• Convergence Security Journal
• /
• 제16권4호
• /
• pp.17-24
• /
• 2016

Many companies and organizations are building a mobile office environment using the LTE network, the national disaster network and Air Force LTE network are built for public safety and national defense. However the recent threats on information security have been evolving from information leakage to DDoS attacks to neutralize the service. Especially, the type of device such as Smart phones, smart pad, tablet PC, and the numbers are growing exponentially and As performance of mobile device and speed of line develop rapidly, DDoS attacks in the mobile environment is becoming a threat. So far, universal countermeasure to DDoS attacks has been interception the network and server step, Yet problem regarding DDoS attack traffic on mobile network and expenditure of network resources still remains. Therefore, this paper analyzes the traffic type distributed in the private mobile network such as the National Disaster Network, and Air Force LTE network in order to preemptively detect DDoS attacks on terminal step. However, as direct analysis on traffic distributed in the National Disaster Network, and Air Force LTE network is restricted, transmission traffics in Minecraft and uploading video file upload which exhibit similar traffic information are analyzed in time series, thereby verifing its effectiveness through establishment of DDoS attacks standard in mobile network and application that detects and protects DDoS attacks

• International Journal of Computer Science & Network Security
• /
• 제22권6호
• /
• pp.288-296
• /
• 2022

Side-channel attacks are a quiet mighty type of attack that targets specific physical implementations vulnerabilities. Even though several researchers have examined diverse means and methods of detecting side-channel attacks, at the present time a systematic review of these approaches does not exist. The purposes of this paper are to give an extensive analysis of literature on side-channel attack detection and offer intuitiveness from past research studies. In this study, a literature survey is conducted on articles related to side-channel attack detection between 2020 and 2022 from ACM and IEEE digital libraries. From the 10 publications included in the study, it appears they target either a single type of side-channel attacks or multiple types of side-channel attacks. Therefore, a vital review of each of the two categories is provided, as well as possible prospective research in this field of study.

• Journal of Convergence Society for SMB
• /
• 제4권4호
• /
• pp.1-6
• /
• 2014

A wireless sensor network is being actively researched around the world that are connected to the mesh are a plurality of sensor nodes in a wireless manner that span different regions of the techniques. However, wireless communications use the limitation of resources, so it is very weak due to the properties of the network itself secure in comparison to the normal network. Wireless sensor network is divided into tapped-based attacks, forgery based attacks, denial of service attacks based largely by securities laws must defend against various attacks such as insertion of the wrong information being sent eavesdropping or modification of information, which is usually sensor network applications need to do. The countermeasure of sensor network attack is described in this research, and it will contribute to establish a secure sensor network communication.

• International Journal of Computer Science & Network Security
• /
• 제21권7호
• /
• pp.56-62
• /
• 2021

The surge in generic attacks execution against cipher text on the computer network has led to the continuous advancement of the mechanisms to protect information integrity and confidentiality. The implementation of explicit decision tree machine learning algorithm is reported to accurately classifier generic attacks better than some multi-classification algorithms as the multi-classification method suffers from detection oversight. However, there is a need to improve the accuracy and reduce the false alarm rate. Therefore, this study aims to improve generic attack classification by implementing two hybridized decision tree algorithms namely Naïve Bayes Decision tree (NBTree) and Logistic Model tree (LMT). The proposed hybridized methods were developed using the 10-fold cross-validation technique to avoid overfitting. The generic attack detector produced a 99.8% accuracy, an FPR score of 0.002 and an MCC score of 0.995. The performances of the proposed methods were better than the existing decision tree method. Similarly, the proposed method outperformed multi-classification methods for detecting generic attacks. Hence, it is recommended to implement hybridized decision tree method for detecting generic attacks on a computer network.

• The KIPS Transactions:PartC
• /
• 제13C권4호
• /
• pp.405-414
• /
• 2006

We present a symptom based taxonomy for network security. This taxonomy classifies attacks in the network using early symptoms of the attacks. Since we use the symptom it is relatively easy to access the information to classify the attack. Furthermore we are able to classify the unknown attack because the symptoms of unknown attacks are correlated with the one of known attacks. The taxonomy classifies the attack in two stages. In the first stage, the taxonomy identifies the attack in a single connection and then, combines the single connections into the aggregated connections to check if the attacks among single connections may create the distribute attack over the aggregated connections. Hence, it is possible to attain the high accuracy in identifying such complex attacks as DDoS, Worm and Bot We demonstrate the classification of the three major attacks in Internet using the proposed taxonomy.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 한국해양정보통신학회 2005년도 춘계종합학술대회
• /
• pp.848-851
• /
• 2005

The BcN is applying from public networks to local networks and each terminal step by step until 2007. By IPv6 network introduction, IP address lack problem can be solved. However, the threats that network attacks of another method can be caused with new problem of network security in IPv6 networks. In this paper, we suggest the traffic analysis tool which analyze IPv6 traffic efficiently to detect/response network attack in IPv6 environment. The implemented IPv6 traffic analysis tool uses IPv6 header to analyze traffic and detect network attacks. Also, we also propose detection algorithm to detect network attacks in IPv6 networks.

• Smart Media Journal
• /
• 제12권2호
• /
• pp.66-75
• /
• 2023

Recently, the number of cloud web applications is increasing owing to the accelerated migration of enterprises and public sector information systems to the cloud. Traditional network attacks on cloud web applications are characterized by Denial of Service (DoS) attacks, which consume network resources with a large number of packets. However, HTTP DoS attacks, which consume application resources, are also increasing recently; as such, developing security technologies to prevent them is necessary. In particular, since low-bandwidth HTTP DoS attacks do not consume network resources, they are difficult to identify using traditional security solutions that monitor network metrics. In this paper, we propose a new detection model for detecting HTTP DoS attacks on cloud web applications by collecting the application metrics of web servers and learning them using machine learning. We collected 18 types of application metrics from an Apache web server and used five machine learning and two deep learning models to train the collected data. Further, we confirmed the superiority of the application metrics-based machine learning model by collecting and training 6 additional network metrics and comparing their performance with the proposed models. Among HTTP DoS attacks, we injected the RUDY and HULK attacks, which are low- and high-bandwidth attacks, respectively. As a result of detecting these two attacks using the proposed model, we found out that the F1 scores of the application metrics-based machine learning model were about 0.3 and 0.1 higher than that of the network metrics-based model, respectively.

• Journal of Information Processing Systems
• /
• 제7권1호
• /
• pp.137-150
• /
• 2011

Mobile ad hoc networks are expected to be widely used in the near future. However, they are susceptible to various security threats because of their inherent characteristics. Malicious flooding attacks are one of the fatal attacks on mobile ad hoc networks. These attacks can severely clog an entire network, as a result of clogging the victim node. If collaborative multiple attacks are conducted, it becomes more difficult to prevent. To defend against these attacks, we propose a novel defense mechanism in mobile ad hoc networks. The proposed scheme enhances the amount of legitimate packet processing at each node. The simulation results show that the proposed scheme also improves the end-to-end packet delivery ratio.

• Journal of information and communication convergence engineering
• /
• 제12권3호
• /
• pp.154-160
• /
• 2014

The address resolution protocol (ARP) provides dynamic mapping between two different forms of addresses: the 32-bit Internet protocol (IP) address of the network layer and the 48-bit medium access control (MAC) address of the data link layer. A host computer finds the MAC address of the default gateway or the other hosts on the same subnet by using ARP and can then send IP packets. However, ARP can be used for network attacks, which are one of the most prevalent types of network attacks today. In this study, a new ARP algorithm that can prevent IP spoofing attacks is proposed. The proposed ARP algorithm is a broadcast ARP reply and an ARP notification. The broadcast ARP reply was used for checking whether the ARP information was forged. The broadcast ARP notification was used for preventing a normal host's ARP table from being poisoned. The proposed algorithm is backward compatible with the current ARP protocol and dynamically prevents any ARP spoofing attacks. In this study, the proposed ARP algorithm was implemented on the Linux operating system; here, we present the test results with respect to the prevention of ARP spoofing attacks.

• Journal of Communications and Networks
• /
• 제18권6호
• /
• pp.948-961
• /
• 2016

Internet protocol (IP) spoofing is a serious problem on the Internet. It is an attractive technique for adversaries who wish to amplify their network attacks and retain anonymity. Many approaches have been proposed to prevent IP spoofing attacks; however, they do not address a significant deployment issue, i.e., filtering inefficiency caused by a lack of deployment incentives for adopters. To defeat attacks effectively, one mechanism must be widely deployed on the network; however, the majority of the anti-spoofing mechanisms are unsuitable to solve the deployment issue by themselves. Each mechanism can work separately; however, their defensive power is considerably weak when insufficiently deployed. If we coordinate partially deployed mechanisms such that they work together, they demonstrate considerably superior performance by creating a synergy effect that overcomes their limited deployment. Therefore, we propose a universal anti-spoofing (UAS) mechanism that incorporates existing mechanisms to thwart IP spoofing attacks. In the proposed mechanism, intermediate routers utilize any existing anti-spoofing mechanism that can ascertain if a packet is spoofed and records this decision in the packet header. The edge routers of a victim network can estimate the forgery of a packet based on this information sent by the upstream routers. The results of experiments conducted with real Internet topologies indicate that UAS reduces false alarms up to 84.5% compared to the case where each mechanism operates individually.