• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.895-909
• /
• 2013

Distributed Denial-of-Service (DDoS) attacks towards name servers of the Domain Name System (DNS) have threaten to disrupt this critical service. This paper studies the vulnerability of the cache server to the flooding DNS query traffic. As the resolution service provided by cache server, the incoming DNS requests, even the massive attacking traffic, are maintained in the waiting queue. The sojourn of requests lasts until the corresponding responses are returned from the authoritative server or time out. The victim cache server is thus overloaded by the pounding traffic and thereafter goes down. The impact of such attacks is analyzed via the model of queuing process in both cache server and authoritative server. Some specific limits hold for this practical dual queuing process, such as the limited sojourn time in the queue of cache server and the independence of the two queuing processes. The analytical results are presented to evaluate the impact of DDoS attacks on cache server. Finally, numerical results are provided for further analysis.

• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.374-386
• /
• 2022

Nowadays, research in deep learning leveraged automated computing and networking paradigm evidenced rapid contributions in terms of Software Defined Networking (SDN) and its diverse security applications while handling cybercrimes. SDN plays a vital role in sniffing information related to network usage in large-scale data centers that simultaneously support an improved algorithm design for automated detection of network intrusions. Despite its security protocols, SDN is considered contradictory towards DDoS attacks (Distributed Denial of Service). Several research studies developed machine learning-based network intrusion detection systems addressing detection and mitigation of DDoS attacks in SDN-based networks due to dynamic changes in various features and behavioral patterns. Addressing this problem, this research study focuses on effectively designing a multistage hybrid and intelligent deep learning classifier based on modified deep forest classification to detect DDoS attacks in SDN networks. Experimental results depict that the performance accuracy of the proposed classifier is improved when evaluated with standard parameters.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.135-140
• /
• 2015

The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.729-735
• /
• 2013

The recent issue of distributed denial of service attack paralyze major government and financial institution in internet sites. They threatened to the cyber security. There hasn't been easy defense of now using attack. There seems to be increases in damage. In this paper, The recent continue to evolve of distributed denial of service attack. DNS target of distributed denial of service attack give specific examples. but, DNS target of DDoS attacks about defense is insufficient. The DNS Cyber-shelter system was created based on the Cyber-shelter system for DDoS attack in Kisa.. We proposal DNS Cyber-shelter system.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.5
• /
• pp.429-437
• /
• 2015

DDoS attacks have been used for paralyzing popular Internet services. Especially, amplification attacks have grown dramatically in recent years. Defending against amplification attacks is challenging since the attacks usually generate extremely hugh amount of traffic and attack traffic is coming from legitimate servers, which is hard to differentiate from normal traffic. Moreover, some of protocols used by amplification attacks are widely adopted in IoT devices so that the number of servers susceptible to amplification attacks will continue to increase. This paper studies on the analysis of amplification attack mechanisms in detail and proposes defense methodologies for scenarios where attackers, abused servers or victims are in a monitoring network.

• Journal of Internet Computing and Services
• /
• v.11 no.2
• /
• pp.85-98
• /
• 2010

An advanced and proactive response mechanism against diverse attacks on All-IP network should be proposed for enhancing its security and reliability on open network. There are two main research works related to this study. First one is the SPIE system with hash function on Bloom filter and second one is the Sinkhole routing mechanism using BGP protocol for verifying its transmission path. Therefore, advanced traceback and network management mechanism also should be necessary on All-IP network environments against DDoS attacks. In this study, we studied and proposed a new IP traceback mechanism on All-IP network environments based on existing SPIE and Sinkhole routing model when diverse DDoS attacks would be happen. Proposed mechanism has a Manager module for controlling the regional router with using packet monitoring and filtering mechanism to trace and find the attack packet's real transmission path. Proposed mechanism uses simplified and optimized memory for storing and memorizing the packet's hash value on bloom filter, with which we can find and determine the attacker's real location on open network. Additionally, proposed mechanism provides advanced packet aggregation and monitoring/control module based on existing Sinkhole routing method. Therefore, we can provide an optimized one in All-IP network by combining the strength on existing two mechanisms. And the traceback performance also can be enhanced compared with previously suggested mechanism.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1913-1920
• /
• 2017

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.7
• /
• pp.87-91
• /
• 2019

In the IoT(Internet of Things) environment, various devices are utilized and applied for different sites. But attackers can access easy to IoT systems, and try to operate DDoS(Distributed Denial-of-Service) attacks. In this paper, Sensor nodes, Cluster heads, and Gateways operates lightweight mutual authentication each others. Since authenticated sensor nodes and cluster heads only send transactions to Gateways, proposed techniques prevent DDoS attacks. In addition, the blockchain system contains secure keys to decrypt data from sensor nodes. Therefore, attackers can not decrypt the data even if the data is eavesdropped.

• ETRI Journal
• /
• v.41 no.5
• /
• pp.560-573
• /
• 2019

Two supervised learning algorithms, a basic neural network and a long short-term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.170-178
• /
• 2024

Through the growth of the fifth-generation networks and artificial intelligence technologies, new threats and challenges have appeared to wireless communication system, especially in cybersecurity. And IoT networks are gradually attractive stages for introduction of DDoS attacks due to integral frailer security and resource-constrained nature of IoT devices. This paper emphases on detecting DDoS attack in wireless networks by categorizing inward network packets on the transport layer as either "abnormal" or "normal" using the integration of machine learning algorithms knowledge-based system. In this paper, deep learning algorithms and CNN were autonomously trained for mitigating DDoS attacks. This paper lays importance on misuse based DDOS attacks which comprise TCP SYN-Flood and ICMP flood. The researcher uses CICIDS2017 and NSL-KDD dataset in training and testing the algorithms (model) while the experimentation phase. accuracy score is used to measure the classification performance of the four algorithms. the results display that the 99.93 performance is recorded.