• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.423-429
• /
• 2014

DDoS attacks is upgrade of DoS attacks. Botnet is being used by DDoS attack, so it is able to attack a millions of PCs at one time. DDoS attacks find the root the cause of the attack because it is hard to find sources for it, even after the treatment wavelength serious social problem in this study, the analysis and countermeasures for DDoS attack is presented.

• Journal of the Korea Society for Simulation
• /
• v.19 no.4
• /
• pp.139-149
• /
• 2010

Internet was designed for network scalability and best-effort service which makes all hosts connected to Internet to be vulnerable against attack. Many papers have been proposed about attack detection algorithms against the attack using IP spoofing and DoS/DDoS attack. Purpose of DoS/DDoS attack is achieved in short period after the attack begins. Therefore, DoS/DDoS attack should be detected as soon as possible. Attack detection algorithms using false alarm rates consist of the false negative rate and the false positive rate. Moreover, they are important metrics to evaluate the attack detections. In this paper, we analyze the performance of the attack detection algorithms using the impact of false negative rate and false positive rate variation to the normal traffic and the attack traffic by simulations. As the result of this, we find that the number of passed attack packets is in the proportion to the false negative rate and the number of passed normal packets is in the inverse proportion to the false positive rate. We also analyze the limits of attack detection due to the relation between the false negative rate and the false positive rate. Finally, we propose a solution to minimize the limits of attack detection algorithms by defining the network state using the ratio between the number of packets classified as attack packets and the number of packets classified as normal packets. We find the performance of attack detection algorithm is improved by passing the packets classified as attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1985-1988
• /
• 2003

As the Distributed Denial of Service attack technique is getting smarter, defense method have been developed by various means. Existing defense method baseds on detection technique is not effective to DDoS attack. Because it depend on rule set that is used to detect attack and DDoS attack pattern has become very similar to real traffic pattern. So the rule set is not efficient method to find DDoS attack. To solve this problem, DDoS defense mechanism based on QoS technique has been suggested. In this paper, we summarize existing DDoS defense mechanism and focus on method based on QoS, and introduce a new DDoS defense framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.729-735
• /
• 2013

The recent issue of distributed denial of service attack paralyze major government and financial institution in internet sites. They threatened to the cyber security. There hasn't been easy defense of now using attack. There seems to be increases in damage. In this paper, The recent continue to evolve of distributed denial of service attack. DNS target of distributed denial of service attack give specific examples. but, DNS target of DDoS attacks about defense is insufficient. The DNS Cyber-shelter system was created based on the Cyber-shelter system for DDoS attack in Kisa.. We proposal DNS Cyber-shelter system.

• KEPCO Journal on Electric Power and Energy
• /
• v.1 no.1
• /
• pp.55-59
• /
• 2015

Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2512-2531
• /
• 2014

We propose a new Distributed Denial of Service (DDoS) defense mechanism that protects http web servers from application-level DDoS attacks based on the two methodologies: whitelist-based admission control and busy period-based attack flow detection. The attack flow detection mechanism detects attach flows based on the symptom or stress at the server, since it is getting more difficult to identify bad flows only based on the incoming traffic patterns. The stress is measured by the time interval during which a given client makes the server busy, referred to as a client-induced server busy period (CSBP). We also need to protect the servers from a sudden surge of attack flows even before the malicious flows are identified by the attack flow detection mechanism. Thus, we use whitelist-based admission control mechanism additionally to control the load on the servers. We evaluate the performance of the proposed scheme via simulation and experiment. The simulation results show that our defense system can mitigate DDoS attacks effectively even under a large number of attack flows, on the order of thousands, and the experiment results show that our defense system deployed on a linux machine is sufficiently lightweight to handle packets arriving at a rate close to the link rate.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2041-2044
• /
• 2003

네트워크에서 발생하는 다양한 침입 중에서 서비스거부공격(DoS Attack. Denial-of-Service Attack)이란 공격자가 침입대상 시스템의 시스템 자원과 네트워크 자원을 악의적인 목적으로 소모시키기 위하여 대량의 패킷을 보냄으로써 정상 사용자로 하여금 시스템이 제공하는 서비스를 이용하지 못하도록 하는 공격을 의미한다. 기존 연구에서는 시스템과 네트워크가 수신한 패킷을 분석한 후 네트워크 세션정보를 생성하여 DoS 공격을 탐지하였다. 그러나 이 기법은 공격자가 분산서비스거부공격(DDoS Attack: Distributed DoS Attack)을 하게 되면 분산된 세션정보가 생성되기 때문에 침입을 실시간으로 탐지하기에는 부적절하다. 본 논문에서는 시스템이 가지고 있는 자윈 중에서 DDoS 공격을 밭을 때 가장 민감하게 반응하는 시스템 자원을 모니터링 함으로써 DDoS 공격을 실시간으로 탐지할 수 있는 모델을 제안한다 제안 모델은 시스템이 네트워크에서 수신한 패킷을 처리하는 과정에서 소모되는 커널 메모리 소비량을 감사자료로 이용한 네트워치기반 비정상행위탐지(networked-based anomaly detection)모델이다.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.11a
• /
• pp.189-194
• /
• 2005

Present hacking technology is undergone a change on the distributed DoS Attack which cause a lot of traffic to the network or single host. In this paper, with giving mobility to the mean deviation per protocol and it's field, and with adapting pattern matching approach to DDoS attack detection technique, we propose a method to detect the DDoS attack, to have less misdetection and to detect these attacks correctly.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.711-718
• /
• 2004

Packet sampling is the techniques to collect a part of the packets through network and analyze the characteristicsof the traffic for managing the network and keeping security. This paper presents a study on the sampling techniques applied to DDoS traffic and on the characteristics of the sampled traffic to detect DDoS attack efficiently and improve traffic analysis capacity. Three famous sampling techniques are evaluated with different sampling rates on various DDoS traffics. To analyze traffic characteristics, one of the DDoS attack detection method. Traffic Rate Analysis (TRA) is used. Simulation results verify that using sampling techniques preserve the traffic characteristics of DDoS and do not significantly reduce the detection accuracy.