• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.679-680
• /
• 2009

Radio jamming attack is the most effective and easiest Denial-of-Service (DOS) attack in wireless network. In this paper, we proposed a multi-channel MAC protocol to mitigate the jamming attacks by using cognitive radio. The Cognitive Radio (CR) technology supports real-time spectrum sensing and fast channel switching. By using CR technologies, the legitimate nodes can perform periodic spectrum sensing to identify jamming free channels and when the jamming attack is detected, it can switch to un-jammed channel with minimum channel switching delay. In our proposed protocol, these two CR technologies are exploited for thwarting the jamming attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.910-913
• /
• 2012

통신기술의 발달과 스마트 폰의 급격한 보급으로 인하여 모바일 환경은 음성 데이터 기반의 환경에서 인터넷 데이터 기반의 환경으로 급격히 변화되었다. 이로 인하여 음성 서비스 처리 위주의 음성 데이터 기반 모바일 환경은 대용량 동영상 서비스, 인터넷, 메신저 등의 유선 네트워크 환경과 같은 다양한 서비스가 요구되는 환경으로 변화되었다. 이러한 환경 변화로 인하여 모바일 네트워크는 무선 네트워크상의 취약점 뿐 만 아니라 유선환경의 네트워크 취약점을 동시에 지니는 환경으로 변화되었고, 이로 인한 다양한 새로운 취약점들이 부각되기 시작하였다. 본 논문에서는 이와 같이 새롭게 부각되고 있는 모바일 Packet Switched Core Network(PSCN) 환경에서 Service Provider(SP)의 Service Recover로 인해 유발되는 Paging Table Denial of Service(PT-DoS)를 효율적으로 제어하기 위한 Delay Access Control(DAC) 기반의 QoS를 이용한 방법을 설계/구현하였다. 그리고 실험을 통해, PT-DoS를 차단하여 PSCN 공격을 미연에 방지하는 효과를 확인하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.428-451
• /
• 2010

Traffic matrix-based anomaly detection and DDoS attacks detection in networks are research focus in the network security and traffic measurement community. In this paper, firstly, a new type of unidirectional flow called IF flow is proposed. Merits and features of IF flows are analyzed in detail and then two efficient methods are introduced in our DDoS attacks detection and evaluation scheme. The first method uses residual variance ratio to detect DDoS attacks after Recursive Least Square (RLS) filter is applied to predict IF flows. The second method uses generalized likelihood ratio (GLR) statistical test to detect DDoS attacks after a Kalman filter is applied to estimate IF flows. Based on the two complementary methods, an evaluation formula is proposed to assess the seriousness of current DDoS attacks on router ports. Furthermore, the sensitivity of three types of traffic (IF flow, input link and output link) to DDoS attacks is analyzed and compared. Experiments show that IF flow has more power to expose anomaly than the other two types of traffic. Finally, two proposed methods are compared in terms of detection rate, processing speed, etc., and also compared in detail with Principal Component Analysis (PCA) and Cumulative Sum (CUSUM) methods. The results demonstrate that adaptive filter methods have higher detection rate, lower false alarm rate and smaller detection lag time.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.4
• /
• pp.1471-1492
• /
• 2015

The rapid development of smartphone technologies have resulted in the evolution of mobile botnets. The implications of botnets have inspired attention from the academia and the industry alike, which includes vendors, investors, hackers, and researcher community. Above all, the capability of botnets is uncovered through a wide range of malicious activities, such as distributed denial of service (DDoS), theft of business information, remote access, online or click fraud, phishing, malware distribution, spam emails, and building mobile devices for the illegitimate exchange of information and materials. In this study, we investigate mobile botnet attacks by exploring attack vectors and subsequently present a well-defined thematic taxonomy. By identifying the significant parameters from the taxonomy, we compared the effects of existing mobile botnets on commercial platforms as well as open source mobile operating system platforms. The parameters for review include mobile botnet architecture, platform, target audience, vulnerabilities or loopholes, operational impact, and detection approaches. In relation to our findings, research challenges are then presented in this domain.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.8C
• /
• pp.741-747
• /
• 2002

In this paper, we present a new form of DDOS attack and a mechanism to defend systems from it. Up to now the ultimate target of a DDOS attack is a specific host. But in the near future router attacks are expected to appear. Because these kinds of attacks may involve many hosts in the managed domain of a specific router, they will be still more serious than the current DDOS attacks. Also, we present an algorithm to defend against an attack on a router using survivability of the router. By using a survivability of a router, the router can control a quantity of traffic autonomously without an interruption of services even when a DDOS attack occurs.

• Journal of the Korea Society for Simulation
• /
• v.11 no.2
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.125-128
• /
• 2022

As the number of online systems based on the internet gradually increases, cyber-scale attacks that interfere with the normal operation of web services are also on the rise. In particular, distributed denial-of-service attacks (DDoS) that interfere with normal web service operations are also increasing. Therefore, this paper presents an efficient DDoS attack defense technique utilizing Equal Cost Multi-Path (BGP ECMP) routing techniques in networks of Anycast type by operating PoP basis of major attack sources and describes how high-availability web services can be operated.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.423-429
• /
• 2014

DDoS attacks is upgrade of DoS attacks. Botnet is being used by DDoS attack, so it is able to attack a millions of PCs at one time. DDoS attacks find the root the cause of the attack because it is hard to find sources for it, even after the treatment wavelength serious social problem in this study, the analysis and countermeasures for DDoS attack is presented.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.29-37
• /
• 2020

Conventional firewalls cannot cope with attacks immediately. It is because security professionals or administrators need to analyze them and enter relevant policies to the firewalls. In addition, those policies may often block even normal accesses. Even though the packet themselves are normal, there exist many attacks that cause denial of service due to the inflow of a large amount of those packets. In this paper, we propose a method to block attacks such as Flooding, Spoofing and Scanning while allowing normal accesses based on whitelist policies which are automatedly generated by learning normal access patterns.