• The Journal of the Korea Contents Association
• /
• v.8 no.6
• /
• pp.54-65
• /
• 2008

When DDoS attack is achieved, malicious host discovering is more difficult on wireless network than existing wired network environment. Specially, because wireless network is weak on wireless user authentication attack and packet spoofing attack, advanced technology should be studied in reply. Integrated Access Device (IAD) that support VoIP communication facility etc with wireless routing function recently is developed and is distributed widely. IAD is alternating facility that is offered in existent AP. Therefore, advanced traffic classification function and real time attack detection function should be offered in IAD on wireless network environment. System that is presented in this research collects client information of wireless network that connect to IAD using AirSensor. And proposed mechanism also offers function that collects the wireless client's attack packet to monitoring its legality. Also the proposed mechanism classifies and detect the attack packet with W-TMS system that was received to IAD. As a result, it was possible for us to use IAD on wireless network service stably.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.253-264
• /
• 2003

This paper presents the analytic model of Distributed Denial-of-Service (DDoS) attacks in two settings: the normal Web server without any attack and the Web server with DDoS attacks. In these settings, we measure TCP flag rate, which is expressed in terms of the ratio of the number of TCP flags, i.e., SYN, ACK, RST, etc., packets over the total number of TCP packets, and Protocol rate, which is defined by the ratio of the number of TCP (UDP or ICMP) packets over the total number of W packets. The experimental results show a distinctive and predictive pattern of DDoS attacks. We wish our approach can be used to detect and prevent DDoS attacks.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.1
• /
• pp.81-87
• /
• 2020

Recently, the network configuration is being rapidly changed to enable easy and free network service configuration based on SDN/NFV. Despite the many advantages and applications of SDN, many security issues such as Distributed Denial of Service (DDoS) attacks are being constantly raised as research issues. In particular, the effectiveness of DDoS attacks is much faster, SDN is causing more and more fatal damage. In this paper, we propose an entropy-based technique to detect and mitigate DDoS attacks in SDN, and prove it through experiments. The proposed scheme is designed to mitigate these attacks by detecting DDoS attacks on single and multiple victim systems and using time - specific techniques. We confirmed the effectiveness of the proposed scheme to reduce packet loss rate by 20(19.86)% while generating 3.21% network congestion.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.127-134
• /
• 2011

Malicious botnet has been used for more malicious activities, such as DDoS attacks, sending spam messages, steal personal information, etc. To prevent this, many studies have been preceded. But malicious botnets have evolved and evaded detection systems. In particular, HTTP GET Request attack that exploits the vulnerability of the application layer is used. ALAB of ALADDIN proposed by ETRI is DDoS attack detection system that HTTP GET, Incomplete GET request flooding attack detection algorithm is applied. In this paper, we extend Incomplete GET detection algorithm of ALAB and derive the optimal configuration parameters to verify the validity of the algorithm ALAB by the study of the normal and attack packets.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.670-672
• /
• 2002

최근에 인터넷을 통한 해킹이나 바이러스 침투로 인한 피해 사례들이 지속적으로 증가하고 있다. 20000년 2월, 야후, 아마존, CNN에 발생했던 DDoS(Distributed Denial of Service)[1,2] 공격으로 인해 각 웹사이트들은 큰 피해를 입었던 사례가 있다. 야후의 경우 초당 수 기가 비트의 서비스 요청으로 인해 무려 3시간 이상 동안 서비스가 중지되는 사태까지 이르렀다. 이 사건은 분산 환경에서의 서비스 거부 공격의 위험성을 보여주고 있다. 본 논문에서는 지금까지 개발된 분산 서비스 공격 도구를 분석하고 이들이 사용하는 패킷을 탐지하여 공격을 위해 사용되는 경로를 파악하는 방법을 제안한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.11a
• /
• pp.189-194
• /
• 2005

Present hacking technology is undergone a change on the distributed DoS Attack which cause a lot of traffic to the network or single host. In this paper, with giving mobility to the mean deviation per protocol and it's field, and with adapting pattern matching approach to DDoS attack detection technique, we propose a method to detect the DDoS attack, to have less misdetection and to detect these attacks correctly.

• Journal of the Korea Society for Simulation
• /
• v.19 no.4
• /
• pp.151-159
• /
• 2010

Currently, by using the Internet, We can do varius things such as Web surfing, email, on-line shopping, stock trading on your home or office. However, as being out of the concept of security from the beginning, it is the big social issues that malicious user intrudes into the system through the network, on purpose to steal personal information or to paralyze system. In addition, network intrusion by ordinary people using network attack tools is bringing about big worries, so that the need for effective and powerful intrusion detection system becomes very important issue in our Internet environment. However, it is very difficult to prevent this attack perfectly. In this paper we proposed the algorithm for the detection of DoS attacks, and developed attack detection tools. Through learning in a normal state on Step 1, we calculate thresholds, the number of packets that are coming to each port, the median and the average utilization of each port on Step 2. And we propose values to determine how to attack detection on Step 3. By programing proposed attack detection algorithm and by testing the results, we can see that the difference between the median of packet mounts for unit interval and the average utilization of each port number is effective in detecting attacks. Also, without the need to look into the network data, we can easily be implemented by only using the number of packets to detect attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.2B
• /
• pp.90-99
• /
• 2007

It might be more efficient that detections of distributed denial of service (DDoS) attacks are done in backbone domain than in individual local networks or links. However, because existing schemes for detecting DDoS attack symptoms have been focused on individual packets or flows, they require much higher computational complexities. In this paper, we propose an efficient method to detect DDoS attack symptoms in backbone networks. Unlike conventional schemes focused on individual packets or flows, the proposed method is carried at aggregate traffic level. So, our proposed schemes can be operated with very lower computational complexity, and can be run in very high-speed backbone networks.

• Journal of KIISE
• /
• v.43 no.5
• /
• pp.596-605
• /
• 2016

Since the Denial of Service Attack against multiple targets in the Korean network in private and public sectors in 2009, Korea has spent a great amount of its budget to build strong Internet infrastructure against DDoS attacks. As a result of the investments, many major governments and corporations installed dedicated DDoS defense systems. However, even organizations equipped with the product based defense system often showed incompetency in dealing with DDoS attacks with little variations from known attack types. In contrast, by following a capacity centric DDoS detection method, defense personnel can identify various types of DDoS attacks and abnormality of the system through checking availability of service resources, regardless of the types of specific attack techniques. Thus, the defense personnel can easily derive proper response methods according to the attacks. Deviating from the existing DDoS defense framework, this research study introduces a capacity centric DDoS detection methodology and provides methods to mitigate DDoS attacks by applying the methodology.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.203-206
• /
• 2020

소프트웨어 정의 네트워크(Software-Defined Networking; SDN) 기술은 기존 네트워크 기술의 폐쇄성과 복잡성의 한계를 극복하고, 중앙 집중적 관리 및 프로그래밍 기반의 네트워크 서비스를 제공할 수 있는 장점이 있다. 그러나 SDN 환경에서도 다른 네트워크 환경처럼 악의적인 DDoS 공격으로 인해 전체 네트워크 서비스가 마비될 수도 있는 문제가 있다. 이러한 문제를 해결하기 위한 기존의 연구들은 공격이 인입되는 스위치 포트를 차단하거나, 공격자의 출발지 주소 자체를 차단하는 기법 등이 있으나 공격 트래픽과 함께 정상 트래픽까지 차단하는 문제가 있다. 본 논문에서는 SDN 환경에서 DDoS 공격 발생 시 악의적인 트래픽만 방어하고, 정상적인 트래픽은 최대한 허용하는 서비스 Flow 기반의 방어 기법을 제안한다. 제안 기법은 SDN 환경에서 Flow 분석을 통해 DDoS 공격을 탐지한 후 이를 접근제어 리스트 방식을 통해 공격 트래픽만을 차단하는 것이 가능하다. 실험 결과를 통해 공격자의 악의적인 트래픽은 차단하고, 정상적인 트래픽은 허용하는 것이 확인되었다.