• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.172-181
• /
• 2005

The latest attack type against network traffic appeared by worm and bot that are advanced in DDoS. It is difficult to detect them because they are diversified, intelligent, concealed and automated. The exisiting traffic analysis method using SNMP has a vulnerable problem; it considers normal P2P and other application program to be harmful traffic. It also has limitation that does not analyze advanced programs such as worm and bot to harmful traffic. Therefore, we analyzed harmful traffic out Protocol and Port analysis. We also classified traffic by protocol, well-known port, P2P port, existing attack port, and specification port, apply singularity weight to detect, and analyze attack availability. As a result of simulation, it is proved that it can effectively detect P2P application, worm, bot, and DDoS attack.

• Journal of Communications and Networks
• /
• v.12 no.4
• /
• pp.375-381
• /
• 2010

A flooding attack, such as DoS or Worm, can be easily created or even downloaded from the Internet, thus, it is one of the main threats to servers on the Internet. This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The incremental mining approach makes the system suitable for detecting, and thus, responding to an attack in real-time. This system is evaluated by 47 flooding attacks, only one of which is missed, with no false positives occurring. The proposed online system belongs to anomaly detection, not misuse detection. Moreover, a mechanism for dynamic firewall updating is embedded in the proposed system for the function of eliminating suspicious connections when necessary.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.93-103
• /
• 2006

Network solutions for protecting against worm attacks that complement partial end system patch deployment is a pressing problem. In the content-based worm filtering, the challenges focus on the detection accuracy and its performance enhancement problem. We present a worm filter architecture using the bloom filter for deployment at high-speed transit points on the Internet, including firewalls and gateways. Content-based packet filtering at multi-gigabit line rates, in general, is a challenging problem due to the signature explosion problem that curtails performance. We show that for worm malware, in particular, buffer overflow worms which comprise a large segment of recent outbreaks, scalable -- accurate, cut-through, and extensible -- filtering performance is feasible. We demonstrate the efficacy of the design by implementing it on an Intel IXP network processor platform with gigabit interfaces. We benchmark the worm filter network appliance on a suite of current/past worms, showing multi-gigabit line speed filtering prowess with minimal footprint on end-to-end network performance.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.05a
• /
• pp.385-387
• /
• 2006

The rapidly development of computing environments and the spread of Internet make possible to obtain and use of information easily. The IPv6 environment combined the home network and All-IP Network with has arrived, the damages cased by the attacks from the worm attacks and the various virus has been increased. the In this paper, intrusion detection method using Attack Detection Algorithm Using Bayesian Techniques on the IPv6 Environment.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.05a
• /
• pp.83-86
• /
• 2005

Recently, demage of denial of service attack and worm attack has grown larger and larger every year. But Research of harmful traffic detection is not sufficient when the IPv4 environment is replaced with the IPv6 environment in near future. The purpose of this paper is attact detection which has been detected harmful traffic monitoring on the IPv6 using the Internet management protocol SNMP.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.268-272
• /
• 2004

Recently most of hacking attack are either DDos attack or worm attack. However detection algorithms against those attacks are insufficient. In this paper, we propose a method which is able to detect attack traffic very efficiently by reducing traffic overhead. In this scheme, network traffics are collected using SNMP and classified. if they are identified as normal traffic, traffic analysis delay timer is started to reduce traffic overhead.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10a
• /
• pp.114-115
• /
• 2007

• International Journal of Industrial Entomology and Biomaterials
• /
• v.6 no.2
• /
• pp.179-181
• /
• 2003

$F(ab`)_2$-ELISA and direct antigen coating-ELISA (DAC-ELISA) were evaluated in the detection of purified Bombyx mori nuclear polyhedrosis virus (BmNPV) and nuclear polyhedrosis virus infection in silkworm larvae inoculated with BmNPV polyhedra. Although nanogram levels of BmNPV was detected in both DAC- and $F(ab`)_2$-ELISA, similar concentrations of antigen was detected in case of F(ab’)$_2$-ELISA even at higher dilution of antibody (up to 1 : 20 K). One hundred percent nuclear polyhedrosis infection was detected 6 hrs after inoculation in BmNPV infected silkworm larvae by $F(ab`)_2$-ELISA. On the other hand, detection of 100% infection was observed only three days after inoculation in DAC-ELISA. In this study, it was observed $F(ab`)_2$-ELISA was more sensitive than DAC-ELISA in the detection of purified BmNPV as well as nuclear polyhedrosis infection in silkworm larvae.

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.13-20
• /
• 2009

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

• Environmental Analysis Health and Toxicology
• /
• v.20 no.4 s.51
• /
• pp.333-341
• /
• 2005

In order to know whether polychaetes could be used as an appropriate organism for the detection of genotoxicity, DNA strand breaks were evaluated in blood cells of a nereidae worm (Perinereis aibuhitensis) exposed to various aquatic chemical pollutants (e.g. Cd, Pb, Pyrene, Benaor[a]pyrene). Hydrogen peroxide increased DNA strand breaks up to the highest concentration (10 $\mu$M). Higher concentration than 0.1 $\mu$M showed a significantly more DNA damage than control. Cadmium and lead also showed higher DNA damage than control, over 1.0 and 1 $\mu$g/L, respectively. In case of pyrene, DNA damage was detected even at 0.001 $\mu$g/L. However, DNA damage decreased due to apoptosis at the highest concentration of pyrene and Pb. This study suggested that the polythaetous blood cells could be used effectively for screening genotoxic contaminants in the environment.