• Journal of the Korea Society of Computer and Information
• /
• v.24 no.7
• /
• pp.87-91
• /
• 2019

In the IoT(Internet of Things) environment, various devices are utilized and applied for different sites. But attackers can access easy to IoT systems, and try to operate DDoS(Distributed Denial-of-Service) attacks. In this paper, Sensor nodes, Cluster heads, and Gateways operates lightweight mutual authentication each others. Since authenticated sensor nodes and cluster heads only send transactions to Gateways, proposed techniques prevent DDoS attacks. In addition, the blockchain system contains secure keys to decrypt data from sensor nodes. Therefore, attackers can not decrypt the data even if the data is eavesdropped.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.3 s.357
• /
• pp.33-40
• /
• 2007

In this paper, low-rate TCP attack as one of shrew attacks is considered and the scaling based dynamic time warping (S-DTW) algorithm is introduced. The low-rate TCP attack can not be detected by the detection method for the previous flooding DoS/DDoS (Denial of Service/Distirbuted Denial of Service) attacks due to its low average traffic rate. It, however, is a periodic short burst that exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and then some pattern matching mechanisms have been proposed to detect it among legitimate input flows. A DTW mechanism as one of detection approaches has proposed to detect attack input stream consisting of many legitimate or attack flows, and shown a depending method as well. This approach, however, has a problem that legitimate input stream may be caught as an attack one. In addition, it is difficult to decide a threshold for separation between the legitimate and the malicious. Thus, the causes of this problem are analyzed through simulation and the scaling by maximum auto-correlation value is executed before computing the DTW. We also discuss the results on applying various scaling approaches and using standard deviation of input streams monitored.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.7C
• /
• pp.971-984
• /
• 2004

In the coming age of information warfare, information security patterns need to be changed such as to the active approach using offensive security mechanisms rather than traditional passive approach just protecting the intrusions. In an active security environment, it is essential that, when detecting an intrusion, the immediate confrontation such as analysing the intrusion situation in realtime, protecting information from the attacks, and even tracing the intruder. This paper presents an active intrusion-confronting system using a fake session and a honeypot. Through the fake session, the attacks like Dos(Denial of Service) and port scan can be intercepted. By monitoring honeypot system, in which the intruders are migrated from the protected system and an intrusion rule manager is being activated, new intrusion rules are created and activated for confronting the next intrusions.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.253-264
• /
• 2003

This paper presents the analytic model of Distributed Denial-of-Service (DDoS) attacks in two settings: the normal Web server without any attack and the Web server with DDoS attacks. In these settings, we measure TCP flag rate, which is expressed in terms of the ratio of the number of TCP flags, i.e., SYN, ACK, RST, etc., packets over the total number of TCP packets, and Protocol rate, which is defined by the ratio of the number of TCP (UDP or ICMP) packets over the total number of W packets. The experimental results show a distinctive and predictive pattern of DDoS attacks. We wish our approach can be used to detect and prevent DDoS attacks.

• The KIPS Transactions:PartC
• /
• v.13C no.3 s.106
• /
• pp.267-274
• /
• 2006

The process of binding update for the routing optimization in MIPv6 can make the involved MN (Mobile Node) and CN(Correspondent Node) vulnerable to various attacks. Therefore, securing binding update process becomes an important research issue in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we compare several existing binding update protocols, and analyze the vulnerability of MNs and CNs to the possible attacks and the management overhead of the SUCV(Statistic Uniqueness and Cryptographic Verifiability) which is considered to be superior to other protocols. Then, we propose an advanced protocol to resolve above drawbacks. Through the detailed analysis, we show that our protocol can reduce the computational overhead of MN, enable better management, and achieve a higher level of security against the redirect attacks, DoS(Denial of Service) attacks and brute force attacks, compared to SUCV.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.9
• /
• pp.1684-1697
• /
• 2011

We show that two protocols for RFID mutual authentication in pervasive computing environments, recently proposed by Kang et al, are vulnerable to several attacks. First, we show these protocols do not preserve the privacy of users' location. Once a tag is authenticated successfully, we show several scenarios where legitimate or illegitimate readers can trace the location of that tag without any further information about the tag's identifier or initial private key. Second, since the communication between readers and the database takes place over an insecure communication channel and in the plaintext form, we show scenarios where a compromised tag can gain access to confidential information that the tag is not supposed get access to. Finally, we show that these protocols are also vulnerable to the replay and denial-of-service attacks. While some of these attacks are due to simple flaws and can be easily fixed, others are more fundamental and are due to relaxing widely accepted assumptions in the literature. We examine this issue, apply countermeasures, and re-evaluate the protocols overhead after taking these countermeasures into account and compare them to other work in the literature.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.5
• /
• pp.1726-1743
• /
• 2014

DDoS (Distributed Denial of Service) has been a continuous threat to the cyber world with the growth in cyber technology. This technical evolution has given rise to a number of ultra-sophisticated ways for the attackers to perform their DDoS attack. In general, the attackers who generate the denial of service, use the vulnerabilities of the TCP. Some of the vulnerabilities like SYN (synchronization) flooding, and IP spoofing are used by the attacker to create these Distributed Reflected Denial of Service (DrDoS) attacks. An attacker, with the assistance of IP spoofing creates a number of attack packets, which reflects the flooded packets to an attacker's intended victim system, known as the primary target. The proposed scheme, Efficient Spoofed Flooding Defense (ESFD) provides two level checks which, consist of probing and non-repudiation, before allocating a service to the clients. The probing is used to determine the availability of the requested client. Non-repudiation is taken care of by the timestamp enabled in the packet, which is our major contribution. The real time experimental results showed the efficiency of our proposed ESFD scheme, by increasing the performance of the CPU up to 40%, the memory up to 52% and the network bandwidth up to 67%. This proves the fact that the proposed ESFD scheme is fast and efficient, negating the impact on the network, victim and primary target.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.13 no.2
• /
• pp.148-153
• /
• 2003

A DoS(Denial of Service) attack appears in the form of the intrusion attempt and Syn Flooding attack is a typical example. The Syn Flooding attack takes advantage of the weak point of 3-way handshake between the end-points of TCP which is the connection-oriented transmission service and has the reliability This paper proposes a NIIP(Network based Intelligent Intrusion Prevention) model. This model captures and analyzes the packet informations for the detection of Syn Flooding attack. Using the result of analysis of decision module, the decision module, which utilizes FCM(Fuzzy Cognitive Maps), measures the degree of danger of the DoS and trains the response module to deal with attacks. This model is a network based intelligent intrusion prevention model that reduces or prevents the danger of Syn Flooding attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.375-378
• /
• 2009

DDoS attacks make people can't using normal internet service, because DDoS attacks cause exhaustion of network bandwidth or exhaustion of computer system resources by using many personal computers or servers which already infected computer virus from hackers. Recent DDoS attacks attack government brach, financial institution, even IT security company. IT security companies make Anti-DDoS product for defense from DDoS attack. But, There is no standard for BMT of Anti-DDoS product. In this dissertation, Anti-DDoS product quality characteristics of the survey analysis to evaluate them by comparing the assessment items were derived.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06d
• /
• pp.225-226
• /
• 2011

IP traceback is an solution for Defending against distributed denial-of-service attacks, the Fragment Marking Scheme is the famous method for IP traceback problem. In this paper, we are interested in understanding the reconstruction process at the victim of Fragment Marking Scheme deeply and make us more clearly about its limitation based on some papers mentioning it.