• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4204-4222
• /
• 2015

Cloud is the latest buzz word in the internet community among developers, consumers and security researchers. There have been many attacks on the cloud in the recent past where the services got interrupted and consumer privacy has been compromised. Denial of Service (DoS) attacks effect the service availability to the genuine user. Customers are paying to use the cloud, so enhancing the availability of services is a paramount task for the service provider. In the presence of DoS attacks, the availability is reduced drastically. Such attacks must be detected and prevented as early as possible and the power of computational approaches can be used to do so. In the literature, machine learning techniques have been used to detect the presence of attacks. In this paper, a novel approach is proposed, where intelligent rule based feature selection and classification are performed for DoS attack detection in the cloud. The performance of the proposed system has been evaluated on an experimental cloud set up with real time DoS tools. It was observed that the proposed system achieved an accuracy of 98.46% on the experimental data for 10,000 instances with 10 fold cross-validation. By using this methodology, the service providers will be able to provide a more secure cloud environment to the customers.

• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.351-358
• /
• 2008

Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems(IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network environment. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. Secondly, we use a machine learning approach based on a Support Vector Machine(SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB data sets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.622-627
• /
• 2022

This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2008.06a
• /
• pp.175-182
• /
• 2008

2008년에 있었던 우리나라 금융기관과 정부기관에 대한 DoS 공격에 대한 연구이다. 실험실 환경에서 실제 DoS 공격 툴을 이용하여 공격을 실시한다. DoS 공격을 탐지하기 위하여 네트워크 상에서 Snort를 이용한 N-IDS를 설치하고, 패킷을 탐지하기 위한 Winpcap과 패킷의 저장 및 분석하기 위한 MySQL, HSC, .NET Framework 등을 설치한다. e-Watch 등의 패킷 분석 도구를 통해 해커의 DoS 공격에 대한 패킷량과 TCP, UDP 등의 정보, Port, MAC과 IP 정보 등을 분석한다. 본 논문 연구를 통하여 유비쿼터스 정보화 사회의 역기능인 사이버 DoS, DDoS 공격에 대한 자료를 분석하여 공격자에 대한 포렌식자료 및 역추적 분석 자료를 생성하여 안전한 인터넷 정보 시스템을 확보하는데 의의가 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1181-1190
• /
• 2013

The GOOSE(Generic Object Oriented Substation Event) is used as a network protocol to communicate between IEDs(Intelligent Electronic Devices) in international standard IEC 61850 of substation automation system. Nevertheless, the GOOSE protocol is facing many similar threats used in TCP/IP protocol due to ethernet-based operation. In this paper, we develop a IDS(Intrusion Detection System) for secure GOOSE Protocol using open software-based IDS Snort. In this IDS, two security functions for keyword search and DoS attack detection are implemented through improvement of decoding and preprocessing component modules. And we also implement the GOOSE IDS and verify its accuracy using GOOSE packet generation and communication experiment.

• The Journal of the Korea Contents Association
• /
• v.8 no.5
• /
• pp.9-18
• /
• 2008

Web-services have originally been devised to share information as open services. In connection with it, hacking incidents have surged. Currently, Web-log analysis plays a crucial clue role in detecting Web-hacking. A growing number of cases are really related to perceiving and improving the weakness of Web-services based on Web-log analysis. Such as this, Web-log analysis plays a central role in finding out problems that Web has. Hence, Our research thesis suggests Web-DoS-hacking detective technique In the process of detecting such problems through SOM algorithm, the emergence frequency of BMU(Best Matching Unit) was studied, assuming the unit with the highest emergence frequency, as abnormal, and the problem- detection technique was recommended through the comparison of what's called BMU as input data.

• Journal of IKEEE
• /
• v.27 no.4
• /
• pp.531-536
• /
• 2023

This paper proposes a sliding window method with frame feature insertion for immediate attack detection on in-vehicle networks. This method guarantees real-time attack detection by labeling based on the attack status of the current frame. Experiments show that the proposed method improves detection performance by giving more weight to the current frame in CNN computation. The proposed model was designed based on a lightweight LeNet-5 architecture and it achieves 100% detection for DoS attacks. Additionally, by comparing the complexity with conventional models, the proposed model has been proven to be more suitable for resource-constrained devices like ECUs.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.423-429
• /
• 2014

DDoS attacks is upgrade of DoS attacks. Botnet is being used by DDoS attack, so it is able to attack a millions of PCs at one time. DDoS attacks find the root the cause of the attack because it is hard to find sources for it, even after the treatment wavelength serious social problem in this study, the analysis and countermeasures for DDoS attack is presented.

• Journal of Food Hygiene and Safety
• /
• v.24 no.4
• /
• pp.338-347
• /
• 2009

The content of residual pesticides in commercial agricultural products in Gyeongsangbuk-Do area was investigated for 5 years extending the year 2004 through 2008. The detection rates of residual pesticides in agricultural products by year were similar in range of 11.6~16.4%. But the violation rates showed lower values in the last years from 4.5% of the year 2004 to 0% of the year 2007. The highest residual concentration of each pesticide detected in commercial agricultural products was investigated by year. That is, in the year 2004 and 2005, chlorpyrifos, chlorothalonil, diazinon, endosulfan, ethoprophos, fenarimol and procymidone were detected over the tolerance in kale, parsley, celery, chard and lettuce, and in the year 2006, permethrin in the soybean and peanut. The detection rate and violation rate of pesticides were highly increased in the order of the endosulfan, chlorpyrifos, procymidone, chlorfenapyr, fenitrothion, imazalil, isoprothiolane, methidathion and permethrin. The detection rate and violation rate of pesticides were increased after August every year.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.709-711
• /
• 2022

ICT 기술의 빠른 발전과 함께 Internet of Things (IoT) 환경에서의 Internet Protocol (IP) 카메라의 사용률이 증가하면서, IP 카메라에 대한 개인정보 이슈와 제품의 보안성 검토 관련 소비자의 개인정보 유출 우려가 증가하고 있다. 본 논문에서는, IP 카메라에 대한 4개 종류의 Denial of Service (DoS) 공격을 통해 IP 카메라 이상 반응을 확인했다. 또한, 이 과정에서 수집한 공격 패킷 데이터를 기반으로, DoS 공격을 탐지하는 간단한 피쳐 구성과 머신러닝 모델을 제안하였다. 최종적으로, DoS 공격을 통해 실제 IP 카메라에 대한 가용성 테스트를 수행하였으며 머신러닝 알고리즘 4개 Decision Tree, Random Forest, Multilayer Perceptron, SVM에서의 DoS 공격 탐지 성능을 비교하였다.