• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.760-762
• /
• 2011

Data centers are usually under provisioned. This is not a problem in corporate data networks, but it can be a problem in cloud data networks. If an application is being served by that cloud infrastructure, the application owner must know the infrastructure limitations and should take some special measures to ensure QoS/availability of that application and to prevent against possible threats. In this paper we have discussed a new form of DoS that could take place in a cloud data network using the vulnerability caused by under provisioned network. We have also proposed a solution for this DoS attack, by which not only this attack will be detected, but can also be avoided in a very short time.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1543-1545
• /
• 2008

Scanning 은 불특정 사용자가 특정 시스템 혹은 네트워크에 대해 Dos/DDos Attack 을 하기에 앞서 취약성이 존재할 수 있는 서비스나 호스트를 발견하기 위해 취해지는 선행 기술 중 하나이다. 본 논문에서는 기존에 알려진 대표적인 Port Scanning 기법들에 대해 알아보고 기존에 널리 사용되고 있는 탐지 및 방어 기법과 이러한 방식이 가질 수 있는 문제점에 대해서도 살펴본 후 이를 보완할 수 있는 기법을 논의하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.883-886
• /
• 2001

DOS (Denial Of Service)에 대한 공격은 시스템의 정상적인 동작을 방해하여 시스템 사용자에 대한 서비스 제공을 거부하도록 만드는 공격으로 현재 이의 공격에 대한 탐지 알고리즘 및 연구들이 많이 제시되고 있다. 본 논문에서는 네트워크 또는 트랜스포트 계층에 해당하는 프로토콜(TCP/IP, ICMP, UDP) 공격을 분석하고 이들 프로토콜의 취약점을 공격하는 DOS 공격 이외의 다른 공격을 탐지하기 위하여 프로토콜의 기능별, 계층별에 따른 모듈화 작업을 통하여 네트워크 침입탐지 시스템을 구성하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.3-10
• /
• 1997

Computer viruses are increasing in number and are continually intellectualized as well. To cope with this problem, anti-virus tools such as a scanner and the monitoring program have been developed. But it is not guaranteed that these softwares will work in safety under MS-DOS' control. If the virus is run first, it can avoid the monitoring of anti-virus software or even can attack the anti-virus software. Therefore, anti-virus programs should be run before the system is infected. This paper presents a new PC starting mechanism which allows the PC system to start from a clean state after booting. For this mechanism, we build a new disk file system different from DOS' file system, and manage the two file systems heterogeneously. Our system is strong against boot viruses and recovers from infections automatically.

• Convergence Security Journal
• /
• v.6 no.1
• /
• pp.45-53
• /
• 2006

It has been proposed that several RFID authentication protocols based on hash chain. Status based authentication protocol and challenge-response based authentication protocol are secured against location tracking attacks, spoofing attacks, replay attacks, traffic analysis attacks but are vulnerable to Dos attacks. RFID authentication protocol with strong resistance against traceability and denial of service attack is secured against location tracking attack, spoofing attacks, replay attacks, DoS attacks but are vulnerable to traffic analysis attacks. The present study suggests a more secure and lightweight RFID authentication protocol which is combining the advantages of hash-chain authentication protocol and RFID authentication protocol with strong resistance against traceability and denial of service attack. The results of the secure analysts for a proposed protocol are illustrated that it is secured against location tracking attacks, spoofing attacks, replay attacks, traffic analysis attacks, Dos attacks and is a lightweight operation between server and tag.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.545-548
• /
• 2005

Recently, the computing environment of P2P come out to solve the excessive load of the server in the computing environment of the client/server. Currently, operated computing environment of P2P is mainly spreading out P2P system of read name or anonymity base about a publisher, sender and receiver of the file. But, to the current file protection there is three problem. The first problem is to a host become attack target. The second is to received file loose attack of Brute Force. The third is to define target of attack of DOS. To solve the this problem. it divide file into block unit. Each block is safely scattered peers. This paper propose the distribution P2P system of file division. Both proposing system solve the this problem and promote efficiency of file application.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.19-26
• /
• 2003

Recently, the number of internet service companies is increasing and so is the number of malicious attackers. Damage such as distrust about credit and instability of the service by these attacks may influence us fatally as it makes companies image failing down. One of the frequent and fatal attacks is DoS(Denial-of-Service). Because the attacker performs IP spoofing for hiding his location in DoS attack it is hard to get an exact location of the attacker from source IP address only. and even if the system recovers from the attack successfully, if attack origin has not been identified, we have to consider the possibility that there may be another attack again in near future by the same attacker. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Martins Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin we were able to decrease the number of needed packets to traceback the IP address.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2002.05a
• /
• pp.252-255
• /
• 2002

As more critical services are provided in the internet, the risk to these services from malicious users increases. Several networks have experienced problems like Denial of Service(DoS) attacks recently. We analyse a network-based denial of service attack, which is called SYM flooding, to TCP-based networks. It occurs by an attacker who sends TCP connection requests with spoofed source address to a target system. Each request causes the targeted system to send instantly data packets out of a limited pool of resources. Then the target system's resources are exhausted and incoming TCP port connections can not be established. The paper is concerned with a detailed analysis of TCP SYN flooding denial of service attack. In this paper, we propose a Real Time Scan Detector(RTSD) mechanism and evaluate it\`s Performance.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1849-1856
• /
• 2013

DOS attack, the short of Denial of Service attack is an internet intrusion technique which harasses service availability of legitimate users. To respond the DDoS attack, a lot of methods focusing attack source, target and intermediate network, have been proposed, but there have not been a clear solution. In this paper, we purpose the prevention of malicious activity and early detection of DDoS attack by detecting and removing the activity of botnets, or other malicious codes. For the purpose, the proposed method monitors the network traffic, especially DSN traffic, which is originated from botnets or malicious codes.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.909-912
• /
• 2005

다양한 정보보호체계가 운영되고 있지만, 방화벽과 침입탐지시스템이 가장 많이 운영되고 있는 실정에서, 본 논문에서는 방화벽 관리자의 차단로그 분석을 효율적으로 지원하면서, 방화벽에 의해 차단되어 침입탐지시스템이 탐지하지 못해 관리자가 지나칠 우려가 있는 공격행위를 방화벽을 통해 인지할 수 있는 방안을 구성했다. 이를 통해 관리자는 침입탐지시스템과 함께 네트워크를 통한 스캔 및 DOS 등의 공격을 방화벽을 통해 인지할 수 있어 안정적인 네트워크 운영이 가능하다.