DOI QR코드

DOI QR Code

A Probe Prevention Model for Detection of Denial of Service Attack on TCP Protocol

TCP 프로토콜을 사용하는 서비스거부공격 탐지를 위한 침입시도 방지 모델

  • 이세열 (대전대학교 컴퓨터공학부) ;
  • 김용수 (대전대학교 컴퓨터공학부)
  • Published : 2003.08.01

Abstract

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using FCM(Fuzzy Cognitive Maps) that can detect intrusion by the DoS attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The SPuF(Syn flooding Preventer using Fussy cognitive maps) model captures and analyzes the packet informations to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance comparison, the "KDD′99 Competition Data Set" made by MIT Lincoln Labs was used. The result of simulating the "KDD′99 Competition Data Set" in the SPuF model shows that the probe detection rates were over 97 percentages.

Keywords

References

  1. Franklin L., "Protection The Web Server and Application," Computer and Security, No.20, pp.31-35, 2001. https://doi.org/10.1016/S0167-4048(01)01018-5
  2. Hofmeyr, S. A., Forrest, S., and Somayaji, A., "Intrusion detection using sequences of system calls," Journal of Computer Security, Vol. 6, pp.151-180, 1998.
  3. Axelrod, R, "Structure of Decision The Cognitive Maps of Political Elites," Princeton, NJ : Princeton University Press, 1976.
  4. Cannady, J., "Applying Neural Networks to Misuse Detection," In Proceedings of the 21st National Information System Security Conference, 1998.
  5. Hongik Univ. STRC, "Intrusion Detection System and Detection Rates Report", KISA, 1999.
  6. H. S. Lee, Y. H. Im, "Adaptive Intrusion Detection System Based on SVM and Clustering", Journal of Fuzzy Logic and Intelligent Systems, Vol. 13, No. 2, pp.237-242, 2003. https://doi.org/10.5391/JKIIS.2003.13.2.237
  7. Computer Emergency Response Team, "TCP Syn Flooding and IP Spoofing Attacks," CERT Advisory: CA, 96-121, 1996.
  8. Syncookies mailing list. ftp://koobera.math.uic.edu/pub/docs/syncookies-archive, 1996.
  9. S. Y. Lee and Y. S. Kim, "A RTSD Mechanism for Detection of DoS Attack on TCP Network," Proceedings of KFIS 2002 Spring Conference, pp. 252-255, 2002.
  10. Amang Garg and A. L. Narasimha Reddy, "Policy Based end Server Resource Regulation," IEEE/ACM Transactions on Networking , Vol. 8, No.2, pp. 146-157, 2000. https://doi.org/10.1109/90.842138
  11. K. B. Sim , J. W. Yang, D. W. Lee, S. Y. Lee, Y. S. Kim, et aI., "Intrusion Detection System of Network Based on Biological Immune System," Journal of Fuzzy Logic And Intelligent Systems, Vol. 12, No. 5, pp. 411-416, 2002. https://doi.org/10.5391/JKIIS.2002.12.5.411
  12. E. J. Lee. " A Study on Intrusion Detection System through Network," Master Thesis, Inchon University, pp. 56-60, 2001.
  13. W. Lee and S. J. Stolfo., "A Framework for Constructing Features and Models for Intrusion Detection Systems," In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 1999.
  14. S. J. Park, "A Probe Detection Model using the Analysis of the Session Patterns on the Internet Service", Ph. D. Dissertation, Daejeon University, 2003.
  15. S. Y. Lee, "An Adaptive Probe Detection Model using Fuzzy Cognitive Maps", Ph. D. Dissertation, Daejeon University, 2003.