• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.3011-3019
• /
• 1999

Denial of service is about knocking off services, without permission for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved. This paper analyses system-based inside denial of services attack(DoS) and system metric for performance of each machine provided. And formalize the conclusions results in ways that clearly expose the performance impact of those observations. So, we present new approach. It is detecting DoS attack using performance signature for system and program behavior. We present new approach. It is detecting DoS attack using performance signature for system and program behavior. We believe that metric will be to guide to automated development of a program to detect the attack. As a results, we propose the AIDPS(Architecture for Intrusion Detection using Performance Signature) model to detect DoS attack using performance signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6B
• /
• pp.259-269
• /
• 2008

Applying Varying Pseudonym (VP) to design of Radio Frequency Identification (RFID) authentication protocol outperforms the other existing approaches in several respects. However, this approach is prone to the well-known denial-ofservice (DOS) attack. In this paper, we examine the de-synchronization problems of VP-based RFID authentication protocols, and propose effective solutions to eliminate such weaknesses. We shall show that the proposed solutions indeed improve the security for these protocols, and moreover, these solutions require 0(1) computational cost for identitying a tag and 0(1) key space on the tag. These excellent performances make them very attractive to many RFID applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.9
• /
• pp.3639-3662
• /
• 2020

The network capability to accomplish its functions in a timely fashion under failures and attacks is known as survivability. Ad hoc routing protocols have been studied and extended to various domains, such as Intelligent Transport Systems (ITSs), Unmanned Aerial Vehicles (UAVs), underwater acoustic networks, and Internet of Things (IoT) focusing on different aspects, such as security, QoS, energy. The existing solutions proposed in this domain incur substantial overhead and eventually become burden on the network, especially when there are fewer attacks or no attack at all. There is a need that the effectiveness of these routing protocols be analyzed in the presence of Denial of Service (DoS) attacks without any intrusion detection or prevention system. This will enable us to establish and identify the inherently stable routing protocols that are capable to survive longer in the presence of these attacks. This work presents a DoS attack case study to perform theoretical analysis of survivability on node and network level in the presence of DoS attacks. We evaluate the performance of reactive and proactive routing protocols and analyse their survivability. For experimentation, we use NS-2 simulator without detection or prevention capabilities. Results show that proactive protocols perform better in terms of throughput, overhead and packet drop.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.11B
• /
• pp.1297-1304
• /
• 2011

SIP(Session Initiation Protocol) has some security vulnerability because it works on the Internet. Therefore, the proxy server can be affected by the flooding attack such as DoS and service interruption. However, traditional schemes to corresponding Denial of Service attacks have some limitation. These schemes have high complexity and cannot protect to the variety of Denial of Service attack. In this paper, we newly define the normal user who makes a normal session observed by verifier module. Our method provides continuous service to the normal users in the various situations of Denial of Service attack as constructing a whitelist using normal user information. Various types of attack/normal traffic are modeled by using OPNET simulator to verify our scheme. The simulation results show that our proposed scheme can prevent DoS attack and achieve a low false rate and fast searching time.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4204-4222
• /
• 2015

Cloud is the latest buzz word in the internet community among developers, consumers and security researchers. There have been many attacks on the cloud in the recent past where the services got interrupted and consumer privacy has been compromised. Denial of Service (DoS) attacks effect the service availability to the genuine user. Customers are paying to use the cloud, so enhancing the availability of services is a paramount task for the service provider. In the presence of DoS attacks, the availability is reduced drastically. Such attacks must be detected and prevented as early as possible and the power of computational approaches can be used to do so. In the literature, machine learning techniques have been used to detect the presence of attacks. In this paper, a novel approach is proposed, where intelligent rule based feature selection and classification are performed for DoS attack detection in the cloud. The performance of the proposed system has been evaluated on an experimental cloud set up with real time DoS tools. It was observed that the proposed system achieved an accuracy of 98.46% on the experimental data for 10,000 instances with 10 fold cross-validation. By using this methodology, the service providers will be able to provide a more secure cloud environment to the customers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.309-312
• /
• 2016

Considering that interkorean relations got worse and worse recently, cyber terror of North Korea has seriously become a possibility. Therefore, DoS(Denial of Service), a typical way of cyber terror, is becoming a big issue. Consequently, people are growing more and more interested in information security. Internal DoS attacks, out of a variety of ways of Dos attacks, include disks and memories and shortages of process resources. PAM(Pluggable Authentication Module) is one of the ways of preventing internal DoS attacks in Linux system. This paper provides with a method to internally respond to dos attacks and efficiently prevent shortages of resources by utilizing PAM.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.10
• /
• pp.491-498
• /
• 2005

The Denial of Service(DoS) attacks, which are done by consuming all of the computing or communication resources necessary for the services, are known very difficult to be protected from. TCP has drawbacks in its connection establishment for possible DoS attacks. TCP maintains the state of each partly established connection in the connection queue until it is established completely and accepted by the application. The attackers can make the queue full by sending connection requests repeatedly and not completing the connection establishment steps for those requests. In this paper, we have designed and implemented the extended TCP for preventing from SYN Flood DoS attacks. In the extended TCP, the state of each partly established connection is not maintained in the queue until the connection is established completely. For the extended TCP, we have modified the 3-way handshake procedure of TCP and implemented the extended TCP in the Linux operating system. The test result shows $0.05\%$ delay more than original TCP, but it shows that the extended TCP is strong for SYN Flood attacks.

• 한국ITS학회:학술대회논문집
• /
• 2008.11a
• /
• pp.585-589
• /
• 2008

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.71-79
• /
• 2009

Currently much research is being done on host based intrusion detection using system calls which is a portion of kernel based data. Sequence based and frequency based preprocessing methods are mostly used in research for intrusion detection using system calls. Due to the large amount of data and system call types, it requires a significant amount of preprocessing time. Therefore, it is difficult to implement real-time intrusion detection systems. Despite this disadvantage, the frequency based method which requires a relatively small amount of preprocessing time is usually used. This paper proposes an effective method for detecting denial of service attacks using the frequency based method. Principal Component Analysis(PCA) will be used to select the principle system calls and a bayesian network will be composed and the bayesian classifier will be used for the classification.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.3
• /
• pp.31-38
• /
• 2010

It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current security mechanisms just have passive defense functionalities. In this paper, we propose new network security architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.