The proposed online system belongs to anomaly detection, not misuse detection. Moreover, a mechanism for dynamic firewall updating is embedded in the proposed system for the function of eliminating suspicious connections when necessary.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.41-46
• /
• 2013

Routing protocol using in the existing wire network cannot be used as it is for efficient data transmission in MANET. Because it consists of only mobile nodes, network topology is changing dynamically. Therefore, each mobile node must perform router functions. Variety of routing attack like DoS in MANET is present owing to these characteristic. In this paper, we proposed cooperative-based detection method to improve detection performance of flooding attack which paralyzes network by consuming resource. Accurate attack detection is done as per calculated adaptively threshold value considered the amount of all network traffic and the number of nodes. All the mobile nodes used a table called NHT to perform collaborative detection and apply cluster structure to the center surveillance of traffic.