• Journal of information and communication convergence engineering
• /
• 제7권2호
• /
• pp.157-163
• /
• 2009

With the wide usage of internet in many fields, networks are being exposed to many security threats, such as DDoS attack and worm/virus. For enterprise network, prevention failure of network security causes the revealing of commercial information or interruption of network services. In this paper, we propose a method of prevention of DDoS attacks for enterprise network based on traceback and network traffic analysis. The model of traceback implements the detection of IP spoofing attacks by the cooperation of trusted adjacent host, and the method of network traffic analysis implements the detection of DDoS attacks by analyzing the traffic characteristic. Moreover, we present the result of the experiments, and compare the method with other methods. The result demonstrates that the method can effectively detect and block DDoS attacks and IP spoofing attacks.

• International Journal of Computer Science & Network Security
• /
• 제21권7호
• /
• pp.159-168
• /
• 2021

Detecting cyber-attacks using machine learning or deep learning is being studied and applied widely in network intrusion detection systems. We noticed that the application of deep learning algorithms yielded many good results. However, because each deep learning model has different architecture and characteristics with certain advantages and disadvantages, so those deep learning models are only suitable for specific datasets or features. In this paper, in order to optimize the process of detecting cyber-attacks, we propose the idea of building a new deep learning network model based on the association and combination of individual deep learning models. In particular, based on the architecture of 2 deep learning models: Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM), we combine them into a combined deep learning network for detecting cyber-attacks based on network traffic. The experimental results in Section IV.D have demonstrated that our proposal using the CNN-LSTM deep learning model for detecting cyber-attacks based on network traffic is completely correct because the results of this model are much better than some individual deep learning models on all measures.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2174-2177
• /
• 2003

Internet is exposed to network attacks as Internet has a security weakness. Network attacks which are virus, system intrusion, and deny of service, put Internet in the risk of hacking, so the damage of public organization and banking facilities are more increased. So, it is necessary that the security technologies about intrusion detection and controlling attacks minimize the damage of hacking. Router is the network device of managing traffic between Internets or Intranets. The damage of router attack causes the problem of the entire network. The security technology about router is necessary to defend Internet against network attacks. Router has the need of access control and security skills that prevent from illegal attacks. We developed integrated security management framework for secure networking and kernel-level security engine that filters the network packets, detects the network intrusion, and reports the network intrusion. The security engine on the router protects router or gateway from the network attacks and provides secure networking environments. It manages the network with security policy and handles the network attacks dynamically.

• 정보처리학회논문지C
• /
• 제8C권5호
• /
• pp.543-550
• /
• 2001

본 논문에서는 네트워크 취약점 검색공격에 대한 기존의 탐지알고리즘들이 갖는 문제점을 분석하고 대규모 네트워크에서의 종합적인 탐지 및 대응을 지원하는 개선된 탐지시스템을 제안한다. 가상 공격에 의한 모의 실험을 통하여 제안된 시스템은 소수의 취약점 포트 위주의 공격과 협동공격, 느린 스캔 및 느린 협동공격을 정확히 탐지할 뿐 아니라 에이전트와 서버사이의 유기적인 연동을 통해 보다 종합적이고 계층적으로 공격에 대응함을 검증하였다

• 전기전자학회논문지
• /
• 제23권2호
• /
• pp.413-418
• /
• 2019

기존의 센서 네트워크 상의 공격에는 Sniffing(도청) 공격, Flood 공격, Spoofing(위조)공격 등이 있고, 이에 대한 기본적인 대응 방법에는 암호화 및 인증 방법, 스위칭 방법 등이 있다. 무선 센서 네트워크(WSN)에서 네트워크 계층에서의 공격에는 Wormhole 공격, HELLO Flood 공격, Sybil 공격, 싱크홀 공격, 선택적 전달 공격 등이 있다. 이러한 공격들은 앞서 말한 기본적인 대응방안으로 방어 되지 않는 경우가 있다. 이러한 공격들에 대한 새로운 대응방안에는 정기적인 키 변경, 정기적인 네트워크 모니터링 등의 여러 가지 방안들이 있다. 본 논문에서는 무선 센서 네트워크의 네트워크 계층의 여러 가지 위협(공격)들과 그에 따른 새로운 대응방안들에 대해 제시한다.

• Journal of Information Processing Systems
• /
• 제14권1호
• /
• pp.56-78
• /
• 2018

Security issue in mobile ad hoc network (MANET) is a promising research. In 2011, we had accomplished a survey of black hole attacks in MANETs. However network technology is changing with each passing day, a vast number of novel schemes and papers have been proposed and published in recent years. In this paper, we survey the literature on malicious attacks in MANETs published during past 5 years, especially the black hole attack. Black hole attacks are classified into non-cooperative and collaborative black hole attacks. Except black hole attacks, other attacks in MANET are also studied, e.g., wormhole and flooding attacks. In addition, we conceive the open issues and future trends of black hole detection and prevention in MANETs based on the survey results of this paper. We summarize these detection schemes with three systematic comparison tables of non-cooperative black hole, collaborative black hole and other attacks, respectively, for a comprehensive survey of attacks in MANETs.

• 인터넷정보학회논문지
• /
• 제7권5호
• /
• pp.59-69
• /
• 2006

일반적으로 네트워크 공격은 단위 공격이 혼합된 시나리오 형태이다. 시나리오 공격은 광범위한 네트워크 환경에서 이루어지기 때문에 공격 범위가 분명하지 않아 공격과 관련 없어 보이는 불분명한 패킷들까지 분석이 요구된다. 이는 공격에 무관한 패킷들까지 분석에 가담시켜 공격 패턴 탐지를 보다 어렵게 하는 요인이다. 본 논문은 시나리오를 갖는 공격에서 공격에 관련된 패킷 분류를 돕는 공격 시나리오 시뮬레이션 시스템을 설계하고 구현한다. 제안된 시스템은 분석대상 네트워크를 시뮬레이터의 가상환경으로 복제하고, 시나리오에 기반을 둔 공격 행위가 포함된 TCPDUMP패킷을 복제된 가상환경에서 시뮬레이션 할 수 있다. 이 시스템은 보안 관리자들이 공격 시나리오 패턴분석에 유용하게 활용할 수 있을 것이다.

• International Journal of Computer Science & Network Security
• /
• 제24권6호
• /
• pp.23-32
• /
• 2024

Mobile Ad hoc Network is a network of multiple wireless nodes which communicate and exchange information together without any fixed and centralized infrastructure. The core objective for the development of MANET is to provide movability, portability and extensibility. Due to infrastructure less network topology of the network changes frequently this causes many challenges for designing routing algorithms. Many routing protocols for MANET have been suggested for last few years and research is still going on. In this paper we review three main routing protocols namely Proactive, Reactive and Hybrid, performance comparison of Proactive such as DSDV, Reactive as AODV, DSR, TORA and Hybrid as ZRP in different network scenarios including dynamic network size, changing number of nodes, changing movability of nodes, in high movability and denser network and low movability and low traffic. This paper analyzes these scenarios on the performance evaluation metrics e.g. Throughput, Packet Delivery Ratio (PDR), Normalized Routing Load(NRL) and End To-End delay(ETE).This paper also reviews various network layer security attacks challenge by routing protocols, detection mechanism proposes to detect these attacks and compare performance of these attacks on evaluation metrics such as Routing Overhead, Transmission Delay and packet drop rates.

• 한국산업정보학회:학술대회논문집
• /
• 한국산업정보학회 2001년도 춘계학술대회논문집:21세기 신지식정보의 창출
• /
• pp.261-267
• /
• 2001

In this paper, we have illustrated implementations and there results of network attacks and detections. We consider two attacks, smurf attach and network mapping attack, which are one of the typical intrusions using the ICMP The NFR/sup TM/ is used to capture all of our interesting packets within the network traffic. We implement the smurf and network mapping attacks with the UNIX raw socket, and build the NFR's backend for it's detection. The N-Code programming is used to build the backend. The implementing results show the possibility of preventing illegal intruding to network systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권11호
• /
• pp.3163-3181
• /
• 2023

Eavesdropping attacks have seriously threatened network security. Attackers could eavesdrop on target nodes and link to steal confidential data. In the traditional network architecture, the static routing path and the important nodes determined by the nature of network topology provide a great convenience for eavesdropping attacks. To resist monitoring attacks, this paper proposes a random routing mutation defense method based on dynamic path weight (DPW-RRM). It utilizes network centrality indicators to determine important nodes in the network topology and reduces the probability of important nodes in path selection, thereby distributing traffic to multiple communication paths, achieving the purpose of increasing the difficulty and cost of eavesdropping attacks. In addition, it dynamically adjusts the weight of the routing path through network state constraints to avoid link congestion and improve the availability of routing mutation. Experimental data shows that DPW-RRM could not only guarantee the normal algorithmic overhead, communication delay, and CPU load of the network, but also effectively resist eavesdropping attacks.