• Proceedings of the IEEK Conference
• /
• 2002.06e
• /
• pp.43-46
• /
• 2002

This paper deals with a denial of service is about without permission knocking off service, for example through crashing the whole system. Another definition is that denial of service is seeing to that someone don't get what they paid for. The Network Denial of service Attack Detection System designed and implemented through suggested algorithm can detect attacking from the outside among denial of service attacks. It shown that designed system gives the system administrator the opportunity to detect denial of service attack.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.587-593
• /
• 2021

In this thesis, we will break away from the classic DDoS response system for large-scale denial-of-service attacks that develop day by day, and effectively endure intelligent denial-of-service attacks by utilizing artificial intelligence-based technology, one of the core technologies of the 4th revolution. A possible service model development plan was proposed. That is, a method to detect denial of service attacks and minimize damage through machine learning artificial intelligence learning targeting a large amount of data collected from multiple security devices and web servers was proposed. In particular, the development of a model for using artificial intelligence technology is to detect a Western service attack by focusing on the fact that when a service denial attack occurs while repeating a certain traffic change and transmitting data in a stable flow, a different pattern of data flow is shown. Artificial intelligence technology was used. When a denial of service attack occurs, a deviation between the probability-based actual traffic and the predicted value occurs, so it is possible to respond by judging as aggressiveness data. In this paper, a service denial attack detection model was explained by analyzing data based on logs generated from security equipment or servers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.63-73
• /
• 2010

Malicious bot programs, the source of distributed denial of service attack, are widespread and the number of PCs which were infected by malicious bot program are increasing geometrically thesedays. The continuous distributed denial of service attacks are happened constantly through these bot PCs and some financial incident cases have found lately. Therefore researches to response distributed denial of service attack are necessary so we propose an effective feature generation method for distributed denial of service attack detection using entropy. In this paper, we apply our method to both the DARPA 2000 datasets and also the distributed denial of service attack datasets that we composed and generated ourself in general university. And then we evaluate how the proposed method is useful through classification using bayesian network classifier.

• Journal of Multimedia Information System
• /
• v.7 no.2
• /
• pp.125-136
• /
• 2020

Nowadays, cloud computing is becoming more popular among companies. However, the characteristics of cloud computing such as a virtualized environment, constantly changing, possible to modify easily and multi-tenancy with a distributed nature, it is difficult to perform attack detection with traditional tools. This work proposes a solution which aims to collect traffic packets data by using Flume and filter them with Spark Streaming so it is possible to only consider suspicious data related to HTTP Slow Rate Denial-of-Service attacks and reduce the data that will be stored in Hadoop Distributed File System for analysis with the FP-Growth algorithm. With the proposed system, we also aim to address the difficulties in attack detection in cloud environment, facilitating the data collection, reducing detection time and enabling an almost real-time attack detection.

• ETRI Journal
• /
• v.44 no.2
• /
• pp.346-354
• /
• 2022

The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.1-8
• /
• 2008

The pattern matching part of Intrusion Detection System based on misuse-detection mechanism needs much processing time and resources, and it has become a bottleneck in system performance. Moreover, it derives denial-of-service attack. In this paper, we propose (1) framework architecture that is strong against denial-of-service attack and (2) efficient pattern matching method especially for web server system. By using both of these 2 methods, we can maintain web server system efficiently secure against attacks including denial-of-service.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2002.05a
• /
• pp.252-255
• /
• 2002

As more critical services are provided in the internet, the risk to these services from malicious users increases. Several networks have experienced problems like Denial of Service(DoS) attacks recently. We analyse a network-based denial of service attack, which is called SYM flooding, to TCP-based networks. It occurs by an attacker who sends TCP connection requests with spoofed source address to a target system. Each request causes the targeted system to send instantly data packets out of a limited pool of resources. Then the target system's resources are exhausted and incoming TCP port connections can not be established. The paper is concerned with a detailed analysis of TCP SYN flooding denial of service attack. In this paper, we propose a Real Time Scan Detector(RTSD) mechanism and evaluate it\`s Performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.71-82
• /
• 2005

Though there are many authentication protocols for RFID system, only a few protocols support location privacy. Because of tag's hardware limitation, these protocols suffer from many security threats, especially from DoS (Denial of Service) attack. In this paper, we explain location privacy problem and show vulnerabilities of RFID authentication protocols. And then, we suggest an authentication protocol that is strong against location tracing, spoofing attack and DoS attack

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.3011-3019
• /
• 1999

Denial of service is about knocking off services, without permission for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved. This paper analyses system-based inside denial of services attack(DoS) and system metric for performance of each machine provided. And formalize the conclusions results in ways that clearly expose the performance impact of those observations. So, we present new approach. It is detecting DoS attack using performance signature for system and program behavior. We present new approach. It is detecting DoS attack using performance signature for system and program behavior. We believe that metric will be to guide to automated development of a program to detect the attack. As a results, we propose the AIDPS(Architecture for Intrusion Detection using Performance Signature) model to detect DoS attack using performance signature.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1913-1920
• /
• 2017

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.