• Annual Conference of KIPS
• /
• 한국정보처리학회 2003년도 추계학술발표논문집 (하)
• /
• pp.1985-1988
• /
• 2003

As the Distributed Denial of Service attack technique is getting smarter, defense method have been developed by various means. Existing defense method baseds on detection technique is not effective to DDoS attack. Because it depend on rule set that is used to detect attack and DDoS attack pattern has become very similar to real traffic pattern. So the rule set is not efficient method to find DDoS attack. To solve this problem, DDoS defense mechanism based on QoS technique has been suggested. In this paper, we summarize existing DDoS defense mechanism and focus on method based on QoS, and introduce a new DDoS defense framework.

• ETRI Journal
• /
• 제42권3호
• /
• pp.433-445
• /
• 2020

A denial-of-service (DoS) attack is a serious attack that targets web applications. According to Imperva, DoS attacks in the application layer comprise 60% of all the DoS attacks. Nowadays, attacks have grown into application- and business-layer attacks, and vulnerability-analysis tools are unable to detect business-layer vulnerabilities (logic-related vulnerabilities). This paper presents the business-layer dynamic application security tester (BLDAST) as a dynamic, black-box vulnerability-analysis approach to identify the business-logic vulnerabilities of a web application against DoS attacks. BLDAST evaluates the resiliency of web applications by detecting vulnerable business processes. The evaluation of six widely used web applications shows that BLDAST can detect the vulnerabilities with 100% accuracy. BLDAST detected 30 vulnerabilities in the selected web applications; more than half of the detected vulnerabilities were new and unknown. Furthermore, the precision of BLDAST for detecting the business processes is shown to be 94%, while the generated user navigation graph is improved by 62.8% because of the detection of similar web pages.

• Journal of Internet Computing and Services
• /
• 제10권2호
• /
• pp.15-28
• /
• 2009

This paper proposes HWbF(Hit and WLC based Firewall) design which consists of an PFS(Packet Filter Station) and APS(Application Proxy Station). PFS is designed to reduce bottleneck and to prevent the transmission delay of them by distributing packets with PLB(Packet Load Balancing) module, and APS is designed to manage a proxy cash server by using PCSLB(Proxy Cash Server Load Balancing) module and to detect a DoS attack with packet traffic quantity. Therefore, the proposed HWbF in this paper prevents packet transmission delay that was a drawback in an existing Firewall, diminishes bottleneck, and then increases the processing speed of the packet. Also, as HWbF reduce the 50% and 25% of the respective DoS attack error detection rate(TCP) about average value and the fixed critical value to 38% and 17%. with the proposed expression by manipulating the critical value according to the packet traffic quantity, it not only improve the detection of DoS attack traffic but also diminishes the overload of a proxy cash server.

• Journal of Digital Convergence
• /
• 제15권6호
• /
• pp.391-398
• /
• 2017

In this paper, we compared the performance of "Network Intrusion Detection System based on attack feature selection using fuzzy control language"[1] and "Intelligent Intrusion Detection System Model for attack classification using RNN"[2]. In this paper, we compare the intrusion detection performance of two techniques using KDD CUP 99 dataset. The KDD 99 dataset contains data sets for training and test data sets that can detect existing intrusions through training. There are also data that can test whether training data and the types of intrusions that are not present in the test data can be detected. We compared two papers showing good intrusion detection performance in training and test data. In the comparative paper, there is a lack of performance to detect intrusions that exist but have no existing intrusion detection capability. Among the attack types, DoS, Probe, and R2L have high detection rate using fuzzy and U2L has a high detection rate using RNN.

• International Journal of Computer Science & Network Security
• /
• 제23권6호
• /
• pp.147-154
• /
• 2023

Network intrusion refers to any unauthorized penetration or activity on a computer network. This upsets the confidentiality, integrity, and availability of the network system. One of the major threats to any system's availability is a Denial-of-Service (DoS) attack, which is intended to deny a legitimate user access to resources. Therefore, due to the complexity of DoS attacks, it is increasingly important to abstract and describe these attacks in a way that will be effectively detected. The automaton theory is used in this paper to implement a SYN Flood detection system based on Time-Dependent Finite Automata (TDFA).

• The Transactions of the Korea Information Processing Society
• /
• 제6권12호
• /
• pp.3606-3612
• /
• 1999

System(IDS) hasn't Protection capability for various security attacks perfectly. Because, It is probably affected by IDS's workload caused by treating all kind of the characteristics and attack patterns of system and can't probe all of the attack types being intelligently different with attack patterns. In this paper, we propose a new taxonomy criteria about DoS(denial of service attacks) to make more efficient and new real time probing system. It's started with an idea that most of the goal oriented systems make the state of system operation more unambiguous than general purpose system. A new event caused the state of the system operation to change and classifying a category of the new events may contribute to design the IDS.

• The Journal of the Korea Contents Association
• /
• 제6권1호
• /
• pp.151-159
• /
• 2006

This paper studied active response policy generation scheme in intrusion detection system. We considered seven requirements of intrusion detection system for active response with components as the preceding study We presented the scheme which I can generate signature with a base with integrate one model with NIDS and ADS. We studied detection of the Unknown Attack which was active, and studied scheme for generated to be able to do signature automatically through Unknown Attack detection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제13권1호
• /
• pp.19-26
• /
• 2003

Recently, the number of internet service companies is increasing and so is the number of malicious attackers. Damage such as distrust about credit and instability of the service by these attacks may influence us fatally as it makes companies image failing down. One of the frequent and fatal attacks is DoS(Denial-of-Service). Because the attacker performs IP spoofing for hiding his location in DoS attack it is hard to get an exact location of the attacker from source IP address only. and even if the system recovers from the attack successfully, if attack origin has not been identified, we have to consider the possibility that there may be another attack again in near future by the same attacker. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Martins Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin we were able to decrease the number of needed packets to traceback the IP address.

• International journal of advanced smart convergence
• /
• 제5권4호
• /
• pp.54-56
• /
• 2016

Code-reuse attacks are very dangerous in various systems. This is because they do not inject malicious codes into target systems, but reuse the instruction sequences in executable files or libraries of target systems. Moreover, code-reuse attacks could be more harmful to IoT systems in the sense that it may not be easy to devise efficient and effective mechanism for code-reuse attack detection in resource-restricted IoT devices. In this paper, we propose a detection scheme with using Kullback-Leibler (KL) divergence to combat against code-reuse attacks in IoT. Specifically, we detect code-reuse attacks by calculating KL divergence between the probability distributions of the packets that generate from IoT devices and contain code region addresses in memory system and the probability distributions of the packets that come to IoT devices and contain code region addresses in memory system, checking if the computed KL divergence is abnormal.

• The KIPS Transactions:PartC
• /
• 제11C권6호
• /
• pp.711-718
• /
• 2004

Packet sampling is the techniques to collect a part of the packets through network and analyze the characteristicsof the traffic for managing the network and keeping security. This paper presents a study on the sampling techniques applied to DDoS traffic and on the characteristics of the sampled traffic to detect DDoS attack efficiently and improve traffic analysis capacity. Three famous sampling techniques are evaluated with different sampling rates on various DDoS traffics. To analyze traffic characteristics, one of the DDoS attack detection method. Traffic Rate Analysis (TRA) is used. Simulation results verify that using sampling techniques preserve the traffic characteristics of DDoS and do not significantly reduce the detection accuracy.