• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.3
• /
• pp.125-132
• /
• 2013

In this paper, We send DDoS(Distributed Denial of Service) attack traffic to real homepages in real networks. We analyze the results of DDoS attack and propose mitigation method against DDoS Attacks. In order to analyze the results of DDoS Attacks, We group three defense level by administrative subjects: Top level defense, Middle level defense, Bottom level defense. Also We group four attack methods by feature. We describe the results that average of attack success rate on defense level and average of attack success rate on attack categories about 48ea homepages and 2ea exceptional cases. Finally, We propose mitigation method against DDoS attack.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.276-282
• /
• 2022

One of the most essential foundations upon which big institutions rely in delivering cloud computing and hosting services, as well as other kinds of multiple digital services, is the security of infrastructures for digital and information services throughout the world. Distributed denial-of-service (DDoS) assaults are one of the most common types of threats to networks and data centers. Denial of service attacks of all types operates on the premise of flooding the target with a massive volume of requests and data until it reaches a size bigger than the target's energy, at which point it collapses or goes out of service. where it takes advantage of a flaw in the Transport Control Protocol's transmitting and receiving (3-way Handshake) (TCP). The current study's major focus is on an architecture that stops DDoS attacks assaults by producing code for DDoS attacks using a cloud controller and calculating Round-Tripe Time (RTT).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.1B
• /
• pp.8-19
• /
• 2010

In this paper, we propose the NCP (Network Control Platform)-based defense mechanism against DDoS (Distributed Denial of Service) attacks in order to guarantee the transmission of normal traffic and prevent the flood of abnormal traffic. We also define defense modules, the threshold and packet drop-rate used for the response against DDoS attacks. NCP analyzes whether DDoS attacks are occurred or not based on the flow and queue information collected from SR (Source Router) and VR (Victim Router). Attack packets are dopped according to drop rate decided from NCP. The performance is simulated using OPNET and evaluated in terms of the queue size of both SR and VR, the transmitted volumes of legitimate and attack packets at SR.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10c
• /
• pp.637-639
• /
• 2003

인터넷이 널리 보급되면서 이용자들간에는 편리하고 빠른 정보교환이 가능하게 되었지만 이를 방해하는 해커들의 활동 또한 크게 증가하고 있다. 그 중 DDoS(Distributed Denial of Service) 공격은 인터넷 서비스를 하고 있는 서버에 심각한 해를 주며 탐지와 대응이 어려운 해킹방법중의 하나이다. 본 연구에서는 DDoS 공격 대응을 위해 액티브 네트워크를 이용해 개발한 DDoS 보안시스템[1][2]을 이용할 때 얼마나 효과적인 성능을 낼 수 있는지에 대한 분석 결과를 제공한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.5
• /
• pp.1726-1743
• /
• 2014

DDoS (Distributed Denial of Service) has been a continuous threat to the cyber world with the growth in cyber technology. This technical evolution has given rise to a number of ultra-sophisticated ways for the attackers to perform their DDoS attack. In general, the attackers who generate the denial of service, use the vulnerabilities of the TCP. Some of the vulnerabilities like SYN (synchronization) flooding, and IP spoofing are used by the attacker to create these Distributed Reflected Denial of Service (DrDoS) attacks. An attacker, with the assistance of IP spoofing creates a number of attack packets, which reflects the flooded packets to an attacker's intended victim system, known as the primary target. The proposed scheme, Efficient Spoofed Flooding Defense (ESFD) provides two level checks which, consist of probing and non-repudiation, before allocating a service to the clients. The probing is used to determine the availability of the requested client. Non-repudiation is taken care of by the timestamp enabled in the packet, which is our major contribution. The real time experimental results showed the efficiency of our proposed ESFD scheme, by increasing the performance of the CPU up to 40%, the memory up to 52% and the network bandwidth up to 67%. This proves the fact that the proposed ESFD scheme is fast and efficient, negating the impact on the network, victim and primary target.

• Journal of the Korea Society for Simulation
• /
• v.18 no.4
• /
• pp.39-47
• /
• 2009

Recently, the threat of DDoS attacks is increasing and many companies are planned to deploy the DDoS defense solutions in their networks. The DDoS attack usually transmits heavy traffic data to networks or servers and they cannot handle the normal service requests because of running out of resources. Since it is very hard to prevent the DDoS attack beforehand, the strategic plan is very important. In this work, we have conducted modeling and simulation of the DDoS attack by changing the number of servers and estimated the duration that services are available. In this work, the modeling and simulation is conducted using OPNET Modeler. The simulation result can be used as a parameter of trade-off analysis of DDoS defense cost and the service's value. In addition, we have presented a way of estimating the cost effectiveness in deployment of the DDoS defense system.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.827-838
• /
• 2005

DDoS (Distributed Denial of Service) attack is a critical threat to current Internet. To solve the detection and response of DDoS attack on BcN, we have investigated detection algorithms of DDoS and Implemented anomaly detection modules. Recently too many technologies of the detection and prevention have developed, but it is difficult that the IDS distinguishes normal traffic from the DDoS attack Therefore, when the DDoS attack is detected by the IDS, the firewall just discards all over-bounded traffic for a victim or absolutely decreases the threshold of the router. That is just only a method for preventing the DDoS attack. This paper proposed the mechanism of response for the legitimated clients to be protected Then, we have designed and implemented the statistic based system that has the automated detection and response functionality against DDoS on Linux Zebra router environment.

• KNOM Review
• /
• v.23 no.1
• /
• pp.10-17
• /
• 2020

As the threat of Distributed Denial-of-Service attacks that exploit weakly secure IoT devices has spread, research on source-side Denial-of-Service attack detection is being activated to quickly detect the attack and the location of attacker. In addition, a collaborative source-side attack detection technique that shares detection results of source-side networks located at individual sites is also being activated to overcome regional limitations of source-side detection. In this paper, we evaluate the performance of a collaborative source-side DDoS attack detection using statistical weights. The statistical weight is calculated based on the detection rate and false positive rate corresponding to the time zone of the individual source-side network. By calculating weighted sum of the source-side DoS attack detection results from various sites, the proposed method determines whether a DDoS attack happens. As a result of the experiment based on actual DNS request to traffic, it was confirmed that the proposed technique reduces false positive rate 2% while maintaining a high attack detection rate.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.423-429
• /
• 2014

DDoS attacks is upgrade of DoS attacks. Botnet is being used by DDoS attack, so it is able to attack a millions of PCs at one time. DDoS attacks find the root the cause of the attack because it is hard to find sources for it, even after the treatment wavelength serious social problem in this study, the analysis and countermeasures for DDoS attack is presented.