• 한국멀티미디어학회논문지
• /
• 제16권6호
• /
• pp.678-688
• /
• 2013

단일 공격과 달리 DDoS 공격들은 네트워크에 분산된 봇넷이 동시에 타겟 서버에 공격을 개시한다. 이 경우 타겟 서버에서는 정상적인 사용자의 편의를 고려해야 하기 때문에 DDoS로 간주되는 패킷에 대하여 접속거부 조치를 취하기 어려운 점이 있다. 이를 고려하여 본 논문에서는 사용자 네트워크단위로 DDoS 공격을 탐지하고 네트워크 관리자가 조치를 취할 수 있도록 하여 전체적으로 봇넷의 규모를 줄여서 타겟 서버의 부담을 줄일 수 있는 DDoS 봇넷 탐지 시스템을 구현 하였다. 본 논문에서 제안한 DDoS 봇넷 탐지 시스템은 공격 트래픽의 시간 단위 흐름을 분석하고 수집한 이상상태에 대한 데이터베이스를 바탕으로 공격을 탐지 하도록 프로그램을 구현하였다. 그리고 패킷들의 평균개수와 표준편차를 이용하여 현재 트래픽의 임계치(Threshold)를 계산하고 이 임계치를 이용하여 DDoS 공격 여부를 판단하였다. 공격의 대상이 되는 서버를 중심으로 이루어졌던 봇넷 탐지 단위를 DDoS 봇에 감지된 공격 모듈이 속한 네트워크 단위 탐지로 전환함으로써 DDoS 공격에 대한 적극적인 방어의 개념을 고려해 볼 수 있었다. 따라서 DDoS와 DoS 공격의 차이점이라 할 수 있는 대규모 트래픽 흐름을 사전에 네트워크 관리자가 차단함으로써 봇넷의 규모를 축소시킬 수 있다. 또한, 라우터 장비 이하의 네트워크 통신에서 트래픽 공격을 사전에 차단할 수 있다면 타겟 서버의 부담뿐만 아니라 WAN 통신에서 라우터의 네트워크 부하를 상당부분 감소시킬 수 있는 효과를 얻을 수 있을 것으로 기대한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권11호
• /
• pp.5354-5369
• /
• 2019

Sensor networks are deployed in unheeded environment to monitor the situation. In view of the unheeded environment and by the nature of their communication channel sensor nodes are vulnerable to various attacks most commonly malicious packet dropping attacks namely blackhole, grayhole attack and sinkhole attack. In each of these attacks, the attackers capture the sensor nodes to inject fake details, to deceive other sensor nodes and to interrupt the network traffic by packet dropping. In all such attacks, the compromised node advertises itself with fake routing facts to draw its neighbor traffic and to plunge the data packets. False routing advertisement play vital role in deceiving genuine node in network. In this paper, behavior based routing misbehavior detection (BRMD) is designed in wireless sensor networks to detect false advertiser node in the network. Herein the sensor nodes are monitored by its neighbor. The node which attracts more neighbor traffic by fake routing advertisement and involves the malicious activities such as packet dropping, selective packet dropping and tampering data are detected by its various behaviors and isolated from the network. To estimate the effectiveness of the proposed technique, Network Simulator 2.34 is used. In addition packet delivery ratio, throughput and end-to-end delay of BRMD are compared with other existing routing protocols and as a consequence it is shown that BRMD performs better. The outcome also demonstrates that BRMD yields lesser false positive (less than 6%) and false negative (less than 4%) encountered in various attack detection.

• 한국정보처리학회논문지
• /
• 제6권7호
• /
• pp.1858-1866
• /
• 1999

네트워크 기반에서 시도되는 최근 공격 유형들은 시스템과 네트워크의 정상적인 동작을 방해하는 간접적 형태의 공격들이 점차 증가 추세를 이루고 있다. 본 논문에서는 네트워크 패킷을 기반으로 시도되는 여러 유형의 간접 공격들 중 네트워크 계층에서 이루어지는 서비스 거부 공격에 대한 분석과 공격 특징에 따른 유형들을 분류하고 이를 탐지할 수 있는 방법들을 제시하였다. 또한 단일 알고리즘으로부터 다양한 유형의 공격들을 탐지 할 수 있는 기능과 추가적인 탐지 기능의 확장성 등을 제공할 수 있는 효율적인 통합 서비스 거부 공격 탐지 알고리즘을 설계하였다.

• 한국컴퓨터정보학회논문지
• /
• 제22권4호
• /
• pp.75-82
• /
• 2017

While the internet has evolved in terms of information sharing and efficiency, it is still prone to security attacks and remains vulnerable even when equipped with a security mechanism. Repeated patching against hacks involves excessive wear of system equipment and high costs. Methods of improving network security include the introduction of security equipment and network partitions, but they have not been fully effective. A fundamental solution is the Operation Content Network (OCN), which enables the strengthening of authentication. In this paper, Instead of following the existing TCP/IP system, OCN establishes an immunity-based security system through content-centric communications. Data transmission occurs over a Content Centric Network (CCN), which is provided with a protocol verified by the CCNx group. Areas protected by OCN rely only on CCN for communication without using any IP. As such, it defends the system against unknown attacks, including zero-day attacks.

• Journal of Information Processing Systems
• /
• 제11권1호
• /
• pp.104-115
• /
• 2015

Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2016년도 추계학술발표대회
• /
• pp.234-237
• /
• 2016

Address Resolution Protocol (ARP) is used for mapping a network address to physical address in many network technologies. However, since ARP protocol has no security feature, it always abused by attackers for performing ARP-based attacks. Researchers presented many technologies to improve ARP protocol, but most of them require a high implementation cost or scarify the network performance for using ARP protocol securely. In this paper, we present an ARP-disabled network system to neutralize the ARP-based attacks. "ARP-disabled" means suppress the ARP messages like request, response and broadcast messages, but not the ARP table. In our system, ARP tables are used for managing static ARP entries without prior knowledge (e.g. IP, MAC list of client devices). This is possible because the MAC address was designed to be derived from IP address. In general, our system is safe from the ARP-based attacks even the attacker has a strong power. Moreover, we saved network bandwidth by disabling the ARP messages.

• International Journal of Computer Science & Network Security
• /
• 제21권6호
• /
• pp.77-88
• /
• 2021

Heart Failure represents a critical pathological case that is challenging to predict and discover at an early age, with a notable increase in morbidity and mortality. Machine Learning and Neural Network techniques play a crucial role in predicting heart attacks, diseases and more. These techniques give valuable perspectives for clinicians who may then adjust their diagnosis for each individual patient. This paper evaluated neural network models for heart attacks predictions. Several online learning methods were investigated to automatically and accurately predict heart attacks. The UCI dataset was used in this work to train and evaluate First Order and Second Order Online Learning methods; namely Backpropagation, Delta bar Delta, Levenberg Marquardt and QuickProp learning methods. An optimizer technique was also used to minimize the random noise in the database. A regularization concept was employed to further improve the generalization of the model. Results show that a three layers' NN model with a Backpropagation algorithm and Nadam optimizer achieved a promising accuracy for the heart attach prediction tasks.

• 디지털산업정보학회논문지
• /
• 제10권2호
• /
• pp.75-82
• /
• 2014

MANET has various types of attacks. In particular, routing attacks using characteristics of movement of nodes and wireless communication is the most threatening because all nodes which configure network perform a function of router which forwards packets. Therefore, mechanisms that detect routing attacks and defense must be applied. In this paper, we proposed hierarchical structure attack detection techniques in order to improve the detection ability against routing attacks. Black hole detection is performed using PIT for monitoring about control packets within cluster and packet information management on the cluster head. Flooding attack prevention is performed using cooperation-based distributed detection technique by member nodes. For this, member node uses NTT for information management of neighbor nodes and threshold whether attack or not receives from cluster head. The performance of attack detection could be further improved by calculating at regular intervals threshold considering the total traffic within cluster in the cluster head.

• 인터넷정보학회논문지
• /
• 제10권3호
• /
• pp.51-60
• /
• 2009

본 논문은 다양한 공격들(헬로우 플러딩공격, 위치배치공격, 웜홀 공격, 싱크홀 공격, 중간포획공격)로부터 안전한 방어를 보장해야 하는 무선센서네트워크상에서 확률적 키 사전분배를 위한 신뢰성있는 2-모드 인증 프레임워크를 제안한다. 신뢰하는 이웃 노드의 ID를 저장하는 본 기법은 클러스터 헤드에서의 의존성을 감소시키며, 그 결과로 인증처리를 위한 단대단 전송을 제공할 뿐 아니라 소모되는 전력 에너지도 절약한다.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2013년도 춘계학술대회
• /
• pp.234-237
• /
• 2013

전 세계적인 국가기관 및 기업들은 지능적이고 지속적이며 공격을 통하여 심각한 손해를 입고 있다. 그중 3월 20일 한국에서 발생한 전산대란을 통해 심각한 문제로 떠오르고 있어 앞으로의 대책이 시급한 상황에 놓여 있다. 이에 본 논문에서는 과거 APT공격과 최근 2년간 발생한 APT공격 사례를 살펴본다. 특히 한국에서 발생한 전산 대란을 초점으로 앞으로 발생할 수 있는 APT공격의 대응전략에 대하여 살펴본다.