Browse > Article
http://dx.doi.org/10.9709/JKSS.2012.21.3.017

The Effectiveness Evaluation Methods of DDoS Attacks Countermeasures Techniques using Simulation  

Kim, Ae-Chan (고려대학교 정보보호대학원)
Lee, Dong-Hoon (고려대학교 정보보호대학원)
Jang, Seong-Yong (서울과학기술대학교 글로벌융합산업공학과)
Publication Information
Journal of the Korea Society for Simulation / v.21, no.3, 2012 , pp. 17-24 More about this Journal
Abstract
This paper suggests Effectiveness Evaluation Methods of DDoS attacks countermeasures model by simulation. According to the security objectives that are suggested by NIST(National Institute of Standards and Technology), It represents a hierarchical Effectiveness Evaluation Model. we calculated the weights of factors that security objectives, security controls, performance indicator through AHP(Analytic Hierarchy Process) analysis. Subsequently, we implemented Arena Simulation Model for the calculation of function points at the performance indicator. The detection and protection algorithm involve methods of critical-level setting, signature and anomaly(statistic) based detection techniques for Network Layer 4, 7 attacks. Proposed Effectiveness Evaluation Model can be diversely used to evaluate effectiveness of countermeasures and techniques for new security threats each organization.
Keywords
DDoS; Simulation; Security Objectives; Security Controls; AHP; Effectiveness Evaluation;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 김지연, 이주리, 박은지, 장은영, 김형종 (2009), "DDoS 공격 피해 규모 및 대응기법 비용분석을 위한 모델링 및 시뮬레이션 기술연구", 한국시뮬레이션학회 논문지, Vol. 18, No. 4, pp. 39-47.   과학기술학회마을
2 김태원, 정재일, 이주영 (2010), "패킷 카운팅을 이용한 DoS / DDoS 공격 탐지 알고리즘 및 이를 이용한 시스템", 한국시뮬레이션학회 논문지, Vol. 19, No. 4, pp151-159.   과학기술학회마을
3 이명수 등 (2010), DDoS 공격 대응에 대한 한계용량 측정 방법론 연구, 한국인터넷진흥원, KISA-RP-2010-0009, pp. 19, 150.
4 이진수, 김두원, 박원형, 국광호 (2009), "네트워크 기반 DDoS 사이버 테러 분석 및 대응 방안 연구", 한국사이버테러정보전학회 정보․보안 논문지, Vol. 9, No. 3, pp. 43-51.
5 장범수, 이주영, 정재일 (2010), "False Alarm Rate 변화에 따른 DoS/DDoS 탐지 알고리즘의 성능 분석", 한국시뮬레이션학회 논문지, Vol. 19, No. 4, pp. 139-149.   과학기술학회마을
6 KrCERT/CC (2011), 인터넷 침해사고 동향 및 분석월호, 한국인터넷진흥원, Vol. 12, pp. 50-51.
7 Andy Cuff, "Intrusion Detection Terminology (Part Two)", http://www.symantec.com/connect/articles/intrusion-detection-terminology-part-two, 2010.
8 Gary Locke, Patrick D. Gallagher (2010), Recommended Security Controls for Federal Information Systems and Organizations, NIST Special Publication 800-53, Rev. 3, pp. 6-15.
9 Jie Wang, Raphael C.-W. Phan, John N. Whitley and David J. Parish (2011), "DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform", Proc. of 2011 World Congress on Internet Security (WorldCIS), London, pp. 15-20.
10 Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, Jessica Gulick (2008), Guide for Mapping Types of Information and Information Systems to Security Categories, NIST Special Publication 800-60, Vol. 1, pp. 9-11.
11 Nidal Qwasmi, Fayyaz Ahmed, Ramiro Liscano (2011), "Simulation of DDoS Attacks on P2P Networks", Proc. of 2011 IEEE 13th International Conference on High Performance Computing and Communications (HPCC), Oshawa, pp. 610-614.
12 QuEST Forum (2007), TL 9000 Measurements Handbook, Release 4.1, Appendix A, pp. 59-60.
13 W. Pitt Turner, John H. Seader, Vince Renaud, and Kenneth G. Brill (2008), Tier Classifications Define site Infrastructure Performance, The Uptime Institute, White Paper, pp. 15-17.
14 Saaty, Thomas L. (2008), "Relative Measurement and its Generalization in Decision Making: Why Pairwise Comparisons are Central in Mathematics for the Measurement of Intangible Factors - The Analytic Hierarchy/Network Process", Review of the Royal spanish Academy of Sciences, Series A, Mathematics (RACSAM), Vol. 102, No. 2, pp. 251-318.