• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.1B
• /
• pp.8-19
• /
• 2010

In this paper, we propose the NCP (Network Control Platform)-based defense mechanism against DDoS (Distributed Denial of Service) attacks in order to guarantee the transmission of normal traffic and prevent the flood of abnormal traffic. We also define defense modules, the threshold and packet drop-rate used for the response against DDoS attacks. NCP analyzes whether DDoS attacks are occurred or not based on the flow and queue information collected from SR (Source Router) and VR (Victim Router). Attack packets are dopped according to drop rate decided from NCP. The performance is simulated using OPNET and evaluated in terms of the queue size of both SR and VR, the transmitted volumes of legitimate and attack packets at SR.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.3
• /
• pp.482-488
• /
• 2009

Mobile Ad-hoc Networks provide communication without a centralized infrastructure, which makes them suitable for communication in disaster areas or when quick deployment is needed. On the other hand, they are susceptible to malicious exploitation and have to face different challenges at different layers due to its open Ad-hoc network structure which lacks previous security measures. Denial of service (DoS) attack is one that interferes with the radio transmission channel causing a jamming attack. In this kind of attack, an attacker emits a signal that interrupts the energy of the packets causing many errors in the packet currently being transmitted. In harsh environments where there is constant traffic, a jamming attack causes serious problems; therefore measures to prevent these types of attacks are required. The objective of this paper is to carry out the simulation of the jamming attack on the nodes and determine the DoS attacks in OPNET so as to obtain better results. We have used effective anomaly detection system to detect the malicious behaviour of the jammer node and analyzed the results that deny channel access by jamming in the mobile Ad-hoc networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.15-25
• /
• 2007

According to augmentation about interesting and demanding of privacy over the rest few years, researches that provide anonymity have been conducted in a number of applications. The ad hoc routing with providing anonymity protects privacy of nodes and also restricts collecting network information to malicious one. Until recently, quite a number of anonymous routing protocols have been proposed, many of them, however, do not make allowance for authentication. Thus, they should be able to have vulnerabilities which are not only modifying packet data illegally but also DoS(denial of service) attack. In this paper, we propose routing protocol with providing both anonymity and authentication in the mobile ad hoc network such as MANET, VANET, and more. This scheme supports all of the anonymity properties which should be provided in Ad Hoc network. In addition, based on the group signature, authentication is also provided for nodes and packets during route discovery phase. Finally, route discovery includes key-agreement between source and destination in order to transfer data securely.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.4
• /
• pp.19-25
• /
• 2010

In this paper, the performance of the DoS information security algorithm is evaluated to provide the multimedia traffic between the nodes using the multicasting services. The essence technology for information security to distribute the multimedia contents is presented. Under the multicasting services, a node participating new group needs a new address and the node compares the collision with the existing nodes, then DoS attack can be occurred between the nodes by a malicious node. Using the NS2 simulator, the number of DoS attacks, the average number of trials to generate new address, and the average time to create address are analyzed. From simulation results, the efficient algorithm with relevant random number design according to the DRM network is needed to provide secure multimedia contents distribution.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4C
• /
• pp.559-569
• /
• 2004

It has become more difficult to correspond an cyber attack quickly as a pattern of attack becomes various and complex. And, current security mechanisms just have passive defense functionalities. In this paper, we propose new network security architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture make possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service) using active packet technology including a mobile sensor on active network. Active Security Management System based on proposed security architecture consists of active security node and active security server in a security zone, and is designed to have more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of Active Security Management System. The experimentation results are analyzed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.119-129
• /
• 2011

TCP-related Flooding attacks still dominate Distributed Denial of Service Attack. It is a great challenge to accurately detect the TCP flood attack in hish speed network. In this paper, we propose the NIC_Cookie logic implementation, which is a kind of security offload engine against TCP-related DDoS attacks, on network interface card. NIC_Cookie has robustness against DDoS attack itself and it is independent on server OS and external network configuration. It supports not IP-based response method but packet-level response, therefore it can handle attacks of NAT-based user group. We evaluate that the latency time of NIC_Cookie logics is $7{\times}10^{-6}$ seconds and we show 2Gbps wire-speed performance through a benchmark test.

• The Journal of Society for e-Business Studies
• /
• v.17 no.3
• /
• pp.117-128
• /
• 2012

There was a large scale of DDoS(Distributed Denial of Service) attacks mostly targeted at Korean government web sites and cooperations's on March 4, 2010(3.4 DDoS attack) after 7.7 DDoS on July 7, 2009. In these days, anyone can create zombie PCs to attack someone's website with malware development toolkits and farther more improve their knowledge of hacking skills as well as toolkits because it has become easier to obtain these toolkits on line, For that trend, it has been difficult for computer security specialists to counteract DDoS attacks. In this paper, we will introduce an essential control list to prevent malware infection with live forensics techniques after analysis of monitoring network systems and PCs. Hopefully our suggestion of how to coordinate a security monitoring system in this paper will give a good guideline for cooperations who try to build their new systems or to secure their existing systems.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.10
• /
• pp.491-498
• /
• 2005

The Denial of Service(DoS) attacks, which are done by consuming all of the computing or communication resources necessary for the services, are known very difficult to be protected from. TCP has drawbacks in its connection establishment for possible DoS attacks. TCP maintains the state of each partly established connection in the connection queue until it is established completely and accepted by the application. The attackers can make the queue full by sending connection requests repeatedly and not completing the connection establishment steps for those requests. In this paper, we have designed and implemented the extended TCP for preventing from SYN Flood DoS attacks. In the extended TCP, the state of each partly established connection is not maintained in the queue until the connection is established completely. For the extended TCP, we have modified the 3-way handshake procedure of TCP and implemented the extended TCP in the Linux operating system. The test result shows $0.05\%$ delay more than original TCP, but it shows that the extended TCP is strong for SYN Flood attacks.

• Journal of Internet Computing and Services
• /
• v.17 no.3
• /
• pp.1-10
• /
• 2016

Information and network technology become the rapid development, so various online services supplied by multimedia systems are provided through the Internet. Because of intrinsic open characteristic on Internet, network systems need to provide the data protection and the secure authentication. So various researchers including Das, An, and Li&Hwang proposed the biometric-based user authentication scheme but they has some security weakness. To solve their problem, Li et al. proposed new scheme using fuzzy extraction, but it is weak on off-line password attack, authentication without biometrics, denial-of-service and insider attack. So, we proposed security enhanced user authentication scheme with key agreement to address the security problem of authentication schemes.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.729-732
• /
• 2010

통신망의 발달로 다양한 인터넷 기반 기술들이 등장함에 따라 현재는 데이터뿐만 아닌 음성에 대한 부분도 IP 네트워크를 통해 전송하려는 움직임이 발판이 되어 VoIP(Voice Over Internet Protocol)라는 기술이 등장하였다. SIP(Session Initiation Protocol) 프로토콜 기반 VoIP 서비스는 통신 절감 효과가 큰 장점과 동시에 다양한 부가서비스를 제공하여 사용자 수가 급증하고 있다. VoIP 서비스는 호(Call)를 제어하기 위해 SIP 기반으로 구성이 되며, SIP 프로토콜은 IP 망을 이용하여 다양한 음성과 멀티미디어 서비스를 제공하게 되는데 IP 프로토콜에서 발생하는 인터넷 보안 취약점을 그대로 동반하기 때문에 DoS(Denial of Service) 및 DDoS(Distribute Denial of Service)에 취약한 성향을 가지고 있다. DDoS 공격은 단시간 내에 대량의 패킷을 타깃 호스트 또는 네트워크에 전송하여 네트워크 접속 및 서비스 기능을 정상적으로 작동하지 못하게 하거나 시스템의 고장을 유도하게 된다. 인터넷 기반 생활이 일상화 되어 있는 현 시점에서 안전한 네트워크 환경을 만들기 위해 DDoS 공격에 대한 대응 방안이 시급한 시점이다. DDoS 공격에 대한 탐지는 매우 어렵기 때문에 근본적인 대책 마련에 대한 연구가 필요하며, 정상적인 트래픽 및 악의적인 트래픽에 대한 탐지 시스템 개발이 절실히 요구되는 사항이다. 본 논문에서는 SIP 프로토콜 및 공격기법에 대해 조사하고, DoS와 DDoS 공격에 대한 특성 및 종류에 대해 조사하였으며, SIP를 이용한 VoIP 서비스에서 IP 분류와 메시지 중복 검열을 통한 DDoS 공격 탐지기법을 제안한다.