한국통신학회논문지 (The Journal of Korean Institute of Communications and Information Sciences)

한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지

고속 인터넷 백본망에서의 분산형 서비스 거부 공격 탐지 방법

Distributed Detection of DDoS Attack Symptoms in Highspeed Backbone Networks

  • 김선호 (대우일렉 IS연구소) ;
  • 윤명철 (단국대학교(천안캠퍼스) 전자공학과) ;
  • 노병희 (아주대학교 정보통신전문대학원)
  • 발행 : 2007.02.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

분산형 서비스 거부 (DDoS) 공격들에 대한 징후 감지는 산상의 복잡성과 컴퓨팅 자원을 요구한다. 본 논문에서는 고속의 백본망에서 DDoS 공격 징후를 효율적으로 감지해 낼 수 있는 방법을 제안한다. 본 논문에서 제안하는 방법은 기존의 개별 패킷 또는 플로우 단위의 방법들과 달리 집합 트래픽 흐름의 관점에 기반을 두고 있다. 이럼으로써, 제안된 방법은 매우 낮은 계산량으로 수행될 수 있어, 고속의 백본망에서 적용 가능하다.

It might be more efficient that detections of distributed denial of service (DDoS) attacks are done in backbone domain than in individual local networks or links. However, because existing schemes for detecting DDoS attack symptoms have been focused on individual packets or flows, they require much higher computational complexities. In this paper, we propose an efficient method to detect DDoS attack symptoms in backbone networks. Unlike conventional schemes focused on individual packets or flows, the proposed method is carried at aggregate traffic level. So, our proposed schemes can be operated with very lower computational complexity, and can be run in very high-speed backbone networks.

키워드

참고문헌

  1. K. Houle and J. Weaver, 'Trends in Denial of Service Attack Technology,' CERT Coordination Cen-ter, Oct. 2001
  2. H. Kim, J. Kim, S. Bahk, and I. Kang, 'Fast Classification, Calibration, and Visualization of Network Attacks on Backbone Links,' Technical Report, available at http://net.korea.ac.kr, June 2003
  3. A. Chakrabarti and G. Manimaran, 'Internet Infrastructure Security: A Taxonomy,' IEEE Networks, Vol. 16, No. 6, November/December 2002, pp.13-21 https://doi.org/10.1109/MNET.2002.1081761
  4. R. Chang, 'Defending Against Flooding-Based Distributed Denial-of-Service Attacks: A tutorial,' IEEE Communications Magazine, October 2002, pp. 42-51
  5. B. Roh, and S.W.Yoo, 'A Nobel Detection Methodology Of Network Attack Symptoms At Aggregate Traffic Level On Highspeed Internet Backbone Links,' ICT'2004, LNCS, Vol.3124, pp.1226-1235, 2004
  6. J. Beran, R. Sherman, M. S. Taqqu, and W. Willinger, 'Long-Range Dependence in Variable-Bit-Rate Video Traffic,' IEEE Tr. Communications, Vol. 43, No. 2/3/4, Feb/Mar/Apr 1995
  7. V. Paxon, 'Fast, Approximate Synthesis of Fractional Gaussian Noise for Generating Self-Similar Network Traffic,' ACM SIGCOMM Computer Communication Review, Vol. 27, Is-sue 5, October 1997
  8. The network simulator version-2, ns-2, http://www.isi.edu/nsnam/ns/
  9. 안철수연구소 기획실, 'SQL_Overflow 웜의 분석 보고서', Technical Report, 안철수 연구소, 2003
  10. Nicholas C. Weaver, Warhol worms: The potential for very fast in plagues. http://www.cs.berkeley.edu/nweaver/warhol.html
  11. W. Stallings, High-Speed Networks and Internets: Performance and Quality of Service, 2ndEd., Prentice Hall, 2001