• Title/Summary/Keyword: attack traffic modeling

Search Result 6, Processing Time 0.029 seconds

A Simulation Analysis of Abnormal Traffic-Flooding Attack under the NGSS environment

  • Kim, Hwan-Kuk;Seo, Dong-Il
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2005.06a
    • /
    • pp.1568-1570
    • /
    • 2005
  • The internet is already a part of life. It is very convenient and people can do almost everything with internet that should be done in real life. Along with the increase of the number of internet user, various network attacks through the internet have been increased as well. Also, Large-scale network attacks are a cause great concern for the computer security communication. These network attack becomes biggest threat could be down utility of network availability. Most of the techniques to detect and analyze abnormal traffic are statistic technique using mathematical modeling. It is difficult accurately to analyze abnormal traffic attack using mathematical modeling, but network simulation technique is possible to analyze and simulate under various network simulation environment with attack scenarios. This paper performs modeling and simulation under virtual network environment including $NGSS^{1}$ system to analyze abnormal traffic-flooding attack.

  • PDF

Detection of Network Attack Symptoms Based on the Traffic Measurement on Highspeed Internet Backbone Links (고속 인터넷 백본 링크상에서의 트래픽 측정에 의한 네트워크 공격 징후 탐지 방법)

  • Roh Byeong-hee
    • Journal of Internet Computing and Services
    • /
    • v.5 no.4
    • /
    • pp.23-33
    • /
    • 2004
  • In this paper, we propose a novel traffic measurement based detection of network attack symptoms on high speed Internet backbone links. In order to do so, we characterize the traffic patterns from the normal and the network attacks appeared on Internet backbone links, and we derive two efficient measures for representing the network attack symptoms at aggregate traffic level. The two measures are the power spectrum and the ratio of packet counts to traffic volume of the aggregate traffic. And, we propose a new methodology to detect networks attack symptoms by measuring those traffic measures. Experimental results show that the proposed scheme can detect the network attack symptoms very exactly and quickly. Unlike existing methods based on Individual packets or flows, since the proposed method is operated on the aggregate traffic level. the computational complexity can be significantly reduced and applicable to high speed Internet backbone links.

  • PDF

Fast Detection of Distributed Global Scale Network Attack Symptoms and Patterns in High-speed Backbone Networks

  • Kim, Sun-Ho;Roh, Byeong-Hee
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.2 no.3
    • /
    • pp.135-149
    • /
    • 2008
  • Traditional attack detection schemes based on packets or flows have very high computational complexity. And, network based anomaly detection schemes can reduce the complexity, but they have a limitation to figure out the pattern of the distributed global scale network attack. In this paper, we propose an efficient and fast method for detecting distributed global-scale network attack symptoms in high-speed backbone networks. The proposed method is implemented at the aggregate traffic level. So, our proposed scheme has much lower computational complexity, and is implemented in very high-speed backbone networks. In addition, the proposed method can detect attack patterns, such as attacks in which the target is a certain host or the backbone infrastructure itself, via collaboration of edge routers on the backbone network. The effectiveness of the proposed method are demonstrated via simulation.

A Fuzzy-based Network Intrusion Detection System Through sessionization (세션화 방식을 통한 퍼지기반 네트워크 침입탐지시스템)

  • Park, Ju-Gi;Choi, Eun-Bok
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.1 s.45
    • /
    • pp.127-135
    • /
    • 2007
  • As the Internet is used widely, criminal offense that use computer is increasing, and an information security technology to remove this crime is becoming competitive power of the country. In this paper, we suggest network-based intrusion detection system that use fuzzy expert system. This system can decide quick intrusion decision from attack pattern applying fuzzy rule through the packet classification method that is done similarity of protocol and fixed time interval. Proposed system uses fuzzy logic to detect attack from network traffic, and gets analysis result that is automated through fuzzy reasoning. In present network environment that must handle mass traffic, this system can reduce time and expense of security

  • PDF

Data Mining Approaches for DDoS Attack Detection (분산 서비스거부 공격 탐지를 위한 데이터 마이닝 기법)

  • Kim, Mi-Hui;Na, Hyun-Jung;Chae, Ki-Joon;Bang, Hyo-Chan;Na, Jung-Chan
    • Journal of KIISE:Information Networking
    • /
    • v.32 no.3
    • /
    • pp.279-290
    • /
    • 2005
  • Recently, as the serious damage caused by DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security mechanisms do not effectively defend against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. In this paper, we propose a detection architecture against DDoS attack using data mining technology that can classify the latest types of DDoS attack, and can detect the modification of existing attacks as well as the novel attacks. This architecture consists of a Misuse Detection Module modeling to classify the existing attacks, and an Anomaly Detection Module modeling to detect the novel attacks. And it utilizes the off-line generated models in order to detect the DDoS attack using the real-time traffic. We gathered the NetFlow data generated at an access router of our network in order to model the real network traffic and test it. The NetFlow provides the useful flow-based statistical information without tremendous preprocessing. Also, we mounted the well-known DDoS attack tools to gather the attack traffic. And then, our experimental results show that our approach can provide the outstanding performance against existing attacks, and provide the possibility of detection against the novel attack.

A study of Modeling and Simulation for Analyzing DDoS Attack Damage Scale and Defence Mechanism Expense (DDoS 공격 피해 규모 및 대응기법 비용분석을 위한 모델링 및 시뮬레이션 기술연구)

  • Kim, Ji-Yeon;Lee, Ju-Li;Park, Eun-Ji;Jang, Eun-Young;Kim, Hyung-Jong
    • Journal of the Korea Society for Simulation
    • /
    • v.18 no.4
    • /
    • pp.39-47
    • /
    • 2009
  • Recently, the threat of DDoS attacks is increasing and many companies are planned to deploy the DDoS defense solutions in their networks. The DDoS attack usually transmits heavy traffic data to networks or servers and they cannot handle the normal service requests because of running out of resources. Since it is very hard to prevent the DDoS attack beforehand, the strategic plan is very important. In this work, we have conducted modeling and simulation of the DDoS attack by changing the number of servers and estimated the duration that services are available. In this work, the modeling and simulation is conducted using OPNET Modeler. The simulation result can be used as a parameter of trade-off analysis of DDoS defense cost and the service's value. In addition, we have presented a way of estimating the cost effectiveness in deployment of the DDoS defense system.