• The Journal of the Korea Contents Association
• /
• v.6 no.12
• /
• pp.29-39
• /
• 2006

With the increasing popularity of the wireless network, the vulnerability issue on IEEE 802.1x Wireless Local Area Network (WLAN) are more serious than we expected. Security issues range from mis-configured wireless Access Point(AP) such as session hijacking to Denial of Service(DoS) attack. We propose a new system based on intrusion detection or prevention mechanism to protect the wireless network against these attacks. The proposed system has a security solution on AP that includes an intrusion detection and protection system(IDS/IPS) as an embedded module. In this paper, we suggest integrated wireless IDS/IPS module on AP with wireless traffic monitoring, analysis and packet filtering module against malicious wireless attacks. We also present that the system provides both enhanced security and performance such as on the university wireless campus network.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.11a
• /
• pp.189-194
• /
• 2005

Present hacking technology is undergone a change on the distributed DoS Attack which cause a lot of traffic to the network or single host. In this paper, with giving mobility to the mean deviation per protocol and it's field, and with adapting pattern matching approach to DDoS attack detection technique, we propose a method to detect the DDoS attack, to have less misdetection and to detect these attacks correctly.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.614-621
• /
• 2022

This paper proposes RIDS (Random Forest-Based Intrusion Detection), which is an intrusion detection system to detect hacking attack based on random forest. RIDS detects three typical attacks i.e. DoS (Denial of service) attack, fuzzing attack, and spoofing attack. It detects hacking attack based on four parameters, i.e. time interval between data frames, its deviation, Hamming distance between payloads, and its diviation. RIDS was designed in memory-centric architecture and node information is stored in memories. It was designed in scalable architecture where DoS attack, fuzzing attack, and spoofing attack can be all detected by adjusting number and depth of trees. Simulation results show that RIDS has 0.9835 accuracy and 0.9545 F1 score and it can detect three attack types effectively.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.713-716
• /
• 2011

인터넷 유저가 증가하면서 DDoS 공격은 인터넷 안정성에 매우 중요한 위협을 가하고 있다. 서비스 거부 공격이란 서비스를 제공하는데 있어 필요한 컴퓨팅 및 통신 자원을 고갈시키는 공격으로 원천적으로 해결하기가 매우 힘든 것으로 알려져 있다. 인터넷과 같은 대규모 망을 대상으로 한 네트워크 공격은 효과적인 탐지 방법이 요구된다. 그러므로 대규모 망에서 침입 탐지 시스템은 효율적인 실시간 탐지가 필요하다. 본 논문에서는 DDoS 공격에 따른 비정상적인 트래픽 범람을 방지하고 합법적인 트래픽 전송을 보장하기 위하여 엔트로피기반의 DDoS 공격 대응 기법을 제안한다. OPNET을 이용해 구현한 결과 DDoS 공격중에 원활한 서비스를 제공할 수 있는 것을 확인하였다.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2002.05a
• /
• pp.252-255
• /
• 2002

As more critical services are provided in the internet, the risk to these services from malicious users increases. Several networks have experienced problems like Denial of Service(DoS) attacks recently. We analyse a network-based denial of service attack, which is called SYM flooding, to TCP-based networks. It occurs by an attacker who sends TCP connection requests with spoofed source address to a target system. Each request causes the targeted system to send instantly data packets out of a limited pool of resources. Then the target system's resources are exhausted and incoming TCP port connections can not be established. The paper is concerned with a detailed analysis of TCP SYN flooding denial of service attack. In this paper, we propose a Real Time Scan Detector(RTSD) mechanism and evaluate it\`s Performance.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06a
• /
• pp.124-127
• /
• 2008

DoS/DDoS로 대표되는 트래픽 폭주 공격은 대상 시스템뿐만 아니라 네트워크 대역폭, 프로세서 처리능력, 시스템 자원 등에 악영향을 줌으로써 네트워크에 심각한 장애를 유발할 수 있다. 따라서 신속한 트래픽 폭주 공격의 탐지는 안정적인 서비스 제공 및 시스템 운영에 필수요건이다. 전통적인 패킷 수집을 통한 DoS/DDoS의 탐지방법은 공격에 대한 상세한 분석은 가능하나 설치의 확장성 부족, 고가의 고성능 분석시스템의 요구, 신속한 탐지를 보장하지 못한다는 문제점을 갖고 있다. 본 논문에서는 15초 단위의 SNMP MIB 객체 정보를 바탕으로 SVDD(support vector data description)를 이용하여 보다 빠르고 정확한 침입탐지와 쉬운 확장성, 저비용탐지 및 정확한 공격유형별 분류를 가능케 하는 새로운 시스템을 설계 및 구현하였다. 실험을 통하여 만족스러운 침입 탐지율과 안전한 false negative rate, 공격유형별 분류율 수치 등을 확인함으로써 제안된 시스템의 성능을 검증하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.1001-1004
• /
• 2011

Denial of Service (DoS) 공격은 현재 심각한 국가적 보안 문제로 떠오르고 있다. DoS 란, 많은양의 네트워크 트래픽을 발생시켜 속도를 매우 느리게 만들거나, 가용 자원을 고갈시켜 사용자에게 서비스를 정상적으로 제공하지 못하도록 만드는 공격이다. 그 중에서 Distributed Denial of Service (DDoS)는 네트워크에 분산된 컴퓨터들을 감염시켜 공격에 사용하기 때문에 더 위험하다. DDoS 종류 중 한가지인 Smurf Attack 은 ICMP ECHO 와 IP 브로드캐스트를 이용하여 많은 양의 트래픽을 발생시킨다. 본 논문에서는 Smurf Attack 에 쓰이는 ICMP ECHO REQUEST 패킷을 조각화시켜서 전송할 시, 피해자에게 전송되는 패킷의 숫자가 기존 방법보다 증가하고 피해자 컴퓨터의 IP 스택에서 발생하는 취약점을 도출하고 그로 인한 피해를 분석하였다. 끝으로 ICMP ECHO 패킷의 조각화를 방지하기 위한 방안을 제시하였다.

• Journal of Computing Science and Engineering
• /
• v.5 no.4
• /
• pp.305-313
• /
• 2011

Due to the expansion of high-speed Internet access, the need for secure and reliable networks has become more critical. The sophistication of network attacks, as well as their severity, has also increased recently. As such, more and more organizations are becoming vulnerable to attack. The aim of this research is to classify network attacks using neural networks (NN), which leads to a higher detection rate and a lower false alarm rate in a shorter time. This paper focuses on two classification types: a single class (normal, or attack), and a multi class (normal, DoS, PRB, R2L, U2R), where the category of attack is also detected by the NN. Extensive analysis is conducted in order to assess the translation of symbolic data, partitioning of the training data and the complexity of the architecture. This paper investigates two engines; the first engine is the back-propagation neural network intrusion detection system (BPNNIDS) and the second engine is the radial basis function neural network intrusion detection system (BPNNIDS). The two engines proposed in this paper are tested against traditional and other machine learning algorithms using a common dataset: the DARPA 98 KDD99 benchmark dataset from International Knowledge Discovery and Data Mining Tools. BPNNIDS shows a superior response compared to the other techniques reported in literature especially in terms of response time, detection rate and false positive rate.

• Journal of the Society of Disaster Information
• /
• v.1 no.1
• /
• pp.43-71
• /
• 2005

Terrorism is the use of violence, especially murder and bombing, in order to achieve political aim or to force a government to do something. Nowadays, instrument of mass destruction are smaller, cheaper, and more readily available. Cellular phones were used as timers in the attacks in Madrid last March. Hijacking an airplane is relatively inexpensive. Finally, the information revolution provides inexpensive means of communication and organization that allow groups once restricted to local and national police jurisdictions to become global. Al Qaeda is said to have established a network in fifty or more countries. These technological and ideological trends increased both the lethality and the difficulty of managing terrorism. Because of the unprecedented scale of Al Qaeda's attacks, the focus is properly on Islamic extremists. But it would be a mistake to limit our concern solely to Islamic terrorists, for that would ignore the way that technology is putting into the hands of deviant groups and individuals' destructive capabilities that were once limited primarily to governments and armies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.7B
• /
• pp.858-867
• /
• 2011

The RFID(Radio-Frequency IDentification) systems have many security problem such as eavesdropping, a replay attack, location tracking and DoS(Denial of Service) attacks. Because RFID systems use radio-frequency. So research are being made to solve the problem of RFID systems, one of which is AES algorithm. This paper presents an authentication protocol using AES and one-time random number to secure other attacks like eavesdropping, a replay attack, location tracking, In addtion, RSMAP uses OTP(One-Time Pad) in order to safely transmit.