• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권7호
• /
• pp.1831-1853
• /
• 2012

By sending periodically short bursts of traffic to reduce legit transmission control protocol (TCP) traffic, the low-rate denial of service (LDoS) attacks are hard to be detected and may endanger covertly a network for a long period. Traditionally, LDoS detecting methods mainly concentrate on the attack stream with feature matching, and only a limited number of attack patterns can be detected off-line with high cost. Recent researches divert focus from the attack stream to the traffic anomalies induced by LDoS attacks, which can detect more kinds of attacks with higher efficiency. However, the limited number of abnormal characteristics and the inadequacy of judgment rules may cause wrong decision in some particular situations. In this paper, we address the problem of detecting LDoS attacks and present a scheme based on the fluctuant features of legit TCP and acknowledgment (ACK) traffic. In the scheme, we define judgment criteria which used to identify LDoS attacks in real time at an optimal detection cost. We evaluate the performance of our strategy in real-world network topologies. Simulations results clearly demonstrate the superiority of the method proposed in detecting LDoS attacks.

• 한국IT서비스학회지
• /
• 제15권2호
• /
• pp.157-167
• /
• 2016

Task environment for enterprises and public institutions are moving into cyberspace-based environment and structing the LTE wireless network. The applications "App" operated in the LTE wireless network are mostly being developed with Android-based. But Android-based malwares are surging and they are the potential DDoS attacks. DDoS attack is a major information security threat and a means of cyber attacks. DDoS attacks are difficult to detect in advance and to defense effectively. To this end, a DMZ is set up in front of a network infrastructure and a particular server for defensive information security. Because There is the proliferation of mobile devices and apps, and the activation of android diversify DDoS attack methods. a DMZ is a limit to detect and to protect against DDoS attacks. This paper proposes an information security method to detect and Protect DDoS attacks from the terminal phase using a Preemptive military strategy concept. and then DDoS attack detection and protection app is implemented and proved its effectiveness by reducing web service request and memory usage. DDoS attack detection and protecting will ensure the efficiency of the mobile network resources. This method is necessary for a continuous usage of a wireless network environment for the national security and disaster control.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.1577-1580
• /
• 2005

With remarkable growth of using Internet, attempts to try intrusions on network are now increasing. Intrusion Detection System is a security system which detects and copes illegal intrusions. Especially with increasing dispersive attacks through network, concerns for this Distributed Intrusion Detection are also rising. The previous Intrusion Detection System has difficulty in coping cause it detects intrusions only on particular network and only same segment. About same attacks, system lacks capacity of combining information and related data. Also it lacks cooperations against intrusions. Systematic and general security controls can make it possible to detect intrusions and deal with intrusions and predict. This paper considers Distributed Intrusion Detection preventing attacks and suggests the way sending active packets between nodes safely and performing in corresponding active node certainly. This study suggested improved E-IDS system which prevents service attacks and also studied sending messages safely by encoding. Encoding decreases security attacks in active network. Also described effective ways of dealing intrusions when misuses happens thorough case study. Previous network nodes can't deal with hacking and misuses happened in the middle nodes at all, cause it just encodes ends. With above suggested ideas, problems caused by security services can be improved.

• International Journal of Computer Science & Network Security
• /
• 제22권4호
• /
• pp.374-386
• /
• 2022

Nowadays, research in deep learning leveraged automated computing and networking paradigm evidenced rapid contributions in terms of Software Defined Networking (SDN) and its diverse security applications while handling cybercrimes. SDN plays a vital role in sniffing information related to network usage in large-scale data centers that simultaneously support an improved algorithm design for automated detection of network intrusions. Despite its security protocols, SDN is considered contradictory towards DDoS attacks (Distributed Denial of Service). Several research studies developed machine learning-based network intrusion detection systems addressing detection and mitigation of DDoS attacks in SDN-based networks due to dynamic changes in various features and behavioral patterns. Addressing this problem, this research study focuses on effectively designing a multistage hybrid and intelligent deep learning classifier based on modified deep forest classification to detect DDoS attacks in SDN networks. Experimental results depict that the performance accuracy of the proposed classifier is improved when evaluated with standard parameters.

• 기술사
• /
• 제44권5호
• /
• pp.26-30
• /
• 2011

The hacking attacks as a DDoS attack on a telecommunications network has depleted the network resources. When hacking attack occurs a user can not access to the network and can not use the telecommunication services. Professional Engineers with expertise and experience in the field of Information and communication could play an important role to respond to the hacking attacks. Professional Engineers will build the information and communication network system for the hacking countermeasures.

• International Journal of Computer Science & Network Security
• /
• 제21권4호
• /
• pp.272-276
• /
• 2021

Presently, Online / Offline Users are facing cyber attacks every day. These cyber attacks affect user's performance, resources and various daily activities. Due to this critical situation, attention must be given to prevent such users through cyber attacks. The objective of this research paper is to improve the IDS systems by using machine learning approach to develop a hybrid model which controls the cyber attacks. This Hybrid model uses the available KDD 1999 intrusion detection dataset. In first step, Hybrid Model performs feature optimization by reducing the unimportant features of the dataset through decision tree, support vector machine, genetic algorithm, particle swarm optimization and principal component analysis techniques. In second step, Hybrid Model will find out the minimum number of features to point out accurate detection of cyber attacks. This hybrid model was developed by using machine learning algorithms like PSO, GA and ELM, which trained the system with available data to perform the predictions. The Hybrid Model had an accuracy of 99.94%, which states that it may be highly useful to prevent the users from cyber attacks.

• 디지털산업정보학회논문지
• /
• 제11권4호
• /
• pp.47-60
• /
• 2015

In this paper, we propose a simple and useful method using a port role to visualize the network attacks. The port role defines the behavior of the port from the source and destination port number of network session. Based on the port role, the port provides the brief security features of each node as an attacker, a victim, a server, and a normal host. We have automatically classified and identified the type of node based on the port role and security features. We detected and visualized the network attacks using these features of the node by the port role. In addition, we are intended to solve the problems with existing visualization technologies which are the reflection problem caused an undirected network session and the problem caused decreasing of distinct appearance when occurs a large amount of the sessions. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacker, victim, server, and hosts. In addition, by providing a categorized analysis of network attacks, this method can more precisely detect and distinguish them from normal sessions.

• 한국정보통신학회논문지
• /
• 제26권9호
• /
• pp.1374-1381
• /
• 2022

네트워크 공격 대응에 관한 보안기술의 기존 연구들은 하드웨어적 네트워크 보안 기술을 이용하여 네트워크의 보안성을 높이는 방법이나 바이러스 방역 백신과 바이러스 방역 시스템이 주로 제안 설계되어왔다. 많은 사용자는 라우터의 보안 기능을 충분히 활용하지 못하고 있어 이러한 문제점을 극복하기 위해 네트워크 보안 수준에 따라 분리함으로써 계층화된 보안 관리를 통하여 외부에서의 공격을 차단할 수 있음을 계층별 실험을 통해 분류하였다. 연구의 범위는 Edge 라우터의 보안기술 동향을 살펴봄으로 Edge 라우터 기반의 네트워크 공격에 관한 위협으로부터 보호하는 방법과 구현 사례를 제시한다.

• 정보처리학회논문지C
• /
• 제11C권4호
• /
• pp.455-462
• /
• 2004

네트워크 공격은 인터넷의 발달과 함께 유형도 다양하고 새로워지고 있다. 기존의 침입탐지 시스템들은 알려진 공격의 시그네처를 기반으로 탐지하기 때문에 알려지지 않거나 변형된 공격을 탐지하고, 대응하기 위해서는 많은 노력과 비용이 필요하다. 본 논문에서는 네트워크 프로토콜 속성 분석을 통해 알려지지 않거나 변형된 네트워크 공격을 예측할 수 있는 마이닝 프로토타입 시스템을 설계 하고 구현 하였다. 네트워크 프로토콜 속성을 분석하기 위해서 연관규칙과 빈발에피소드 기법을 사용하였으며, 수집된 네트워크 프로토콜은 TCP, UDP, ICMP와 통합된 형태의 스키마로 저장한다. 본 실험을 통해서 각 프로토콜별로 발생 가능한 네트워크 공격 유형을 예측할 수 있는 규칙들을 생성한다. 마이닝 프로토타입은 침입탐지 시스템에서 새로운 공격에 대응하기 위한 보조적인 .도구로서 유용하게 사용될 수 있다.

• International Journal of Computer Science & Network Security
• /
• 제21권6호
• /
• pp.294-303
• /
• 2021

VANET is an upcoming technology with an encouraging prospect as well as great challenges, specifically in its security. This paper intends to survey such probable attacks and the correlating detection mechanisms that are introduced in the literature. Accordingly, administering security and protecting the owner's privacy has become a primary argument in VANETs. To furnish stronger security and preserve privacy, one should recognize the various probable attacks on the network and the essence of their behavior. This paper presents a comprehensive survey on diversified attacks and the recommended unfolding by the various researchers which concentrate on security services and the corresponding countermeasures to make VANET communications more secure.