• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.147-154
• /
• 2023

Network intrusion refers to any unauthorized penetration or activity on a computer network. This upsets the confidentiality, integrity, and availability of the network system. One of the major threats to any system's availability is a Denial-of-Service (DoS) attack, which is intended to deny a legitimate user access to resources. Therefore, due to the complexity of DoS attacks, it is increasingly important to abstract and describe these attacks in a way that will be effectively detected. The automaton theory is used in this paper to implement a SYN Flood detection system based on Time-Dependent Finite Automata (TDFA).

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.419-422
• /
• 2006

Zigbee 홈 센서네트워크에서의 보안은 최근 떠오르는 중요한 문제 중 하나이다. 네트워크에 침입하거나 기능을 마비시키기 위해 여러 가지 공격방법들이 사용되고 있으며, 기 중 정상 노드로의 DoS(Denial of Service)공격은 네트워크에서 사용 중인 주파수를 알고 있다면 쉽게 수행될 수 있고 그 후 무력화된 노드의 인증정보를 이용해서 더 큰 문제를 발생시킬 수 있다. 본 논문에서는 zigbee 노드에 대한 DoS 공격과 인증정보위조 공격을 효율적으로 탐지해 낼 수 있는 방식을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.10b
• /
• pp.1477-1480
• /
• 2000

분산서비스거부(Distributed Denial of Service or DDoS)틀 이용한 공격은 공격목표시스템이 보안이 철저하다고 해도 쉽게 공격을 가할 수 있는 공격법이다. 근래에 들어 이러한 공격법은 여러 해킹 툴의 보급과 함께 급격히 증가하고 있다. 하지만, 시스템 자체의 보안만으로 대처 방안이 되지 못하고 있는 실정이다. DDoS 공격을 방지하기 위해서는 전체 시스템들이 모두 보안체계를 갖추고 있어야 하지만, 이것은 현실적으로 불가능하다. 결국 DDoS 공격을 탐지하고 대처하기 위해서는 라우터와 네트워크를 기반으로 한 대응시스템 설계가 요구된다. 또한 DDoS 공격의 재발을 막기 위해서는 DDoS 공격 시스템으로 이용된 시스템을 찾아 악성프로그램을 탐지하고 제거할 수 있는 악성에이전트 탐지 및 제거 시스템을 설계하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.101-108
• /
• 2022

We propose an intrusion detection model that detects denial-of-service(DoS) and distributed reflection denial-of-service(DRDoS) attacks, based on the empirical data of each internet of things(IoT) device by training system and network metrics that can be commonly collected from various IoT devices. First, we collect 37 system and network metrics from each IoT device considering IoT attack scenarios; further, we train them using six types of machine learning models to identify the most effective machine learning models as well as important metrics in detecting and distinguishing IoT attacks. Our experimental results show that the Random Forest model has the best performance with accuracy of over 96%, followed by the K-Nearest Neighbor model and Decision Tree model. Of the 37 metrics, we identified five types of CPU, memory, and network metrics that best imply the characteristics of the attacks in all the experimental scenarios. Furthermore, we found out that packets with higher transmission speeds than larger size packets represent the characteristics of DoS and DRDoS attacks more clearly in IoT networks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.715-717
• /
• 2003

DoS (Denial of Service) 공격은 주로 victim 호스트에 대량의 패킷을 보내거나 비정상적인 패킷을 보냄으로써 정상 사용자가 서비스를 이음하지 못하도록 하는 공격을 의미한다. 이러한 DoS 공격을 탐지하기 위해 다양한 기법들이 개발되어 왔으나, 공격의 종류와 방법은 시간이 흐를수록 매우 다양해지고 있어 이를 탐지하는데 한계가 있다. 본 논문에서는 네트워크 패킷의 헤더정보를 감사 자료로 가지고 있는 NIDS (Network-based Intrusion Detection System)에 데이터 마이닝 기법을 적용기켜 이러한 DoS 공격을 탐지할 수 있는 기법을 제안한다. 이 기법을 이용하면 빠르고 자동화된 방법으로 DoS 공격을 탐지할 수 있다. 본 논문에서는 제안 기법을 이용하여 SYN Flooding 공격과 Teardown 공격에 대한 탐지가 가능함을 보인다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.996-998
• /
• 2011

인터넷의 발전과 더불어 네트워크 상에서의 침입 시도가 갈수록 증가되고 다변화되고 있으며, 특히, 네트워크나 서버의 가용성을 위협하는 형태의 서비스 거부(DoS: Denial of Servie) 공격이 최근 급증하고 있다. 따라서, 본 논문에서는 인터넷 서버의 정상적인 서비스 제공을 방해하는 형태의 분산 서비스 거부(DDoS: Distributed Denial of Service) 공격으로부터 서버를 보호하고 원활한 서비스를 제공하기 위한 Secure-NIC 시스템의 설계 및 구현에 대해서 설명한다. 이는 "CISGDP : CPU-Independent Service Guaranteed DDoS Protection" 이라는 설계 개념하에서, 각종 인터넷 서버에 장착되어 DDoS 공격 등의 네트워크 공격에 대하여 서버의 고유 서비스가 지속적으로 보장될 수 있도록 자체 보안 기능을 NIC(Network Interface Card) 형태로 제공한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.265-268
• /
• 2011

Voice over Internet protocol(VoIP) is support a VoIP service as All-IP method and Gateway method etc. All-IP method to the unit in an Internet environment by applying both the IP service is an VoIP system. Gateway method, using a normal phone call in a way that the Internet is using VoIP. In this paper, scanning and analyze the vulnerability for VoIP systems and networks from All-IP method and the Gateway method In the test bed. All-IP method and Gateway method found in the VoIP vulnerabilities, hacking attack, a denial of service attacks and VoIP spam attacks are carried out. Through analysis of post-attack security measures is proposed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.9
• /
• pp.3858-3869
• /
• 2020

In this paper, we propose a hash-chain based friendly force identification protocol for personal combatants equipped with a personal combat system in a tactical wireless network. It is imperative in military operations to effectively and quickly identify friendly forces. If the identification of friendly forces is not correct, this can cause friendly fire. In current ground operations, the identification of friendly forces by personal combatants is neither secure nor safe. To address this issue, the proposed protocol uses a hash-chain to determine if a detected person is friendly. Only friendly forces with the same materials that are assigned before they deploy can construct an initial hash-chain. Moreover, the hash-chain is changed at specific times. The performance of the proposed protocol is evaluated on the assumption that the secret key is leaked, which is the worst scenario in the security research field. We verify that the proposed protocol is secure for the various attack scenarios, such as message replay attack, fabrication attack, and Denial of Service attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4204-4222
• /
• 2015

Cloud is the latest buzz word in the internet community among developers, consumers and security researchers. There have been many attacks on the cloud in the recent past where the services got interrupted and consumer privacy has been compromised. Denial of Service (DoS) attacks effect the service availability to the genuine user. Customers are paying to use the cloud, so enhancing the availability of services is a paramount task for the service provider. In the presence of DoS attacks, the availability is reduced drastically. Such attacks must be detected and prevented as early as possible and the power of computational approaches can be used to do so. In the literature, machine learning techniques have been used to detect the presence of attacks. In this paper, a novel approach is proposed, where intelligent rule based feature selection and classification are performed for DoS attack detection in the cloud. The performance of the proposed system has been evaluated on an experimental cloud set up with real time DoS tools. It was observed that the proposed system achieved an accuracy of 98.46% on the experimental data for 10,000 instances with 10 fold cross-validation. By using this methodology, the service providers will be able to provide a more secure cloud environment to the customers.