Journal of the Korean Institute of Intelligent Systems (한국지능시스템학회논문지)

Korean Institute of Intelligent Systems (한국지능시스템학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Network based Intelligent Intrusion Prevention model by using Fuzzy Cognitive Maps on Denial of Service Attack

서비스 거부 공격에서의 퍼지인식도를 이용한 네트워크기반의 지능적 침입 방지 모델에 관한 연구

  • 이세열 (대전대학교 컴퓨터공학부) ;
  • 김용수 (대전대학교 컴퓨터공학부) ;
  • 심귀보 (중앙대학교 전자전기공학부)
  • Published : 2003.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

A DoS(Denial of Service) attack appears in the form of the intrusion attempt and Syn Flooding attack is a typical example. The Syn Flooding attack takes advantage of the weak point of 3-way handshake between the end-points of TCP which is the connection-oriented transmission service and has the reliability This paper proposes a NIIP(Network based Intelligent Intrusion Prevention) model. This model captures and analyzes the packet informations for the detection of Syn Flooding attack. Using the result of analysis of decision module, the decision module, which utilizes FCM(Fuzzy Cognitive Maps), measures the degree of danger of the DoS and trains the response module to deal with attacks. This model is a network based intelligent intrusion prevention model that reduces or prevents the danger of Syn Flooding attack.

서비스 거부 공격은 침입을 위한 침입시도 형태로 나타나며 대표적인 공격으로 Syn Flooding 공격이 있다. Syn Flooding 공격은 신뢰성 및 연결 지향적 전송서비스인 TCP의 종단간에 3-way handshake의 취약점을 이용한 공격이다. 본 논문에서는 네트워크 기반의 지능적 침입 방지 모델을 제안한다. 제안하는 모델은 Syn Flooding 공격을 탐지하기 위하여 패킷 정보를 수집하고 분석한다. 이 모델은 퍼지인식도(Fuzzy Cognitive Maps)를 적용한 결정모듈의 분석 결과를 활용하여 서비스 거부 공격의 위험도를 측정하고 공격에 대응하도록 대응모듈을 학습시킨다. 제안하는 모델은 Syn Flooding 공격의 위험을 격감 또는 방지하는 네트워크 기반의 지능적 침입 방지 모델이다.

Keywords

References

  1. Computer Emergency Response Team, "TCP Syn Flooding and IP Spoofing Attacks," CERT Advisory: CA, 96-21, 1996.
  2. Syncookies mailing list. ftp://koobera.math.uic.edu/pub/docs/syncookies-archive, 1996.
  3. SEC-INFO mailing list. http://www.certcc.or.kr/mail-archive/si-mail/0184.html, 2001.
  4. Y. W. Chen, "Study on the prevention of SYN flooding by using traffic policing," Network Operations and Management Symposium, 2000, IEEE/lFIP, pp. 593-604, 2000.
  5. C. K. Fung and M. C. Lee, "A denial-of-service resistant public-key authentication and key establishment protocol," Performance, Computing, and Communications Conference, 2002. 21st IEEE International , pp. 171-178, 2002.
  6. D. M. Gregg, W. J. Blackert, D. V. Heinbuch and D. Furnanage," Assessing and quantifying denial of service attacks," Military Communications Conference, 2001, Communications for Network-Centric Operations: Creating the Information Force. IEEE, Vol. 1, pp. 76-80, 2001.
  7. Ming Li, Weijia Jia, Wei Zhao, "Decision analysis of network-based intrusion detection systems for denial-of-service attacks," Info-tech and Info-net, 2001. Proceedings. ICII 2001 - Beijing, 2001 International Conferences on , Vol. 5, pp. 1-6, 2001.
  8. C. L. Schuba, I. V. Krsul, M. G. Khun, E. H. Spaford, A. Sundram, and D. Zamboni, "Analysis of a denial of service attack on tcp," 1997 IEEE Symposium on Security and Privacy, 1997.
  9. Aman Garg and A. L. Narasimha Reddy, "Policy Based End Server Resource Regulation," IEEE/ACM Transactions on Networking, Vol. 8, No. 2, pp. 146-157, 2000. https://doi.org/10.1109/90.842138
  10. S. Y. Lee and Y. S. Kim, "A RTSD Mechanism for Detection of DoS Attack on TCP Network," Proceedings of KFIS 2002 Spring Conference, pp. 252-255, 2002.
  11. K. B. Sim , J. W. Yang, D. W. Lee, S. Y. Lee, Y. S. Kim, et al., "Intrusion Detection System of Network Based on Biological Immune System," Journal of Fuzzy Logic And Intelligent Systems, Vol. 12, No. 5, pp. 411-416, 2002. https://doi.org/10.5391/JKIIS.2002.12.5.411
  12. E. J. Lee. " A Study on Intrusion Detection System through Network," Master Thesis, Inchon University, pp. 56-60, 2001.