• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.117-130
• /
• 2010

Paper is on defense for so-called internet crisis, the attack of DDoS (Distributed Denial of Service) which was targeted to the central government ministries, financial sector, and portal sites of chief counties including Korea on June 7th, 2009 as its start. By conducting attack with various DDoS attacking methods in the lab environment and dividing networks targeted by the attack by layers, this paper records and analyzes the chief information for attack, destination information of packets, defense policy setting, and the flow of packet attack with the subjects of the networks separated. This study suggests CFC system using multiple firewalls applying defense policy corresponding to the target layer for ultimate attack and tests it according to the result of analyzing the attack packet information and its amount, log analysis, access recording port, and MAC and IT information, etc. by layers. This article is meaningful in that it analyzes the attack by layers, establishes firewall policy for protecting each layer, and secures accurate mechanism for detect and defense.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.729-735
• /
• 2013

The recent issue of distributed denial of service attack paralyze major government and financial institution in internet sites. They threatened to the cyber security. There hasn't been easy defense of now using attack. There seems to be increases in damage. In this paper, The recent continue to evolve of distributed denial of service attack. DNS target of distributed denial of service attack give specific examples. but, DNS target of DDoS attacks about defense is insufficient. The DNS Cyber-shelter system was created based on the Cyber-shelter system for DDoS attack in Kisa.. We proposal DNS Cyber-shelter system.

• Journal of the Korea Society for Simulation
• /
• v.18 no.4
• /
• pp.39-47
• /
• 2009

Recently, the threat of DDoS attacks is increasing and many companies are planned to deploy the DDoS defense solutions in their networks. The DDoS attack usually transmits heavy traffic data to networks or servers and they cannot handle the normal service requests because of running out of resources. Since it is very hard to prevent the DDoS attack beforehand, the strategic plan is very important. In this work, we have conducted modeling and simulation of the DDoS attack by changing the number of servers and estimated the duration that services are available. In this work, the modeling and simulation is conducted using OPNET Modeler. The simulation result can be used as a parameter of trade-off analysis of DDoS defense cost and the service's value. In addition, we have presented a way of estimating the cost effectiveness in deployment of the DDoS defense system.

• Journal of the Korea Society for Simulation
• /
• v.18 no.4
• /
• pp.207-217
• /
• 2009

We propose a two-stage Distributed Denial of Service (DDoS) defense system, which can protect a given subnet by serving existing flows and new flows with a different priority based on IP history information. Denial of Service (DoS) usually occurs when the resource of a network node or link is limited and the demand of the users for that resource exceeds the capacity. The objective of the proposed defense system is to provide continued service to existing flows even in the presence of DDoS attacks. The proposed scheme can protect existing connections effectively with a smaller memory size by reducing the monitored IP address set through sampling and per-prefix history management. We evaluate the performance of the proposed scheme through simulation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.10
• /
• pp.732-742
• /
• 2016

This study suggests methods of defense against low-level high-bandwidth DDoS attacks by adding a solution with a time limit factor (TLF) to an existing high-bandwidth DDoS defense system. Low-level DDoS attacks cause faults to the service requests of normal users by acting as a normal service connection and continuously positioning the connected session. Considering this, the proposed method makes it possible for users to show a down-related session by considering it as a low-level DDoS attack if the abnormal flow is detected after checking the amount of traffic. However, the service might be blocked when misjudging a low-level DDoS attack in the case of a communication fault resulting from a network fault, even with a normal connection status. Thus, we made it possible to reaccess the related information through a certain period of blocking instead of a drop through blacklist. In a test of the system, it was unable to block the session because it recognized sessions that are simply connected with a low-level DDoS attack as a normal communication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4529-4548
• /
• 2016

DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.809-817
• /
• 2012

One of the OSI 7 Layer DDoS Attack, HTTP POST DDoS can deny legitimate service by web server resource depletion. This Attack can be executed with less network traffic and legitimate TCP connections. Therefore, It is difficult to distinguish DDoS traffic from legitimate users. In this paper, I propose an anomaly HTTP POST traffic detection algorithm and http each page Content-Length field size limit with defense method for HTTP POST DDoS attack. Proposed method showed the result of detection and countermeasure without false negative and positive to use the r-u-dead-yet of HTTP POST DDoS attack tool and the self-developed attack tool.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.375-378
• /
• 2009

DDoS attacks make people can't using normal internet service, because DDoS attacks cause exhaustion of network bandwidth or exhaustion of computer system resources by using many personal computers or servers which already infected computer virus from hackers. Recent DDoS attacks attack government brach, financial institution, even IT security company. IT security companies make Anti-DDoS product for defense from DDoS attack. But, There is no standard for BMT of Anti-DDoS product. In this dissertation, Anti-DDoS product quality characteristics of the survey analysis to evaluate them by comparing the assessment items were derived.

• Electronics and Telecommunications Trends
• /
• v.26 no.6
• /
• pp.154-163
• /
• 2011

최근 이동통신 네트워크 기술의 발전과 고성능 이동단말의 출현으로 인하여 다양한 서비스가 제공되고 있으며, 이로 인하여 이동통신 기술은 통신 인프라에서 생활 인프라로 진화하고 있다. 그러나 이러한 이동통신 환경의 변화는 네트워크의 안정성과 가용성을 위협하는 보안 위협도 증대시키고 있다. 본 고에서는 알려진 이동통신 네트워크에 대한 DDoS 공격기술과 그 대응기술, 그리고 현재 이동통신 보안을 위한 상용 제품들을 소개하고 향후 이동통신 네트워크 DDoS 대응기술의 발전 방향을 살펴보고자 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.1B
• /
• pp.8-19
• /
• 2010

In this paper, we propose the NCP (Network Control Platform)-based defense mechanism against DDoS (Distributed Denial of Service) attacks in order to guarantee the transmission of normal traffic and prevent the flood of abnormal traffic. We also define defense modules, the threshold and packet drop-rate used for the response against DDoS attacks. NCP analyzes whether DDoS attacks are occurred or not based on the flow and queue information collected from SR (Source Router) and VR (Victim Router). Attack packets are dopped according to drop rate decided from NCP. The performance is simulated using OPNET and evaluated in terms of the queue size of both SR and VR, the transmitted volumes of legitimate and attack packets at SR.