• Title/Summary/Keyword: Denial of Service

Search Result 403, Processing Time 0.028 seconds

Design and Implementation of a Traceback System based on Multi-Agents (다중 에이전트를 이용한 역추적 시스템 설계 및 구현)

  • 정종민;이지율;이구연
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.3-11
    • /
    • 2003
  • It is very important to detect and remove original sources of various attacks through networks. One of the effective method to detect the sources is traceback systems. In this paper, we design and implement an agent-based traceback system that does not require the reaction of routers and administrators and does not need numerous log data. In the design, we introduce a traceback server and traceback agents in each network Using sniffing and spoofing, the server transmits a packet with a specific message. The agents detect the packet and provide the information for the server to trace back the original source.

Improved Password Change Protocol Using One-way Function (일방향 함수를 이용한 개선된 패스월드 변경 프로토콜)

  • Jeon Il-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.2
    • /
    • pp.121-127
    • /
    • 2006
  • Recently, Chang et at.$^[9]$ proposed a new password-based key agreement protocol and a password change protocol to improve the efficiency in the password-based authenticated key agreement protocol proposed by Yeh et at.$^[8]$. However, Wang et al.$^[10]$ showed that their protected password change protocol is not secure under the denial of service attack and the dictionary attack This paper proposes an improved password change protocol to solve this problems in the Chang et al's protocol. In the proposed protocol, the format of communication messages is modified not to have any clue for the guessing of the password and verifying of the guessed password. The proposed protocol supports the advantages in the previous password-based protocols and solves the problems in them effectively.

A study on Countermeasures by Detecting Trojan-type Downloader/Dropper Malicious Code

  • Kim, Hee Wan
    • International Journal of Advanced Culture Technology
    • /
    • v.9 no.4
    • /
    • pp.288-294
    • /
    • 2021
  • There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

Multicore Flow Processor with Wire-Speed Flow Admission Control

  • Doo, Kyeong-Hwan;Yoon, Bin-Yeong;Lee, Bhum-Cheol;Lee, Soon-Seok;Han, Man Soo;Kim, Whan-Woo
    • ETRI Journal
    • /
    • v.34 no.6
    • /
    • pp.827-837
    • /
    • 2012
  • We propose a flow admission control (FAC) for setting up a wire-speed connection for new flows based on their negotiated bandwidth. It also terminates a flow that does not have a packet transmitted within a certain period determined by the users. The FAC can be used to provide a reliable transmission of user datagram and transmission control protocol applications. If the period of flows can be set to a short time period, we can monitor active flows that carry a packet over networks during the flow period. Such powerful flow management can also be applied to security systems to detect a denial-of-service attack. We implement a network processor called a flow management network processor (FMNP), which is the second generation of the device that supports FAC. It has forty reduced instruction set computer core processors optimized for packet processing. It is fabricated in 65-nm CMOS technology and has a 40-Gbps process performance. We prove that a flow router equipped with an FMNP is better than legacy systems in terms of throughput and packet loss.

Secure-FMIPv6: A Study on Secure Fast Handover based on ID-based Cryptosystem (Secure-FMIPv6: ID 기반 암호시스템에 기반한 안전한 Fast 핸드오버 연구)

  • Lee Woo-Chan;Jung Soo-Jin;Lee Jong-Hyouk;Han Young-Ju;Chung Tai-Myoung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2006.05a
    • /
    • pp.905-908
    • /
    • 2006
  • MIPv6 는 MN(Mobile Node)가 자신의 홈 네트워크를 벗어나 외부 네트워크로 이동하여도 다른 노드들과 끊김 없이 지속적인 통신을 할 수 있게 해주는 인터넷 프로토콜이다. MN 은 외부네트워크로 이동 후 HA(Home Agent) 및 CN(Correspondent Node)로 핸드오버(Handover) 동작의 수행하며 이로 인한 지연이 발생하게 된다. 이러한 지연을 줄이기 위한 대책으로 Fast 핸드오버가 등장하였다. Fast 핸드오버 과정에서 MN 은 이동하려는 서브넷의 라우터(New Access Router: NAR)로의 전환을 위하여 현재 연결된 AR 과 미리 정보를 주고 받게 되고, 이동이 발생한 후에 NAR 과의 핸드오버 지연시간이 감소하게 된다. 반면 공격자가 flooding 을 통해 MN 에게 DoS(Denial of Service) 공격을 가하여 MN 을 다운시킨 후, MN 으로 위장하여 데이터를 가로채는 취약점이 존재한다. 본 논문에서는 위의 취약점을 보완하기 위하여 핸드오버 과정에서 주고받는 메세지에 대한 기밀성 및 노드 인증을 제공하는 ID 기반 암호시스템에 기반한 안전한 Fast 핸드오버 방식을 제안한다. 제안하는 모델은 메시지의 암호화와 노드 인증을 통해 무결성 및 기밀성을 보장하고 Traditional PKI 시스템에 비해 공개키 인증시간을 단축하는 이점을 가질 것으로 기대된다.

  • PDF

Knowledge-based Modeling for System Security (시스템 보안을 위한 지식기반 모델링)

  • 서희석;김희원
    • Journal of the Korea Computer Industry Society
    • /
    • v.4 no.4
    • /
    • pp.491-500
    • /
    • 2003
  • The need for network security is being increasing due to the development of information communication and internet technology, In this paper, firewall models, operating system models and other network component models are constructed. Each model Is defined by basic or compound model using MODSIM III. In this simulation environment with representative attacks, the following attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service. The simulation is performed with the models that exploited various security policies against these attacks. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

  • PDF

Anomaly Detection Method Using Entropy of Network Traffic Distributions (네트워크 트래픽 분포 엔트로피를 이용한 비정상행위 탐지 방법)

  • Kang Koo-Hong;Oh Jin-Tae;Jang Jong-Soo
    • The KIPS Transactions:PartC
    • /
    • v.13C no.3 s.106
    • /
    • pp.283-294
    • /
    • 2006
  • Hostile network traffic is often different from normal traffic in ways that can be distinguished without knowing the exact nature of the attack. In this paper, we propose a new anomaly detection method using inbound network traffic distributions. For this purpose, we first characterize the traffic of a real campus network by the distributions of IP protocols, packet length, destination IP/port addresses, TTL value, TCP SYN packet, and fragment packet. And then we introduce the concept of entropy to transform the obtained baseline traffic distributions into manageable values. Finally, we can detect the anomalies by the difference of entropies between the current and baseline distributions. In particular, we apply the well-known denial-of-service attacks to a real campus network and show the experimental results.

RFID Mutual Authentication Protocol Using Nonfixed Symmetric Key Based on Shift Computation and Random Number (시프트 연산과 난수를 이용한 가변적 대칭키 기반의 RFID 상호인증 프로토콜)

  • Lee, Jae-Kang;Oh, Se-Jin;Chung, Kyung-Ho;Lee, Chang-Hee;Ahn, Kwang-Seon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.5B
    • /
    • pp.377-384
    • /
    • 2012
  • RFID system is a technique to obtain information of tag using radio frequency. Specificity of RFID systems using radio frequency has many problems that is eavesdropping, location tracking, spoofing attack, replay attack, denial of service attack. So, RFID protocol should be used cryptographic methods and mutual authentication for security and privacy. In this paper, we explain the problem of past protocol and propose the nonfixed symmetric key-based RFID mutual authentication protocol using shift computation and random number. Proposed protocol is secure from various attacks. Because it use shift operation and non-fixed symmetric key.

Enhancement of WiBro PKMv2 EAP-AKA Authentication Security Against Rogue BS based Redirection Attacks (WiBro PKMv2 EAP-AKA 기반 인증 과정에서의 Redirection Attack 에 대한 보안 취약성 및 개선 방안)

  • Lee, Hyun-Chul;Eom, Sung-Hyun;Cho, Sung-Jae;Choi, Hyoung-Kee
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2007.11a
    • /
    • pp.1210-1213
    • /
    • 2007
  • WiBro는 무선랜과 3G 이동통신의 장점을 결합한 휴대 인터넷 기술로 최근 국내에서 상용화 되었다. WiBro의 장점인 이동성과 고속 무선 통신에 기인하여, 향후 지속적인 발전이 기대된다. 이러한 WiBro의 확산에 따라 개인 사용자에 대한 보안문제가 최근 크게 부각되고 있다. 현재 Wibro는 3G 이동통신 및 무선랜과 효율적인 연동을 위해 EAP-AKA 인증기법을 사용하고 있다. 하지만 EAP-AKA는 단말이 기지국을 인증하지 못하는 치명적인 취약점이 있다. 따라서 공격자는 임의로 rogue BS를 설치할 수 있고, 정상 사용자의 데이터를 이종 네트워크로 보내는 Redirection Attack을 시도할 수 있다. Redirection Attack은 전송 속도 저하, Denial-of-Service (DoS) 을 초래하며, 데이터가 redirection 되는 이종 네트워크에 따라 암호화된 데이터가 노출될 수 있다. 본 논문에서는 EAP-AKA와 Redirection Attack에 대해 분석하고, 그 해결책을 제시한다. 논문은 1) 프로토콜을 일부 수정하여 공격을 막는 방법과 2) traffic 분석을 통한 공격 탐지 방식을 다루고 있으며, 이러한 두 가지 방법을 통해 Redirection Attack에 대한 취약점을 근본적으로 제거할 수 있다.

  • PDF

Designing A Smart TAP for Inter-Network Protection (내부 네트워크 보호를 위한 차단 지능형 TAP의 설계)

  • Kang, You-Sung;Kim, Jong-Su;Chung, Ki-Hyun;Choi, Kyung-Hee
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2003.05b
    • /
    • pp.1357-1360
    • /
    • 2003
  • 인터넷과 네트워크 기술의 발달은 실생활에 많은 편리함을 주고 있지만 그에 따른 여러 가지 부작용들도 많이 나타나고 있다. 그 중 가장 심각한 문제는 보안 사고에 의한 피해인데, 최근에는 특정 장치를 해킹하여 자료를 망가뜨리는 것보다 불특정 다수에 의한 과다한 트래픽 생성 공격이 더 많아지고 있다. 특히 DoS/DDoS(Distributed Denial of Service)와 같은 공격은 공격자가 네트워크 전문지식을 가지고 있지 않아도 공격을 할 수 있고 원천적인 방어 방법이 없다는 점에서 심각성이 증대되고 있다. 본 논문에서는 네트워크 모니터링에 사용되는 TAP(Test Access Port)의 기반 기술을 이용하여 평시에는 TAP 의 본 기능을 수행하다 DoS/DDoS 공격과 같이 과다한 네트워크 트래픽 발생으로 장비가 멈추거나 망가지는 상황 등의 장애 발생시 내부 네트워크를 외부와 물리적으로 분리할 수 있는 지능형 TAP(S-TAP)에 대한 설계에 대해 설명하였다. 또한 S-TAP을 이용하여 기존 네트워크에 적용될 수 있는 환경을 제시하여 S-TAP의 유용성도 언급하였다.

  • PDF