• KSCI Review
• /
• v.15 no.1
• /
• pp.65-75
• /
• 2007

Analyzed about a matter and requirements to intimidate security of ubiquitous and home network threatening various security for personal information protection in ubiquitous home networks at these papers, and studied. Got authentication procedures and verification procedures acid user approach to be reasonable through designs to the home security gateway which strengthened a security function in the outsides, and strengthened protection of a home network. Also, execute a DoS, DDoS, IP Spoofing attack protective at home network security gateways proved, and security regarding an external denial of service attack was performed, and confirmed. Strengthen appliances and security regarding a user, and confirm a defense regarding an external attack like DoS, DDoS, IP Spoofing, and present a home network security model of this paper to the plans that can strengthen personal information protection in ubiquitous home networks in ubiquitous home networks through experiment.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.135-140
• /
• 2015

The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.

• Journal of Korea Multimedia Society
• /
• v.13 no.4
• /
• pp.594-600
• /
• 2010

Many studies are DDoS in Internet network, but the study is the fact that is not enough in a voice network. Therefore, we designed the extended TRW algorithm that was a DDoS attack traffic detection algorithm for the voice network which used an IP data network to solve upper problems in this article and evaluated it. The algorithm that is proposed in this paper analyzes TRW algorithm to detect existing DDoS attack in Internet network and, design connection and end connection to apply to a voice network, define probability function to count this. For inspect the algorithm, Set a threshold and using NS-2 Simulator. We measured detection rate by an attack traffic type and detection time by attack speed. At the result of evaluation 4.3 seconds for detection when transmitted INVITE attack packets per 0.1 seconds and 89.6% performance because detected 13,453 packet with attack at 15,000 time when transmitted attack packet.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1913-1920
• /
• 2017

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

• KNOM Review
• /
• v.23 no.1
• /
• pp.10-17
• /
• 2020

As the threat of Distributed Denial-of-Service attacks that exploit weakly secure IoT devices has spread, research on source-side Denial-of-Service attack detection is being activated to quickly detect the attack and the location of attacker. In addition, a collaborative source-side attack detection technique that shares detection results of source-side networks located at individual sites is also being activated to overcome regional limitations of source-side detection. In this paper, we evaluate the performance of a collaborative source-side DDoS attack detection using statistical weights. The statistical weight is calculated based on the detection rate and false positive rate corresponding to the time zone of the individual source-side network. By calculating weighted sum of the source-side DoS attack detection results from various sites, the proposed method determines whether a DDoS attack happens. As a result of the experiment based on actual DNS request to traffic, it was confirmed that the proposed technique reduces false positive rate 2% while maintaining a high attack detection rate.

• Journal of Korea Multimedia Society
• /
• v.16 no.6
• /
• pp.678-688
• /
• 2013

Different Different from a single attack, in DDoS Attacks, the botnets that are distributed on network initiate attacks against the target server simultaneously. In such cases, it is difficult to take an action while denying the access of packets that are regarded as DDoS since normal user's convenience should also be considered at the target server. Taking these considerations into account, the DDoS botnet detection system that can reduce the strain on the target server by detecting DDoS attacks on each user network basis, and then lets the network administrator to take actions that reduce overall scale of botnets, has been implemented in this study. The DDoS botnet detection system proposed by this study implemented the program which detects attacks based on the database composed of faults and abnormalities collected through analyzation of hourly attack traffics. The presence of attack was then determined using the threshold of current traffic calculated with the standard deviation and the mean number of packets. By converting botnet-based detection method centering around the servers that become the targets of attacks to the network based detection, it was possible to contemplate aggressive defense concept against DDoS attacks. With such measure, the network administrator can cut large scale traffics of which could be referred as the differences between DDoS and DoS attacks, in advance mitigating the scale of botnets. Furthermore, we expect to have an effect that can considerably reduce the strain imposed on the target servers and the network loads of routers in WAN communications if the traffic attacks can be blocked beforehand in the network communications under the router equipment level.

• Proceedings of the Korea Contents Association Conference
• /
• 2003.05a
• /
• pp.223-226
• /
• 2003

The best way in order to protect the system resource front Distributed Denial of Service(DDoS) attack is cut off the source of DDoS attack with path retracing the packet which transferred by attacker. Packet marking method can not use ICMP cause by using IP identifier field as marking field. And in case of increasing the number of router, retracing method using router ID has the size of marking field's increasing problem. In this paper, we propose that retracing method can be available the ICMP using marking field for option field in IP header and the size of making Held do not change even though the number of router is increased using the mark information which value obtained through XOR operation on IP address.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.185-192
• /
• 2006

By mistaking normal packets for harmful traffic, it may not offer service according to the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DUoS(Distributed DoS) attack like the Internet worm. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWIB and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.217-226
• /
• 2005

In today's cyberworld, network performance is affected not only by an increased demand for legitimate content request, but also by an increase in malicious activity. In this Paper, we research that network performance was affected by an increase in malicious Hacker who make DoS Attack, DDoS Attack, SYN Flooding, IP Spoofing, etc. in using TCP/IP. We suggest that Packet filtering in Network Level, Gateway Level, Application Level against to Protect by Hacker's attack. Also, we suggest that content distribution in Web Server approaches to mitigate Hacker's activity using Cache Sever, Mirror Sever, CDN. These suggests are going to use useful Protection methode of Hacker's attack.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.709-711
• /
• 2003

현재 사용되어지는 컴퓨터 통신 프로토콜(OSI 7 layer reference model)은 구조적인 문제점을 들어내고 있다. 이런 문제점 때문에, 해커들은 수많은 패킷들을 생성시키는 Denial of Service(DoS) 공격과 Distributed Denial of Service(DDoS) 공격을 사용하여 한 호스트나 한 네트워크 자원에 치명적인 악영향을 미친다. 특정한 TCP 포트나 UDP 포트에 공격을 가하는 경우에는 룰 기반의 침입탐지 시스템(IDS)이 탐지 해낼 수 있지만 다른 임의의 포트에 공격을 가하게 되연 IDS는 이것을 탐지하지 못한다. 따라서 우리는 잉의의 포트에 DoS나 DDoS 공격들이 일어났을 때 이 공격들을 탐지할 수 있는 모델을 설계하였다.