• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.924-926
• /
• 2011

악성코드의 지속적인 진화와 확대로 인해 악성코드 자체의 은닉 및 봇넷의 구성, C&C 서버의 구조뿐만 아니라 좀비 PC 를 이용한 DDoS 공격 방식에도 변화가 지속되고 있으며, 이에 대한 대등이 서비스 제공자에게 있어 가장 중요한 보호 이슈 중 하나로 대두되고 있다. 최근 이러한 DDoS 공격의 가장 일반적인 형태인 GET flooding 공격의 경우 리다이렉션 방법을 이용하여 회피하였지만, 최근들어 공격자가 일부 좀비 PC 를 이용하여 공격을 수행한 후 리다이렉션 페이지의 주소를 확보, C&C 서버를 통해 리다이렉션된 실제 응답페이지를 직접 공격하게 함으로써 이를 무력화 시키는 방법을 사용하고 있다. 본 논문은 호스트이름 변경, 페이지 주소 변경 등을 상황에 맞게 지속적으로 변경 적용하는 다이내믹 리다이렉션(Dynamic Redirection) 기법을 사용하여 효과적으로 리다이렉션 무력화 공격에 대응하는 방법을 제안한다.

• Journal of Advanced Navigation Technology
• /
• v.19 no.3
• /
• pp.257-263
• /
• 2015

Although a variety of preparation methods for DoS attacks and DDoS attacks are presented, it is still being exploited, the vulnerability with networks and protocols. In particular, When was built environment that can be used anywhere in the Internet, Internet of Things is entering era. Thus, the conventional computer, as well as household appliances, etc. DoS attack targets or are likely to do the attacker role is increasing. In this paper, we first find out about the type and characteristics of DoS attacks. Open source operating system, Linux has iptables that packet filtering tool and firewall programs. Using iptables to set the policy ruleset against DoS attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.7B
• /
• pp.489-498
• /
• 2005

A Denial of Sewice (DoS) attack attempts to prevent legitimate users of a sewice from being adequately served by monopolizing networks resources and, eventually, resulting in network or system congestion. This paper proposes a Minority First (MF) gateway, which is capable of guaranteeing the Quality of Service (QoS) of legitimate service traffic under DoS situations. A MF gateway can rapidly determine whether an aggregated flow is a congestion-inducer and can protect the QoS of legitimate traffic by providing high priority service to the legitimate as aggregate flows, and localize network congestion only upon attack traffic by providing low priority to aggregate flows regarded as congestion-inducer. We verify through simulation that the suggested mechanism possesses excellence in that it guarantees the QoS of legitimate traffic not only under a regular DoS occurrence, but also under a Distributed DoS (DDoS) attack which brings about multiple concurrent occurrences of network congestion.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.11B
• /
• pp.1297-1304
• /
• 2011

SIP(Session Initiation Protocol) has some security vulnerability because it works on the Internet. Therefore, the proxy server can be affected by the flooding attack such as DoS and service interruption. However, traditional schemes to corresponding Denial of Service attacks have some limitation. These schemes have high complexity and cannot protect to the variety of Denial of Service attack. In this paper, we newly define the normal user who makes a normal session observed by verifier module. Our method provides continuous service to the normal users in the various situations of Denial of Service attack as constructing a whitelist using normal user information. Various types of attack/normal traffic are modeled by using OPNET simulator to verify our scheme. The simulation results show that our proposed scheme can prevent DoS attack and achieve a low false rate and fast searching time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.93-102
• /
• 2007

A serious problem to fight DDoS attacks is that attackers use incorrect or spoofed IP addresses in the attack packets. Due to the stateless nature of the internet, it is a difficult problem to determine the source of these spoofed IP packets. The most of previous studies to prevent and correspond to DDoS attacks using the traceback mechanism have been accomplished in IPv4 environment. Even though a few studies in IPv6 environment were introduced, those have no detailed mechanism to cope with DDoS attacks. The mechanisms for tracing the origin of attacks in IPv6 networks have so many differences from those of IPv4 networks. In this paper we proposed a lightweight IP traceback mechanism in IPv6 network environment. When marking for traceback is needed, the router can generate Hop-by-Hop option and transmit the marked packet. We measured the performance of this mechanism and at the same time meeting the efficient marking for traceback.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.4
• /
• pp.1-10
• /
• 2021

The purpose of the study is to contribute to the positive development of blockchain technology by providing data to examine security vulnerabilities and threats to blockchain-based services and review countermeasures. The findings of this study are as follows. Threats to the security of blockchain-based services can be classified into application security threats, smart contract security threats, and network (P2P) security threats. First, application security threats include wallet theft (e-wallet stealing), double spending (double payment attack), and cryptojacking (mining malware infection). Second, smart contract security threats are divided into reentrancy attacks, replay attacks, and balance increasing attacks. Third, network (P2P) security threats are divided into the 51% control attack, Sybil attack, balance attack, eclipse attack (spread false information attack), selfish mining (selfish mining monopoly), block withholding attack, DDoS attack (distributed service denial attack) and DNS/BGP hijacks. Through this study, it is possible to discuss the future plans of the blockchain technology-based ecosystem through understanding the functional characteristics of transparency or some privacy that can be obtained within the blockchain. It also supports effective coping with various security threats.

• Journal of the Korean Professional Engineers Association
• /
• v.44 no.5
• /
• pp.26-30
• /
• 2011

The hacking attacks as a DDoS attack on a telecommunications network has depleted the network resources. When hacking attack occurs a user can not access to the network and can not use the telecommunication services. Professional Engineers with expertise and experience in the field of Information and communication could play an important role to respond to the hacking attacks. Professional Engineers will build the information and communication network system for the hacking countermeasures.

• Journal of Convergence for Information Technology
• /
• v.10 no.12
• /
• pp.22-30
• /
• 2020

With the development of information and communication technology, DDoS and DRDoS continue to become security issues, and gradually develop into advanced techniques. Recently, IT companies have been threatened with DRDoS technology, which uses protocols from normal servers to exploit as reflective servers. Reflective traffic is traffic from normal servers, making it difficult to distinguish from security equipment and amplified to a maximum of Tbps in real-life cases. In this paper, after comparing and analyzing the DNS amplification and Memcached amplification used in DRDoS attacks, a countermeasure that can reduce the effectiveness of the attack is proposed. Protocols used as reflective traffic include TCP and UDP, and NTP, DNS, and Memcached. Comparing and analyzing DNS protocols and Memcached protocols with higher response sizes of reflective traffic among the protocols used as reflective traffic, Memcached protocols amplify ±21% more than DNS protocols. The countermeasure can reduce the effectiveness of an attack by using the Memcached Protocol's memory initialization command. In future studies, various security-prone servers can be shared over security networks to predict the fundamental blocking effect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.103-113
• /
• 2017

Cyber attacks can be classified by type of cyber war, terrorism and crime etc., depending on the purpose and intent. Those are mobilized the various means and tactics which are like hacking, DDoS, propaganda. The damage caused by cyber attacks can be calculated by a variety of categories. We may identify cyber attackers to pursue trace-back based facts including digital forensics etc. However, recent cyber attacks are trying to induce confusion and deception through the manipulation of digital information or even conceal the attack. Therefore, we need to do the harm-based analysis. In this paper, we analyze the damage caused during cyber attacks from economic and political point of view and by inferring the attack intent could classify types of cyber attacks.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.