• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.7B
• /
• pp.592-600
• /
• 2008

In this paper, a Hybrid Scaling based DTW (HS-DTW) mechanism is proposed for detection of periodic shrew TCP attacks. A low-rate TCP attack which is a type of shrew DoS (Denial of Service) attacks, was reported recently, but it is difficult to detect the attack using previous flooding DoS detection mechanisms. A pattern matching method with DTW (Dynamic Time Warping) as a type of defense mechanisms was shown to be reasonable method of detecting and defending against a periodic low-rate TCP attack in an input traffic link. This method, however, has the problem that a legitimate link may be misidentified as an attack link, if the threshold of the DTW value is not reasonable. In order to effectively discriminate between attack traffic and legitimate traffic, the difference between their DTW values should be large as possible. To increase the difference, we analyze a critical problem with a previous algorithm and introduce a scaling method that increases the difference between DTW values. Four kinds of scaling methods are considered and the standard deviation of the sampling data is adopted. We can select an appropriate scaling scheme according to the standard deviation of an input signal. This is why the HS-DTW increases the difference between DTW values of legitimate and attack traffic. The result is that the determination of the threshold value for discrimination is easier and the probability of mistaking legitimate traffic for an attack is dramatically reduced.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.478-480
• /
• 2004

인터넷 기술의 발전과 더불어 서비스 거부 공격(DoS : Denial of Service) 방법과 유형이 날로 다양해지고 있다. DoS 공격은 사용자 시스템에 네트워크 트래픽의 과도한 부하를 주어 서비스를 마비시키거나 시스템을 다운시킨다. DoS공격은 빠른 시간 안에 시스템을 위협하는 특징 때문에, 빠른 대처가 필요하다. 이러한 점에 착안하여 본 논문에서는 DoS 공격상황에서의 위험상황을 모델링 한다. 제안된 모델링은 패킷분석에 기반 하여 의미 있는 요소들을 찾아내고, 수식화 해서 위험 탐지 모델을 정의한다. 제안된 모델링을 통해서 DoS공격을 효과적으로 대처할 수 있을 것으로 기대된다.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.660-663
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.146-149
• /
• 2008

The RFID system is very useful in various fields such as the distribution industry and the management of the material, etc. However, the RFID system suffers from various attacks since it does not have a complete authentication protocol. Therefore, this paper propose the authentication protocol that used key server to resist various attacks including DoS(Denial of Service) attack. For easy implementation, the proposed protocol also uses CRC, RN16 generation function existing in EPCglobal class 1 gen2 protocol. This paper performed security analysis to prove that the proposed protocol is resistant to various attacks. The analytical results showed that the proposed protocol offered a secure RFID system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.11B
• /
• pp.1297-1304
• /
• 2011

SIP(Session Initiation Protocol) has some security vulnerability because it works on the Internet. Therefore, the proxy server can be affected by the flooding attack such as DoS and service interruption. However, traditional schemes to corresponding Denial of Service attacks have some limitation. These schemes have high complexity and cannot protect to the variety of Denial of Service attack. In this paper, we newly define the normal user who makes a normal session observed by verifier module. Our method provides continuous service to the normal users in the various situations of Denial of Service attack as constructing a whitelist using normal user information. Various types of attack/normal traffic are modeled by using OPNET simulator to verify our scheme. The simulation results show that our proposed scheme can prevent DoS attack and achieve a low false rate and fast searching time.

• Journal of Multimedia Information System
• /
• v.7 no.2
• /
• pp.125-136
• /
• 2020

Nowadays, cloud computing is becoming more popular among companies. However, the characteristics of cloud computing such as a virtualized environment, constantly changing, possible to modify easily and multi-tenancy with a distributed nature, it is difficult to perform attack detection with traditional tools. This work proposes a solution which aims to collect traffic packets data by using Flume and filter them with Spark Streaming so it is possible to only consider suspicious data related to HTTP Slow Rate Denial-of-Service attacks and reduce the data that will be stored in Hadoop Distributed File System for analysis with the FP-Growth algorithm. With the proposed system, we also aim to address the difficulties in attack detection in cloud environment, facilitating the data collection, reducing detection time and enabling an almost real-time attack detection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.115-124
• /
• 2005

We propose a new binding update(BU) protocol between mobile node(CN) and correspondent node(CN) for the purpose of preventing redirect attacks and DoS attacks observed from the existing BU protocols and enhancing the efficiency of the BU protocol. Home agent plays a role of both authentication server validating BU message and session key distribution center for MN and CN. Also propose the stateless Diffie-Hellman key agreement based on cryptographically generated address (CGA). Suity of our proposed Protocol is analyzed and compared with other protocols. The proposed protocol is more efficient than previous schemes in terms of the number of message flows and computation overhead and is secure against both redirect and DoS attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.143-145
• /
• 2022

With the spread of the Internet around the world, devices connected to the Internet are gradually increasing. In addition, the number of distributed reflection service attacks (DrDoS), an attack that maliciously requests large responses by deceiving IPs as if the attacker was a victim, using vulnerabilities in application protocols such as DNS, NTP, and CLDAP, is increasing rapidly. It is believed that the security threat of distributed reflection service attacks will not disappear unless ISPs establish appropriate countermeasures to IP Spoofing. Therefore, this paper describes the security threat and response status of distributed reflection service attacks based on IP Spoofing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.3
• /
• pp.482-488
• /
• 2009

Mobile Ad-hoc Networks provide communication without a centralized infrastructure, which makes them suitable for communication in disaster areas or when quick deployment is needed. On the other hand, they are susceptible to malicious exploitation and have to face different challenges at different layers due to its open Ad-hoc network structure which lacks previous security measures. Denial of service (DoS) attack is one that interferes with the radio transmission channel causing a jamming attack. In this kind of attack, an attacker emits a signal that interrupts the energy of the packets causing many errors in the packet currently being transmitted. In harsh environments where there is constant traffic, a jamming attack causes serious problems; therefore measures to prevent these types of attacks are required. The objective of this paper is to carry out the simulation of the jamming attack on the nodes and determine the DoS attacks in OPNET so as to obtain better results. We have used effective anomaly detection system to detect the malicious behaviour of the jammer node and analyzed the results that deny channel access by jamming in the mobile Ad-hoc networks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.910-913
• /
• 2012

통신기술의 발달과 스마트 폰의 급격한 보급으로 인하여 모바일 환경은 음성 데이터 기반의 환경에서 인터넷 데이터 기반의 환경으로 급격히 변화되었다. 이로 인하여 음성 서비스 처리 위주의 음성 데이터 기반 모바일 환경은 대용량 동영상 서비스, 인터넷, 메신저 등의 유선 네트워크 환경과 같은 다양한 서비스가 요구되는 환경으로 변화되었다. 이러한 환경 변화로 인하여 모바일 네트워크는 무선 네트워크상의 취약점 뿐 만 아니라 유선환경의 네트워크 취약점을 동시에 지니는 환경으로 변화되었고, 이로 인한 다양한 새로운 취약점들이 부각되기 시작하였다. 본 논문에서는 이와 같이 새롭게 부각되고 있는 모바일 Packet Switched Core Network(PSCN) 환경에서 Service Provider(SP)의 Service Recover로 인해 유발되는 Paging Table Denial of Service(PT-DoS)를 효율적으로 제어하기 위한 Delay Access Control(DAC) 기반의 QoS를 이용한 방법을 설계/구현하였다. 그리고 실험을 통해, PT-DoS를 차단하여 PSCN 공격을 미연에 방지하는 효과를 확인하였다.