• 한국정보통신설비학회:학술대회논문집
• /
• 2005.08a
• /
• pp.313-317
• /
• 2005

The network ingress filtering is a simple and efficient method for preventing IP source spoofing of fixed nodes. Since mobile hosts cannot communicate with its correspondent nodes if the network ingress filtering is configured in mobile IPv4 network, reverse tunneling was considered as a method for avoiding network ingress filtering. But, unfortunately this method does not solve IP source spoofing of mobile nodes. In this paper, we propose a simple and efficient method for preventing IP source spoofing of mobile nodes assuming that only the mobile hosts connected to foreign agents and the network that foreign agent manages is small.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.165-174
• /
• 2006

This paper attacked the unknown DoS which mixed a DoS attack, Worm and the Trojan horse which used IP Source Address Spoofing and Smurf through the SYN Flooding way that UDP, ICMP, Echo, TCP Syn packet operated, the applications that used TCP/UDP in VoIP service networks. Define necessity of a Dynamic Update Engine for a prevention, and measure Miss traffic at RT statistics of inbound and outbound parts in case of designs of an engine at IPS regarding an Self-learning module and a statistical attack spread, and design a logic engine module. Three engines judge attack grades (Attack, Suspicious, Normal), and keep the most suitable filtering engine state through AND or OR algorithms at Footprint Lookup modules. A Real-Time Dynamic Engine and Filter updated protected VoIP service from DoS attacks, and strengthened Ubiquitous Security anger, and were turned out to be.

• KSCI Review
• /
• v.14 no.2
• /
• pp.235-244
• /
• 2006

This paper attacked the unknown DoS which mixed a DoS attack, Worm and the Trojan horse which used IP Source Address Spoofing and Smurf through the SYN Flooding way that UDP, ICMP, Echo, TCP Syn packet operated. the applications that used TCP/UDP in VoIP service networks. Define necessity of a Dynamic Update Engine for a prevention, and measure Miss traffic at RT statistics of inbound and outbound parts in case of designs of an engine at IPS regarding an Self-learning module and a statistical attack spread. and design a logic engine module. Three engines judge attack grades (Attack Suspicious, Normal), and keep the most suitable filtering engine state through AND or OR algorithms at Footprint Lookup modules. A Real-Time Dynamic Engine and Filter updated protected VoIP service from DoS attacks, and strengthened Ubiquitous Security anger, and were turned out to be.

• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.13-25
• /
• 2005

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing PPM based tracing scheme(such as router node appending, sampling and edge sampling) insert traceback information in IP packet header for IP Traceback. But, these schemes did not provide enhanced performance in DDoS attack. In this paper, we propose a 'TTL based advanced Packet Marking' mechanism for IP Traceback. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance traceback performance.

• Journal of Internet Computing and Services
• /
• v.5 no.1
• /
• pp.85-97
• /
• 2004

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a "advanced ICMP Traceback" mechanism. which is based on the modified push back system. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source.ck source.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.19-26
• /
• 2003

Recently, the number of internet service companies is increasing and so is the number of malicious attackers. Damage such as distrust about credit and instability of the service by these attacks may influence us fatally as it makes companies image failing down. One of the frequent and fatal attacks is DoS(Denial-of-Service). Because the attacker performs IP spoofing for hiding his location in DoS attack it is hard to get an exact location of the attacker from source IP address only. and even if the system recovers from the attack successfully, if attack origin has not been identified, we have to consider the possibility that there may be another attack again in near future by the same attacker. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Martins Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin we were able to decrease the number of needed packets to traceback the IP address.

• Journal of Korea Multimedia Society
• /
• v.7 no.8
• /
• pp.1120-1130
• /
• 2004

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing proactive tracing scheme(such as packet marking and messaging) prepares information for tracing when packets are in transit. But, these scheme require additional network overhead. In this paper, we propose a "advanced Traceback" mechanism, which is based on the modified Pushback system with secure router mechanism. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance Traceback performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.173-186
• /
• 2003

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive dating. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a 'advanced ICW Traceback' mechanism, which is based on the modified pushback system with secure router mechanism. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source, by which we can diminish network overload and enhance Traceback performance.

• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.1-12
• /
• 2005

Recently, the patterns of cyber attack through internet have been various and have become more complicated and thus it is difficult to detect a network intruder effectively and to response the intrusion quickly. Therefore, It is almost not possible to chase the real location of a network intruder and to isolate the Intruder from network in UDP based DoS or DDoS attacks spoofing source IP address and in TCP based detour connection attacks. In this paper, we propose active security architecture on active network to correspond to various cyber attacks promptly. Security management framework is designed using active technology, and security control mechanism to chase and isolate a network intruder is implemented. We also test the operation of the active security mechanism implemented on test_bed according to several attack scenarios and analyze the experiment results.

• ETRI Journal
• /
• v.36 no.5
• /
• pp.865-875
• /
• 2014

Voice phishing (vishing) uses social engineering, based on people's trust in telephone services, to trick people into divulging financial data or transferring money to a scammer. In a vishing attack, a scammer often modifies the telephone number that appears on the victim's phone to mislead the victim into believing that the phone call is coming from a trusted source, since people typically judge a caller's legitimacy by the displayed phone number. We propose a system named iVisher for detecting a concealed incoming number (that is, caller ID) in Session Initiation Protocol-based Voice-over-Internet Protocol initiated phone calls. Our results demonstrate that iVisher is capable of detecting a concealed caller ID without significantly impacting upon the overall call setup time.