• Title/Summary/Keyword: DDoS (Distributed Denial of Service)

Search Result 132, Processing Time 0.031 seconds

A Survey on Defense Mechanism against Distributed Denial of Service (DDoS) Attacks in Control System

  • Kwon, YooJin
    • KEPCO Journal on Electric Power and Energy
    • /
    • v.1 no.1
    • /
    • pp.55-59
    • /
    • 2015
  • Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

A Proposal Countermeasure to DDoS attacks targered DNS (DNS을 목표한 DDoS공격에 효과적인 대응 방법 제안)

  • Choi, Ji-Woo;Chun, Myung-Jin;Hong, Do-Won;Seo, Chang-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.729-735
    • /
    • 2013
  • The recent issue of distributed denial of service attack paralyze major government and financial institution in internet sites. They threatened to the cyber security. There hasn't been easy defense of now using attack. There seems to be increases in damage. In this paper, The recent continue to evolve of distributed denial of service attack. DNS target of distributed denial of service attack give specific examples. but, DNS target of DDoS attacks about defense is insufficient. The DNS Cyber-shelter system was created based on the Cyber-shelter system for DDoS attack in Kisa.. We proposal DNS Cyber-shelter system.

New Distributed SDN Framework for Mitigating DDoS Attacks (DDoS 공격 완화를 위한 새로운 분산 SDN 프레임워크)

  • Alshehhi, Ahmed;Yeun, Chan Yeob;Damiani, Ernesto
    • The Transactions of The Korean Institute of Electrical Engineers
    • /
    • v.66 no.12
    • /
    • pp.1913-1920
    • /
    • 2017
  • Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

DDoS attack traffic through the analysis of responses to research (트래픽 분석을 통한 DDoS 공격에 대한 대응책 연구)

  • Hong, Sunghyuck
    • Journal of Convergence Society for SMB
    • /
    • v.4 no.3
    • /
    • pp.1-6
    • /
    • 2014
  • DDoS (Distributed Denial Service, Distributed Service) attacks are being generated for a constant threat on the Internet, countermeasures for this have been proposed. However, the problem has become an increasingly effective instruction in any Measures are a variety of attacks and sophisticated attacks. Attackers can change a steady attack tools to respond to these, the experts as a countermeasure to this constantly research for a fresh attack. This paper is to introduce countermeasures to DDoS recent representative examples of 7.7DDoS and look for 3.3DDoS existing types of DDoS attacks increased PPS attacks, high traffic sent, web service delay and router and firewall settings, applications and to describe the DDoS countermeasures research by certification, is so that you can plan effectively for the future DDoS attacks proposed method.

  • PDF

Detecting scheme against bypass Denial of Service Attack (우회 DoS 공격을 탐지하기 위한 모델 설계)

  • 김용석;전준철;유기영
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.10a
    • /
    • pp.709-711
    • /
    • 2003
  • 현재 사용되어지는 컴퓨터 통신 프로토콜(OSI 7 layer reference model)은 구조적인 문제점을 들어내고 있다. 이런 문제점 때문에, 해커들은 수많은 패킷들을 생성시키는 Denial of Service(DoS) 공격과 Distributed Denial of Service(DDoS) 공격을 사용하여 한 호스트나 한 네트워크 자원에 치명적인 악영향을 미친다. 특정한 TCP 포트나 UDP 포트에 공격을 가하는 경우에는 룰 기반의 침입탐지 시스템(IDS)이 탐지 해낼 수 있지만 다른 임의의 포트에 공격을 가하게 되연 IDS는 이것을 탐지하지 못한다. 따라서 우리는 잉의의 포트에 DoS나 DDoS 공격들이 일어났을 때 이 공격들을 탐지할 수 있는 모델을 설계하였다.

  • PDF

A Study on DDoS(Distributed Denial of Service) Attack Detection Model Based on Statistical (통계 기반 분산서비스거부(DDoS)공격 탐지 모델에 관한 연구)

  • Kook, Yoon-Ju;Kim, Yong-Ho;Kim, Jeom-Goo;Kim, Kiu-Nam
    • Convergence Security Journal
    • /
    • v.9 no.2
    • /
    • pp.41-48
    • /
    • 2009
  • Distributed denial of service attack detection for more development and research is underway. The method of using statistical techniques, the normal packets and abnormal packets to identify efficient. In this paper several statistical techniques, using a mix of various offers a way to detect the attack. To verify the effectiveness of the proposed technique, it set packet filtering on router and the proposed DDoS attacks detection method on a Linux router. In result, the proposed technique was detect various attacks and provide normal service mostly.

  • PDF

Method of Preventing DDoS Using Proxy Server Group and Dynamic DNS (Proxy Server Group과 Dynamic DNS를 이용한 DDoS 방어 구축 방안)

  • Shin, Sang Il;Kim, Min Su;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.12 no.6
    • /
    • pp.101-106
    • /
    • 2012
  • As the existing strategy of preventing DDoS(Distributed Denial of Service) attacks has limitations, this study is intended to suggest the more effective method of preventing DDoS attacks which reduces attack power and distributes attack targets. Currently, DDoS attacks have a wide range of targets such as individuals, businesses, labs, universities, major portal sites and financial institutions. In addition, types of attacks change from exhausting layer 3, network band to primarily targeting layer 7. In response to DDoS attacks, this study suggests how to distribute and decrease DDoS threats effectively and efficiently using Proxy Server Group and Dynamic DNS.

DDoS Defense using Address Prefix-based Priority Service (Address Prefix에 기반한 우선 순위 서비스를 이용한 DDoS 방어)

  • Jin, Jinghe;Lee, Tai-Jin;Nam, Seung-Yeob
    • Journal of the Korea Society for Simulation
    • /
    • v.18 no.4
    • /
    • pp.207-217
    • /
    • 2009
  • We propose a two-stage Distributed Denial of Service (DDoS) defense system, which can protect a given subnet by serving existing flows and new flows with a different priority based on IP history information. Denial of Service (DoS) usually occurs when the resource of a network node or link is limited and the demand of the users for that resource exceeds the capacity. The objective of the proposed defense system is to provide continued service to existing flows even in the presence of DDoS attacks. The proposed scheme can protect existing connections effectively with a smaller memory size by reducing the monitored IP address set through sampling and per-prefix history management. We evaluate the performance of the proposed scheme through simulation.

Design of Removal Module of Malicious Agent for Distributed Denial of Service Attack Response System (분산서비스거부 공격 대응 시스템을 위한 악성에이전트 제거 모듈 설계)

  • Chae, Youn-Ju;Seo, Jin-Cheol;Lim, Chae-Ho;Won, Yoo-Hun
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2000.10b
    • /
    • pp.1477-1480
    • /
    • 2000
  • 분산서비스거부(Distributed Denial of Service or DDoS)틀 이용한 공격은 공격목표시스템이 보안이 철저하다고 해도 쉽게 공격을 가할 수 있는 공격법이다. 근래에 들어 이러한 공격법은 여러 해킹 툴의 보급과 함께 급격히 증가하고 있다. 하지만, 시스템 자체의 보안만으로 대처 방안이 되지 못하고 있는 실정이다. DDoS 공격을 방지하기 위해서는 전체 시스템들이 모두 보안체계를 갖추고 있어야 하지만, 이것은 현실적으로 불가능하다. 결국 DDoS 공격을 탐지하고 대처하기 위해서는 라우터와 네트워크를 기반으로 한 대응시스템 설계가 요구된다. 또한 DDoS 공격의 재발을 막기 위해서는 DDoS 공격 시스템으로 이용된 시스템을 찾아 악성프로그램을 탐지하고 제거할 수 있는 악성에이전트 탐지 및 제거 시스템을 설계하였다.

  • PDF

A STUDY OF DISTRIBUTED DENIAL OF SERVICE ATTACK ON GOVERNMENT INFRASTRUCTURE

  • Kim, Suk-Jin;Jeong, Gisung
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.8 no.2
    • /
    • pp.55-65
    • /
    • 2016
  • Distributed Denial of service attack is one of the major threats nowadays especially to the government infrastructure that give huge impact to the reputation and interrupt the services and resource. Our survey start with brief introduction about DDoS attacks, we illustrate the trends and incident happened at government from various countries. We then provide an extensive literature review on the existing research about implication, types of attacks and initiative to defence against the DDoS attacks. Our discussion aims to identify the trends in DDoS attacks, in depth impact of DDoS attacks to government infrastructure, classification of attacks and techniques against the attacks. And we will use for a fire fight safety and management.