• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1913-1920
• /
• 2017

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.71-82
• /
• 2005

Though there are many authentication protocols for RFID system, only a few protocols support location privacy. Because of tag's hardware limitation, these protocols suffer from many security threats, especially from DoS (Denial of Service) attack. In this paper, we explain location privacy problem and show vulnerabilities of RFID authentication protocols. And then, we suggest an authentication protocol that is strong against location tracing, spoofing attack and DoS attack

• Journal of Multimedia Information System
• /
• v.7 no.2
• /
• pp.125-136
• /
• 2020

Nowadays, cloud computing is becoming more popular among companies. However, the characteristics of cloud computing such as a virtualized environment, constantly changing, possible to modify easily and multi-tenancy with a distributed nature, it is difficult to perform attack detection with traditional tools. This work proposes a solution which aims to collect traffic packets data by using Flume and filter them with Spark Streaming so it is possible to only consider suspicious data related to HTTP Slow Rate Denial-of-Service attacks and reduce the data that will be stored in Hadoop Distributed File System for analysis with the FP-Growth algorithm. With the proposed system, we also aim to address the difficulties in attack detection in cloud environment, facilitating the data collection, reducing detection time and enabling an almost real-time attack detection.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.675-689
• /
• 2021

Nowadays, cloud computing is being adopted for more organizations. However, since cloud computing has a virtualized, volatile, scalable and multi-tenancy distributed nature, it is challenging task to perform attack detection in the cloud following conventional processes. This work proposes a solution which aims to collect web server logs by using Flume and filter them through Spark Streaming in order to only consider suspicious data or data related to denial-of-service attacks and reduce the data that will be stored in Hadoop Distributed File System for posterior analysis with the frequent pattern (FP)-Growth algorithm. With the proposed system, we can address some of the difficulties in security for cloud environment, facilitating the data collection, reducing detection time and consequently enabling an almost real-time attack detection.

• ETRI Journal
• /
• v.44 no.2
• /
• pp.346-354
• /
• 2022

The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.629-630
• /
• 2009

센서 네트워크에 대한 보안은 일반 네트워크와 동일하게 보안성, 무결성, 가용성 등이 요구된다. 그러나 일반적으로 센서 네트워크는 무선 통신을 하는 네트워크이고, 고정된 인프라가 없으며, 네트워크 토폴로지가 자주 변하는 특징으로 인해 보안문제는 어려운 것으로 인식되고 있다. 특히, 센서 노드의 에너지와 같은 자원 고갈을 유발하여 정상적인 동작을 못하게 하는 서비스 거부(Denial of Service, DoS)와 같은 공격에 취약하다. 본 논문에서는 센서 네트워크의 구성을 분석하고, 이를 바탕으로 발생할 수 있는 DoS 공격 유형을 분석한다.

• Korea Information Processing Society Review
• /
• v.10 no.2
• /
• pp.58-63
• /
• 2003

본 고에서는 1.25 인터넷 대란과 같은 버퍼오버플로우를 이용해 침투하는 인터넷 웜 및 DOS (Denial of Service) 공격을 Secure OS(보안운영체제), IDS(Intrusion Detection System : 침입탐지시스템), Scanner(취약성진단도구), Firewall(침입차단시스템)의 지능형 상호연동 스킴을 이용해, 근본적인 대응이 가능한 지능형 다단계 정보보호체계를 제시하였다. 본 고에서 제시한 정보보호대응책은 고도로 지능화하고 있는 인터넷 웜 및 DoS(Denial of Service 서비스거부) 공격을 미연에 예방하고, 실시간으로 대응할 수 있는 시스템이 될 것이다.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.3011-3019
• /
• 1999

Denial of service is about knocking off services, without permission for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved. This paper analyses system-based inside denial of services attack(DoS) and system metric for performance of each machine provided. And formalize the conclusions results in ways that clearly expose the performance impact of those observations. So, we present new approach. It is detecting DoS attack using performance signature for system and program behavior. We present new approach. It is detecting DoS attack using performance signature for system and program behavior. We believe that metric will be to guide to automated development of a program to detect the attack. As a results, we propose the AIDPS(Architecture for Intrusion Detection using Performance Signature) model to detect DoS attack using performance signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6B
• /
• pp.259-269
• /
• 2008

Applying Varying Pseudonym (VP) to design of Radio Frequency Identification (RFID) authentication protocol outperforms the other existing approaches in several respects. However, this approach is prone to the well-known denial-ofservice (DOS) attack. In this paper, we examine the de-synchronization problems of VP-based RFID authentication protocols, and propose effective solutions to eliminate such weaknesses. We shall show that the proposed solutions indeed improve the security for these protocols, and moreover, these solutions require 0(1) computational cost for identitying a tag and 0(1) key space on the tag. These excellent performances make them very attractive to many RFID applications.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.101-108
• /
• 2022

We propose an intrusion detection model that detects denial-of-service(DoS) and distributed reflection denial-of-service(DRDoS) attacks, based on the empirical data of each internet of things(IoT) device by training system and network metrics that can be commonly collected from various IoT devices. First, we collect 37 system and network metrics from each IoT device considering IoT attack scenarios; further, we train them using six types of machine learning models to identify the most effective machine learning models as well as important metrics in detecting and distinguishing IoT attacks. Our experimental results show that the Random Forest model has the best performance with accuracy of over 96%, followed by the K-Nearest Neighbor model and Decision Tree model. Of the 37 metrics, we identified five types of CPU, memory, and network metrics that best imply the characteristics of the attacks in all the experimental scenarios. Furthermore, we found out that packets with higher transmission speeds than larger size packets represent the characteristics of DoS and DRDoS attacks more clearly in IoT networks.