• 한국통신학회논문지
• /
• 제27권8C호
• /
• pp.741-747
• /
• 2002

본 논문에서는 새로운 DDOS(Distributed Denial Of Service) 공격 형태와 이를 방어하기 위한 메카니즘을 제안한다. 현재까지의 DDOS는 최종 공격 목표가 특정 호스트이지만, 진보된 공격 형태로 특정 라우터가 공격의 대상이 될 수 있다. 이러한 공격은 특정 라우터의 관리하에 있는 다수의 호스트를 공격 대상으로 하는 것으로 특정 호스트가 서비스 불가능 상태가 되는 것 이상으로 피해는 심각하다고 할 수 있다. 라우터의 생존성 개념을 적용하여 DDOS 공격 하에서도 라우터가 서비스 불능 상태가 되지 않도록 라우터가 능동적으로 링크의 대역폭을 조절하여 트래픽의 양을 조절할 수 있도록 한다.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2151-2154
• /
• 2003

Internet is deeply rooted in everyday life and many things are performed using internet in real-world, therefore internet users increased because of convenience. Also internet accident is on the increase rapidly. The security vendor developed security system to protect network and system from intruder. Many hackings can be prevented and detected by using these security solutions. However, the new hacking methods and tools that can detour or defeat these solutions have been emerging and even script kids using these methods and tools can easily hack the systems. In consequence, system has gone through various difficulties. So, Necessity of intruder trace-back technology is increased gradually. Trace-back technology is tracing back a malicious hacker to his real location. trace-back technology is largely divided into TCP connection trace-back and IP packet trace-back to trace spoofed IP of form denial-of-service attacks. TCP connection trace-back technology that autonomously traces back the real location of hacker who attacks system using stepping stone at real time. In this paper, We will describe watermark trace-back system using TCP hijacking technique to supplement difficult problem of connection maintenance happened at watermark insertion. Through proposed result, we may search attacker's real location which attempt attack through multiple connection by real time.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권4호
• /
• pp.2149-2170
• /
• 2017

Application-layer Distributed Denial-of-Service (DDoS) attack is one of the leading security problems in the Internet. In recent years, the attack strategies of application-layer DDoS have rapidly developed. This paper introduces a new attack strategy named Path Vulnerabilities-Based (PVB) attack. In this attack strategy, an attacker first analyzes the contents of web pages and subsequently measures the actual response time of each webpage to build a web-resource-weighted-directed graph. The attacker uses a Top M Longest Path algorithm to find M DDoS vulnerable paths that consume considerable resources when sequentially accessing the pages following any of those paths. A detection mechanism for such attack is also proposed and discussed. A finite-state machine is used to model the dynamical processes for the state of the user's session and monitor the PVB attacks. Numerical results based on real-traffic simulations reveal the efficiency of the attack strategy and the detection mechanism.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제4권2호
• /
• pp.191-204
• /
• 2010

There is a well-defined propagation model, named the random constant spread (RCS) model, which explains worms that spread their clones with a random scanning strategy. This model uses the number of infected hosts in a domain as a factor in the worms' propagation. However, there are difficulties in explaining the characteristics of new Internet worms because they have several considerable new features: the denial of service by network saturation, the utilization of a faster scanning strategy, a smaller size in the worm's propagation packet, and to cause maximum damage before human-mediated responses are possible. Therefore, more effective factors are required instead of the number of infected hosts. In this paper, the network bandwidth usage rate is found to be an effective factor that explains the propagations of the new Internet worms with the random scanning strategy. The analysis and simulation results are presented using this factor. The simulation results show that the scan rate is more sensitive than the propagation packet for detecting worms' propagations.

• 한국시뮬레이션학회논문지
• /
• 제11권2호
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• 한국컴퓨터정보학회논문지
• /
• 제21권1호
• /
• pp.85-90
• /
• 2016

In this paper, the biometric data is transmitted in real time from the IoT environment is runoff, forgery, alteration, prevention of the factors that can be generated from a denial-of-service in advance, and the security strategy for the biometric data to protect the biometric data secure from security threats offer. The convenience of living in our surroundings to life with the development of ubiquitous computing and smart devices are available in real-time. And is also increasing interest in the IOT. IOT environment is giving the convenience of life. However, security threats to privacy also are exposed for 24 hours. This paper examines the security threats to biological data to be transmitted in real time from IOT environment. The technology for such security requirements and security technology according to the analysis of the threat. And with respect to the biometric data transmitted in real time on the IoT environment proposes a security strategy to ensure the stability against security threats and described with respect to its efficiency.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2015년도 추계학술발표대회
• /
• pp.740-743
• /
• 2015

The increasing complexity of integrated circuits and IP-based hardware designs have created the risk of hardware Trojans. This paper introduces a new type of threat, the coherence-exploiting hardware Trojan. This Trojan can be maliciously implanted in master components in a system, and continuously injects memory read transactions on to bus or main interconnect. The injected traffic forces the eviction of cache lines, taking advantage of cache coherence protocols. This type of Trojans insidiously slows down the system performance, incurring Denial-of-Service (DoS) attack. We used Xilinx Zynq-7000 device to implement and evaluate the coherence-exploiting Trojan. The malicious traffic was injected through the AXI ACP interface in Zynq-7000. Then, we collected the L2 cache eviction statistics with performance counters. The experiment results reveal the severe threats of the Trojan to the system performance.

• 정보처리학회논문지C
• /
• 제10C권3호
• /
• pp.253-264
• /
• 2003

본 연구에서는 웹 서비스를 대상으로 한 다양한 DDoS 공격이 진행 중일 때 패킷들의 TCP 헤더 내에 SYN, ACK 혹은 RST 등 다양한 플래그 값들이 설정된 패킷의 수와 총 패킷수와의 비율을 조사 분석하였다. 그 결과, 특정 플래그가 설정된 패킷 수의 비율이 각각의 DDoS 공격 유형에 따라서 매우 독특한 특성을 가짐을 발견하였다. 본 연구의 결과로 얻어진 이 특징들은 DDoS 공격을 조기에 탐지하는 기법과 시스템을 DDoS 공격으로부터 보호하는 기법 연구에 많은 도움을 줄 것으로 예상된다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권12호
• /
• pp.5616-5642
• /
• 2016

Different from traditional auctions, electronic auctions provide a platform to allow bidders and auctioneers merchandise to each other over network anytime and anywhere. Auctioneers can publish information of goods, and bidders can choose the interested targets through this bidding platform. To ensure the fairness and security of electronic auctions, Li et al. have proposed a practical electronic auction scheme which can confirm the requirement of strong anonymity, bidding privacy, and secret bidding price. However, we have found out that Li et al.'s scheme may lurk the risk of the denial-of-service attack during the bidding phase in a sealed-bid auction. Thus, we propose a brand-new sealed-bid auction mechanism, in which the essentials of e-auction can be firmly preserved. In particular, each bidder only needs to register at the center once and then can join to multiple plays launched by different auctioneers. Moreover, the correctness of mutual authentication is confirmed according to the BAN logic model.

• 한국IT서비스학회지
• /
• 제21권5호
• /
• pp.65-79
• /
• 2022

The smart factory has spread to small and mid-size enterprises (SMEs) under the leadership of the government. Smart factory consists of a work area, an operation management area, and an industrial control system (ICS) area. However, each site is combined with the IT system for reasons such as the convenience of work. As a result, various breaches could occur due to the weakness of the IT system. This study seeks to discover the items and vulnerabilities that SMEs who have difficulties in information security due to technology limitations, human resources, and budget should first diagnose and check. First, to compare the existing domestic and foreign smart factory vulnerability classification systems and improve the current classification system, the latest smart factory vulnerability information is collected from NVD, CISA, and OWASP. Then, significant keywords are extracted from pre-processing, co-occurrence network analysis is performed, and the relationship between each keyword and vulnerability is discovered. Finally, the improvement points of the classification system are derived by mapping it to the existing classification system. Therefore, configuration and maintenance, communication and network, and software development were the items to be diagnosed and checked first, and vulnerabilities were denial of service (DoS), lack of integrity checking for communications, inadequate authentication, privileges, and access control in software in descending order of importance.