• Title/Summary/Keyword: Attack time

Search Result 1,139, Processing Time 0.028 seconds

Verification of Extended TRW Algorithm for DDoS Detection in SIP Environment (SIP 환경에서의 DDoS 공격 탐지를 위한 확장된 TRW 알고리즘 검증)

  • Yum, Sung-Yeol;Ha, Do-Yoon;Jeong, Hyun-Cheol;Park, Seok-Cheon
    • Journal of Korea Multimedia Society
    • /
    • v.13 no.4
    • /
    • pp.594-600
    • /
    • 2010
  • Many studies are DDoS in Internet network, but the study is the fact that is not enough in a voice network. Therefore, we designed the extended TRW algorithm that was a DDoS attack traffic detection algorithm for the voice network which used an IP data network to solve upper problems in this article and evaluated it. The algorithm that is proposed in this paper analyzes TRW algorithm to detect existing DDoS attack in Internet network and, design connection and end connection to apply to a voice network, define probability function to count this. For inspect the algorithm, Set a threshold and using NS-2 Simulator. We measured detection rate by an attack traffic type and detection time by attack speed. At the result of evaluation 4.3 seconds for detection when transmitted INVITE attack packets per 0.1 seconds and 89.6% performance because detected 13,453 packet with attack at 15,000 time when transmitted attack packet.

A Study of the Intelligent Connection of Intrusion prevention System against Hacker Attack (해커의 공격에 대한 지능적 연계 침입방지시스템의 연구)

  • Park Dea-Woo;Lim Seung-In
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.2 s.40
    • /
    • pp.351-360
    • /
    • 2006
  • Proposed security system attacks it, and detect it, and a filter generation, a business to be prompt of interception filtering dates at attack information public information. inner IPS to attack detour setting and a traffic band security, different connection security system, and be attack packet interceptions and service and port interception setting. Exchange new security rule and packet filtering for switch type implementation through dynamic reset memory by real time, and deal with a packet. The attack detection about DDoS, SQL Stammer, Bug bear, Opeserv worm etc. of the 2.5 Gbs which was an attack of a hacker consisted in network performance experiment by real time. Packet by attacks of a hacker was cut off, and ensured the normal inside and external network resources besides the packets which were normal by the results of active renewal.

  • PDF

Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System (SNMP 기반의 실시간 트래픽 폭주 공격 탐지 시스템 설계 및 구현)

  • Park, Jun-Sang;Kim, Sung-Yun;Park, Dai-Hee;Choi, Mi-Jung;Kim, Myung-Sup
    • The KIPS Transactions:PartC
    • /
    • v.16C no.1
    • /
    • pp.13-20
    • /
    • 2009
  • Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

Design and Evaluation of DDoS Attack Detection Algorithm in Voice Network (음성망 환경에서 DDoS 공격 탐지 알고리즘 설계 및 평가)

  • Yun, Sung-Yeol;Kim, Hwan-Kuk;Park, Seok-Cheon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.13 no.12
    • /
    • pp.2555-2562
    • /
    • 2009
  • The algorithm that is proposed in this paper defined a probability function to count connection process and connection-end process to apply TRW algorithm to voice network. Set threshold to evaluate the algorithm that is proposed, Based on the type of connection attack traffic changing the probability to measure the effectiveness of the algorithm, and Attack packets based on the speed of attack detection time was measured. At the result of evaluation, proposed algorithm shows that DDoS attack starts at 10 packets per a second and it detects the attack after 1.2 seconds from the start. Moreover, it shows that the algorithm detects the attack in 0.5 second if the packets were 20 per a second.

Adversarial Attacks and Defense Strategy in Deep Learning

  • Sarala D.V;Thippeswamy Gangappa
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.1
    • /
    • pp.127-132
    • /
    • 2024
  • With the rapid evolution of the Internet, the application of artificial intelligence fields is more and more extensive, and the era of AI has come. At the same time, adversarial attacks in the AI field are also frequent. Therefore, the research into adversarial attack security is extremely urgent. An increasing number of researchers are working in this field. We provide a comprehensive review of the theories and methods that enable researchers to enter the field of adversarial attack. This article is according to the "Why? → What? → How?" research line for elaboration. Firstly, we explain the significance of adversarial attack. Then, we introduce the concepts, types, and hazards of adversarial attack. Finally, we review the typical attack algorithms and defense techniques in each application area. Facing the increasingly complex neural network model, this paper focuses on the fields of image, text, and malicious code and focuses on the adversarial attack classifications and methods of these three data types, so that researchers can quickly find their own type of study. At the end of this review, we also raised some discussions and open issues and compared them with other similar reviews.

Cyber attack group classification based on MITRE ATT&CK model (MITRE ATT&CK 모델을 이용한 사이버 공격 그룹 분류)

  • Choi, Chang-hee;Shin, Chan-ho;Shin, Sung-uk
    • Journal of Internet Computing and Services
    • /
    • v.23 no.6
    • /
    • pp.1-13
    • /
    • 2022
  • As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

Response and Threat of Home Network System in Ubiquitous Environment (유비쿼터스 환경에서의 홈네트워크 시스템 침해 위협 및 대응 방안)

  • Oh, Dae-Gyun;Jeong, Jin-Young
    • Convergence Security Journal
    • /
    • v.5 no.4
    • /
    • pp.27-32
    • /
    • 2005
  • Recently The social interest regarding is coming to be high about Home Network accordong to intelligence anger of diffusions and the family home appliance machineries and tools of the superhigh speed Internet In the ubiquitous computing socioty, only neither the threat of the private life which is caused by in cyber attack will be able to increase according to the computer environment dependence degree of the individual increases in the ubiquitous computing socioty, only neither the threat of the private life which is caused by in cyber attack will be able to increase according to the computer environment dependence degree of the individual increases Beacaues of Home network is starting point to go ubiquitous computing enviorment, The Increase of Cyber attack through Internet will raise its head with the obstacle to disrupt the activation of the groove network. So there is a possibility of saying that the counter-measure preparation is urgent, In the various environment like this, It means the threat which present time than is complicated will exist. So it will analyze the Home network system environment of present time and observe the Security threat and attack type in the ubiquitous computing enviorment. So it will analyze the Home network system environment of present time and observe the Security threat and attack type in the ubiquitous computing enviorment.

  • PDF

Design and Implementation of a Real Time Access Log for IP Fragmentation Attack Detection (IP Fragmentation 공격 탐지를 위한 실시간 접근 로그 설계 및 구현)

  • Guk, Gyeong-Hwan;Lee, Sang-Hun
    • The KIPS Transactions:PartA
    • /
    • v.8A no.4
    • /
    • pp.331-338
    • /
    • 2001
  • With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

  • PDF

A Remote Authentication Protocol Using Smartcard to Guarantee User Anonymity (사용자 익명성을 제공하는 스마트카드 기반 원격 인증 프로토콜)

  • Baek, Yi-Roo;Gil, Kwang-Eun;Ha, Jae-Cheol
    • Journal of Internet Computing and Services
    • /
    • v.10 no.6
    • /
    • pp.229-239
    • /
    • 2009
  • To solve user authentication problem, many remote user authentication schemes using password and smart card at the same time have been proposed. Due to the increasing of interest in personal privacy, there were some recent researches to provide user anonymity. In 2004, Das et al. firstly proposed an authentication scheme that guarantees user anonymity using a dynamic ID. In 2005, Chien et al. pointed out that Das et al.'s scheme has a vulnerability for guaranteing user anonymity and proposed an improved scheme. However their authentication scheme was found some weaknesses about insider attack, DoS attack, and restricted replay attack. In this paper, we propose an enhanced scheme which can remove vulnerabilities of Chien et al.'s scheme. The proposed authentication protocol prevented insider attack by using user's Nonce value and removed the restricted replay attack by replacing time stamp with random number. Furthermore, we improved computational efficiency by eliminating the exponentiation operation.

  • PDF

Efficient Buffer Management Scheme for Mitigating Possibility of DDoS Attack (DDoS 공격 가능성 완화를 위한 효율적인 버퍼 관리 기술)

  • Noh, Hee-Kyeong;Kang, Nam-Hi
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.12 no.2
    • /
    • pp.1-7
    • /
    • 2012
  • DDoS attack is a malicious attempt to exhaust resources of target system and network capacities using lots of distributed zombi systems. DDoS attack introduced in early 2000 has being evolved over time and presented in a various form of attacks. This paper proposes a scheme to detect DDoS attacks and to reduce possibility of such attacks that are especially based on vulnerabilities presented by using control packets of existing network protocols. To cope with DDoS attacks, the proposed scheme utilizes a buffer management techniques commonly used for congestion control in Internet. Our scheme is not intended to detect DDoS attacks perfectly but to minimize possibility of overloading of internal system and to mitigate possibility of attacks by discarding control packets at the time of detecting DDoS attacks. In addition, the detection module of our scheme can adapt dynamically to instantly increasing traffic unlike previously proposed schemes.