• 제목/요약/키워드: Traffic Flooding Attack

Search Result 39, Processing Time 0.027 seconds

Detection of Traffic Flooding Attack using SNMP (SNMP를 이용한 트래픽 폭주 공격 검출)

  • 김선영;박원주;유대성;서동일;오창석
    • The Journal of the Korea Contents Association
    • /
    • v.3 no.4
    • /
    • pp.48-54
    • /
    • 2003
  • Recently it frequently occur that remote host or network device breaks down because of various traffic flooding attacks. This kind of attack is classified an one of the most serious attacks of it can be used to a need of other hackings. This research is gathering system's informations for detecting a traffic flooding attack using the SNMP MIB. We analyze the traffic characteristic applying the critical value commonly used in analytical procedure of traffic flooding attacks. As a result or this analysis, traffic flooding attacks have a special character of its on. The proposed algorithm in this paper would be more available to a previous detecting method and a previous protecting method.

  • PDF

A Efficient Detection of Traffic Flooding Attack using SNMP (SNMP를 이용한 트래픽 폭주 공격의 효율적 탐지)

  • 이홍규;김근영;유대성;오창석
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2004.05a
    • /
    • pp.273-277
    • /
    • 2004
  • In this paper, We used thresholds $\varepsilon$, $\theta$ a to improve traffic flooding attack detection method using SNMP in opposition to frequent traffic flooding attack. accordingly, we can use system resources more efficient as execute traffic analysys by threshold.

  • PDF

DDoS Attack Detection using SNMPGET (SNMPGET을 이용한 DDoS 공격 탐지)

  • 박한상;유대성;오창석
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2004.05a
    • /
    • pp.278-282
    • /
    • 2004
  • Recently traffic flooding attack has happened faster and faster owing to expansion of the worm attack and development of the method of traffic flooding attack. The method in the past time is problematic in detecting the recent traffic flooding attacks, which are running quickly. Therefore, this paper aims to establish the algorithm which reduces the time of detection to traffic flooding attack in collecting and analyzing traffics.

  • PDF

Design of IPv6 Based Traffic Analysis Tool (IPv6 기반 트래픽 분석 도구 설계)

  • Lee Hong-Kyu;Oh Seung-Hee;Seo Dong-Il;Oh Chang-Suk;Kim Sun-Young
    • The Journal of the Korea Contents Association
    • /
    • v.5 no.2
    • /
    • pp.115-121
    • /
    • 2005
  • In the present internet environment, various traffic flooding attacks and worm attacks cause economical loss. If IPv4 is substituted by IPv6 because of the lack of IP address, it will be more serious. Therefore, we design and implement the traffic analysis tool which can detect attacks by expecting them encountered in the IPv6 environment. Proposed tool is composed of packet generation module, packet gathering module, discrimination module, and display module in X-windows. As a simulation result, it is proved that it can effectively detect DAD-NA message attack, TCP SYN flooding attack, UDP flooding attack and ICMP flooding attack in the IPv6 environment.

  • PDF

Utilizing OpenFlow and sFlow to Detect and Mitigate SYN Flooding Attack

  • Nugraha, Muhammad;Paramita, Isyana;Musa, Ardiansyah;Choi, Deokjai;Cho, Buseung
    • Journal of Korea Multimedia Society
    • /
    • v.17 no.8
    • /
    • pp.988-994
    • /
    • 2014
  • Software Defined Network (SDN) is a new technology in computer network area which enables user to centralize control plane. The security issue is important in computer network to protect system from attackers. SYN flooding attack is one of Distributed Denial of Service attack methods which are popular to degrade availability of targeted service on Internet. There are many methods to protect system from attackers, i.e. firewall and IDS. Even though firewall is designed to protect network system, but it cannot mitigate DDoS attack well because it is not designed to do so. To improve performance of DDOS mitigation we utilize another mechanism by using SDN technology such as OpenFlow and sFlow. The methodology of sFlow to detect attacker is by capturing and sum cumulative traffic from each agent to send to sFlow collector to analyze. When sFlow collector detect some traffics as attacker, OpenFlow controller will modify the rule in OpenFlow table to mitigate attacks by blocking attack traffic. Hence, by combining sum cumulative traffic use sFlow and blocking traffic use OpenFlow we can detect and mitigate SYN flooding attack quickly and cheaply.

Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System (SNMP 기반의 실시간 트래픽 폭주 공격 탐지 시스템 설계 및 구현)

  • Park, Jun-Sang;Kim, Sung-Yun;Park, Dai-Hee;Choi, Mi-Jung;Kim, Myung-Sup
    • The KIPS Transactions:PartC
    • /
    • v.16C no.1
    • /
    • pp.13-20
    • /
    • 2009
  • Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

A Simulation Analysis of Abnormal Traffic-Flooding Attack under the NGSS environment

  • Kim, Hwan-Kuk;Seo, Dong-Il
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2005.06a
    • /
    • pp.1568-1570
    • /
    • 2005
  • The internet is already a part of life. It is very convenient and people can do almost everything with internet that should be done in real life. Along with the increase of the number of internet user, various network attacks through the internet have been increased as well. Also, Large-scale network attacks are a cause great concern for the computer security communication. These network attack becomes biggest threat could be down utility of network availability. Most of the techniques to detect and analyze abnormal traffic are statistic technique using mathematical modeling. It is difficult accurately to analyze abnormal traffic attack using mathematical modeling, but network simulation technique is possible to analyze and simulate under various network simulation environment with attack scenarios. This paper performs modeling and simulation under virtual network environment including $NGSS^{1}$ system to analyze abnormal traffic-flooding attack.

  • PDF

Packet Analysis for Detecting Traffic Flooding Attack (트래픽 폭주 공격의 탐지를 위한 패킷 분석)

  • 원승영;구향옥;구경옥;오창석
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2003.11a
    • /
    • pp.109-112
    • /
    • 2003
  • A traffic flooding attack is an attack type that interfere with normal service by running out network bandwidth, process throughput, and system resource. It can be recognized intuitively by network slowdown, connect impossibility state and detected more exactly by collecting and analyzing packets that generate traffic flooding. In this paper, the packet analysis scheme is proposed for the more precise detection.

  • PDF

An Online Response System for Anomaly Traffic by Incremental Mining with Genetic Optimization

  • Su, Ming-Yang;Yeh, Sheng-Cheng
    • Journal of Communications and Networks
    • /
    • v.12 no.4
    • /
    • pp.375-381
    • /
    • 2010
  • A flooding attack, such as DoS or Worm, can be easily created or even downloaded from the Internet, thus, it is one of the main threats to servers on the Internet. This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The incremental mining approach makes the system suitable for detecting, and thus, responding to an attack in real-time. This system is evaluated by 47 flooding attacks, only one of which is missed, with no false positives occurring. The proposed online system belongs to anomaly detection, not misuse detection. Moreover, a mechanism for dynamic firewall updating is embedded in the proposed system for the function of eliminating suspicious connections when necessary.

A Study on Flooding Attack Detection and Response Technique in MANET (MANET에서 플러딩 공격 탐지 및 대응 기법에 관한 연구)

  • Yang, Hwan Seok;Yoo, Seung Jae
    • Convergence Security Journal
    • /
    • v.13 no.4
    • /
    • pp.41-46
    • /
    • 2013
  • Routing protocol using in the existing wire network cannot be used as it is for efficient data transmission in MANET. Because it consists of only mobile nodes, network topology is changing dynamically. Therefore, each mobile node must perform router functions. Variety of routing attack like DoS in MANET is present owing to these characteristic. In this paper, we proposed cooperative-based detection method to improve detection performance of flooding attack which paralyzes network by consuming resource. Accurate attack detection is done as per calculated adaptively threshold value considered the amount of all network traffic and the number of nodes. All the mobile nodes used a table called NHT to perform collaborative detection and apply cluster structure to the center surveillance of traffic.