• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.423-429
• /
• 2014

DDoS attacks is upgrade of DoS attacks. Botnet is being used by DDoS attack, so it is able to attack a millions of PCs at one time. DDoS attacks find the root the cause of the attack because it is hard to find sources for it, even after the treatment wavelength serious social problem in this study, the analysis and countermeasures for DDoS attack is presented.

• Journal of Digital Convergence
• /
• v.12 no.12
• /
• pp.323-328
• /
• 2014

D-MAC protocol is used convergence network, which is designed to connect wireless link between things. This protocol is supported to local data exchange and aggregation among neighbor nodes, and distributed control packet from sink to sensor node. In this paper, we analysis about efficiency of power consumption according to whether or not security authentication of D-MAC in convergence network. If authentication scheme is applied to MAC communication, it is related to power consumption of preamble whether or not with and without authentication process. It is reduced to energy consumption against denial attack of service, when it is applied to authentication. Future work will take the effort to deal with security authentication scheme.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.127-134
• /
• 2011

Malicious botnet has been used for more malicious activities, such as DDoS attacks, sending spam messages, steal personal information, etc. To prevent this, many studies have been preceded. But malicious botnets have evolved and evaded detection systems. In particular, HTTP GET Request attack that exploits the vulnerability of the application layer is used. ALAB of ALADDIN proposed by ETRI is DDoS attack detection system that HTTP GET, Incomplete GET request flooding attack detection algorithm is applied. In this paper, we extend Incomplete GET detection algorithm of ALAB and derive the optimal configuration parameters to verify the validity of the algorithm ALAB by the study of the normal and attack packets.

• Journal of Korea Multimedia Society
• /
• v.18 no.1
• /
• pp.35-41
• /
• 2015

SDN(Software Defined Networking) has been considered as a new future computer network architecture and DDoS(Distributed Denial of Service) is the biggest threat in the network security. In SDN architecture, we present the technique to defend the DDoS SYN Flooding attack that is one of the DDoS attack method. First, we monitor the Backlog queue in order to reduce the unnecessary monitoring resources. If the Backlog queue of the certain server is occupied over 70%, the sFlow performs packet sampling with the server address as the destination address. To distinguish between the attacker and the normal user, we use the source address. We decide the SYN packet threshold using the remaining Backlog queue that possible to allow the number of connections. If certain sources address send the SYN packet over the threshold, we judge that this address is attacker. The controller will modify the flow table entry to block attack traffics. By using this method, we reduce the resource consumption about the unnecessary monitoring and the protection range is expanded to all switches. The result achieved from our experiment show that we can prevent the SYN Flooding attack before the Backlog queue is fully occupied.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05b
• /
• pp.1357-1360
• /
• 2003

인터넷과 네트워크 기술의 발달은 실생활에 많은 편리함을 주고 있지만 그에 따른 여러 가지 부작용들도 많이 나타나고 있다. 그 중 가장 심각한 문제는 보안 사고에 의한 피해인데, 최근에는 특정 장치를 해킹하여 자료를 망가뜨리는 것보다 불특정 다수에 의한 과다한 트래픽 생성 공격이 더 많아지고 있다. 특히 DoS/DDoS(Distributed Denial of Service)와 같은 공격은 공격자가 네트워크 전문지식을 가지고 있지 않아도 공격을 할 수 있고 원천적인 방어 방법이 없다는 점에서 심각성이 증대되고 있다. 본 논문에서는 네트워크 모니터링에 사용되는 TAP(Test Access Port)의 기반 기술을 이용하여 평시에는 TAP 의 본 기능을 수행하다 DoS/DDoS 공격과 같이 과다한 네트워크 트래픽 발생으로 장비가 멈추거나 망가지는 상황 등의 장애 발생시 내부 네트워크를 외부와 물리적으로 분리할 수 있는 지능형 TAP(S-TAP)에 대한 설계에 대해 설명하였다. 또한 S-TAP을 이용하여 기존 네트워크에 적용될 수 있는 환경을 제시하여 S-TAP의 유용성도 언급하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.628-630
• /
• 2004

Distributed Denial of Service(D-DoS) 공격을 차단하기 위해서는 AS(Autonomous System) 경계 라우터에 필터를 설치하는 것이 필요하다. 필터가 설치되는 라우터의 개수를 최소로 하는 Vertex Cover(VC)--모든 edge를 커버하는 Vertex의 모임--을 찾아내는 방법은 NP-complete 문제가 된다. 따라서 Vertex Cover(VC) 근사기법 중에서 Greedy 알고리즘과 Approximated VC 알고리즘에 대해 Vertex Cover(VC)을 찾아내는 방법을 적용하여 실험하였다. Vertex Cover(VC)를 찾을 경우 Worst case에서 이론상 VC수의 최대 2배의 Vertex Cover(VC)를 찾아낼 수 있는 Approximated VC 알고리즘의 장점과 적은 수의 Vertex Cover(VC)로 모든 edge를 커버할 수 있는 Greedy 알고리즘［7］의 장점을 모두 갖춘 Vertex Cover(VC) 근사 기법을 구현하였다. NS-2를 이용한 실험 결과, 제안된 알고리즘은 Greedy 알고리즘보다 Vertex Cover를 찾아가는 단계 수에 따른 커버되는 층 노드 수를 비교하였을 때. 전체 노드의 75%를 커버하는데 24번의 단계가 필요하여 Greedy 알고리즘의 40개 보다 40%의 단계의 수적인 감소가 일어났으며 전체노드의 90%를 커버하는데 38%의 단계 개수의 감소가 일어났다. 실험으로 제안된 알고리즘이 Vertex Cover(VC) 톨 찾아가는 단계 측면에서 좀더 빠르게 AS 경계 라우터에 필터를 설치하여 D-DoS에 효율적으로 대처해 나갈 수 있음을 확인할 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2041-2044
• /
• 2003

네트워크에서 발생하는 다양한 침입 중에서 서비스거부공격(DoS Attack. Denial-of-Service Attack)이란 공격자가 침입대상 시스템의 시스템 자원과 네트워크 자원을 악의적인 목적으로 소모시키기 위하여 대량의 패킷을 보냄으로써 정상 사용자로 하여금 시스템이 제공하는 서비스를 이용하지 못하도록 하는 공격을 의미한다. 기존 연구에서는 시스템과 네트워크가 수신한 패킷을 분석한 후 네트워크 세션정보를 생성하여 DoS 공격을 탐지하였다. 그러나 이 기법은 공격자가 분산서비스거부공격(DDoS Attack: Distributed DoS Attack)을 하게 되면 분산된 세션정보가 생성되기 때문에 침입을 실시간으로 탐지하기에는 부적절하다. 본 논문에서는 시스템이 가지고 있는 자윈 중에서 DDoS 공격을 밭을 때 가장 민감하게 반응하는 시스템 자원을 모니터링 함으로써 DDoS 공격을 실시간으로 탐지할 수 있는 모델을 제안한다 제안 모델은 시스템이 네트워크에서 수신한 패킷을 처리하는 과정에서 소모되는 커널 메모리 소비량을 감사자료로 이용한 네트워치기반 비정상행위탐지(networked-based anomaly detection)모델이다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.3
• /
• pp.125-132
• /
• 2013

In this paper, We send DDoS(Distributed Denial of Service) attack traffic to real homepages in real networks. We analyze the results of DDoS attack and propose mitigation method against DDoS Attacks. In order to analyze the results of DDoS Attacks, We group three defense level by administrative subjects: Top level defense, Middle level defense, Bottom level defense. Also We group four attack methods by feature. We describe the results that average of attack success rate on defense level and average of attack success rate on attack categories about 48ea homepages and 2ea exceptional cases. Finally, We propose mitigation method against DDoS attack.

• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.13-25
• /
• 2005

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing PPM based tracing scheme(such as router node appending, sampling and edge sampling) insert traceback information in IP packet header for IP Traceback. But, these schemes did not provide enhanced performance in DDoS attack. In this paper, we propose a 'TTL based advanced Packet Marking' mechanism for IP Traceback. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance traceback performance.