• Title/Summary/Keyword: Distributed Denial of Service (DDoS) Attack

Search Result 90, Processing Time 0.021 seconds

A Survey on Defense Mechanism against Distributed Denial of Service (DDoS) Attacks in Control System

  • Kwon, YooJin
    • KEPCO Journal on Electric Power and Energy
    • /
    • v.1 no.1
    • /
    • pp.55-59
    • /
    • 2015
  • Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

A Proposal Countermeasure to DDoS attacks targered DNS (DNS을 목표한 DDoS공격에 효과적인 대응 방법 제안)

  • Choi, Ji-Woo;Chun, Myung-Jin;Hong, Do-Won;Seo, Chang-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.729-735
    • /
    • 2013
  • The recent issue of distributed denial of service attack paralyze major government and financial institution in internet sites. They threatened to the cyber security. There hasn't been easy defense of now using attack. There seems to be increases in damage. In this paper, The recent continue to evolve of distributed denial of service attack. DNS target of distributed denial of service attack give specific examples. but, DNS target of DDoS attacks about defense is insufficient. The DNS Cyber-shelter system was created based on the Cyber-shelter system for DDoS attack in Kisa.. We proposal DNS Cyber-shelter system.

New Distributed SDN Framework for Mitigating DDoS Attacks (DDoS 공격 완화를 위한 새로운 분산 SDN 프레임워크)

  • Alshehhi, Ahmed;Yeun, Chan Yeob;Damiani, Ernesto
    • The Transactions of The Korean Institute of Electrical Engineers
    • /
    • v.66 no.12
    • /
    • pp.1913-1920
    • /
    • 2017
  • Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

DDoS attack traffic through the analysis of responses to research (트래픽 분석을 통한 DDoS 공격에 대한 대응책 연구)

  • Hong, Sunghyuck
    • Journal of Convergence Society for SMB
    • /
    • v.4 no.3
    • /
    • pp.1-6
    • /
    • 2014
  • DDoS (Distributed Denial Service, Distributed Service) attacks are being generated for a constant threat on the Internet, countermeasures for this have been proposed. However, the problem has become an increasingly effective instruction in any Measures are a variety of attacks and sophisticated attacks. Attackers can change a steady attack tools to respond to these, the experts as a countermeasure to this constantly research for a fresh attack. This paper is to introduce countermeasures to DDoS recent representative examples of 7.7DDoS and look for 3.3DDoS existing types of DDoS attacks increased PPS attacks, high traffic sent, web service delay and router and firewall settings, applications and to describe the DDoS countermeasures research by certification, is so that you can plan effectively for the future DDoS attacks proposed method.

  • PDF

A Study on DDoS(Distributed Denial of Service) Attack Detection Model Based on Statistical (통계 기반 분산서비스거부(DDoS)공격 탐지 모델에 관한 연구)

  • Kook, Yoon-Ju;Kim, Yong-Ho;Kim, Jeom-Goo;Kim, Kiu-Nam
    • Convergence Security Journal
    • /
    • v.9 no.2
    • /
    • pp.41-48
    • /
    • 2009
  • Distributed denial of service attack detection for more development and research is underway. The method of using statistical techniques, the normal packets and abnormal packets to identify efficient. In this paper several statistical techniques, using a mix of various offers a way to detect the attack. To verify the effectiveness of the proposed technique, it set packet filtering on router and the proposed DDoS attacks detection method on a Linux router. In result, the proposed technique was detect various attacks and provide normal service mostly.

  • PDF

Detection Method of Distributed Denial-of-Service Flooding Attacks Using Analysis of Flow Information (플로우 분석을 이용한 분산 서비스 거부 공격 탐지 방법)

  • Jun, Jae-Hyun;Kim, Min-Jun;Cho, Jeong-Hyun;Ahn, Cheol-Woong;Kim, Sung-Ho
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.14 no.1
    • /
    • pp.203-209
    • /
    • 2014
  • Today, Distributed denial of service (DDoS) attack present a very serious threat to the stability of the internet. The DDoS attack, which is consuming all of the computing or communication resources necessary for the service, is known very difficult to protect. The DDoS attack usually transmits heavy traffic data to networks or servers and they cannot handle the normal service requests because of running out of resources. It is very hard to prevent the DDoS attack. Therefore, an intrusion detection system on large network is need to efficient real-time detection. In this paper, we propose the detection mechanism using analysis of flow information against DDoS attacks in order to guarantee the transmission of normal traffic and prevent the flood of abnormal traffic. The OPNET simulation results show that our ideas can provide enough services in DDoS attack.

A Study on the DDoS Defense Algorithm using CFC based on Attack Pattern Analysis of TCP/IP Layers (TCP/IP Layer별 공격패턴 분석에 기반한 CFC를 이용한 DDoS 방어 알고리즘 연구)

  • Seo, Woo Seok;Park, Dea Woo;Jun, Moon Seog
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.117-130
    • /
    • 2010
  • Paper is on defense for so-called internet crisis, the attack of DDoS (Distributed Denial of Service) which was targeted to the central government ministries, financial sector, and portal sites of chief counties including Korea on June 7th, 2009 as its start. By conducting attack with various DDoS attacking methods in the lab environment and dividing networks targeted by the attack by layers, this paper records and analyzes the chief information for attack, destination information of packets, defense policy setting, and the flow of packet attack with the subjects of the networks separated. This study suggests CFC system using multiple firewalls applying defense policy corresponding to the target layer for ultimate attack and tests it according to the result of analyzing the attack packet information and its amount, log analysis, access recording port, and MAC and IT information, etc. by layers. This article is meaningful in that it analyzes the attack by layers, establishes firewall policy for protecting each layer, and secures accurate mechanism for detect and defense.

A STUDY OF DISTRIBUTED DENIAL OF SERVICE ATTACK ON GOVERNMENT INFRASTRUCTURE

  • Kim, Suk-Jin;Jeong, Gisung
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.8 no.2
    • /
    • pp.55-65
    • /
    • 2016
  • Distributed Denial of service attack is one of the major threats nowadays especially to the government infrastructure that give huge impact to the reputation and interrupt the services and resource. Our survey start with brief introduction about DDoS attacks, we illustrate the trends and incident happened at government from various countries. We then provide an extensive literature review on the existing research about implication, types of attacks and initiative to defence against the DDoS attacks. Our discussion aims to identify the trends in DDoS attacks, in depth impact of DDoS attacks to government infrastructure, classification of attacks and techniques against the attacks. And we will use for a fire fight safety and management.

Method of Preventing DDoS Using Proxy Server Group and Dynamic DNS (Proxy Server Group과 Dynamic DNS를 이용한 DDoS 방어 구축 방안)

  • Shin, Sang Il;Kim, Min Su;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.12 no.6
    • /
    • pp.101-106
    • /
    • 2012
  • As the existing strategy of preventing DDoS(Distributed Denial of Service) attacks has limitations, this study is intended to suggest the more effective method of preventing DDoS attacks which reduces attack power and distributes attack targets. Currently, DDoS attacks have a wide range of targets such as individuals, businesses, labs, universities, major portal sites and financial institutions. In addition, types of attacks change from exhausting layer 3, network band to primarily targeting layer 7. In response to DDoS attacks, this study suggests how to distribute and decrease DDoS threats effectively and efficiently using Proxy Server Group and Dynamic DNS.

Detecting scheme against bypass Denial of Service Attack (우회 DoS 공격을 탐지하기 위한 모델 설계)

  • 김용석;전준철;유기영
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.10a
    • /
    • pp.709-711
    • /
    • 2003
  • 현재 사용되어지는 컴퓨터 통신 프로토콜(OSI 7 layer reference model)은 구조적인 문제점을 들어내고 있다. 이런 문제점 때문에, 해커들은 수많은 패킷들을 생성시키는 Denial of Service(DoS) 공격과 Distributed Denial of Service(DDoS) 공격을 사용하여 한 호스트나 한 네트워크 자원에 치명적인 악영향을 미친다. 특정한 TCP 포트나 UDP 포트에 공격을 가하는 경우에는 룰 기반의 침입탐지 시스템(IDS)이 탐지 해낼 수 있지만 다른 임의의 포트에 공격을 가하게 되연 IDS는 이것을 탐지하지 못한다. 따라서 우리는 잉의의 포트에 DoS나 DDoS 공격들이 일어났을 때 이 공격들을 탐지할 수 있는 모델을 설계하였다.

  • PDF