• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4529-4548
• /
• 2016

DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.95-105
• /
• 2018

As the IT industry developed, the information held by the company soon became a corporate asset. As this information has value as an asset, the number and scale of various cyber attacks which targeting enterprises and institutions is increasing day by day. Therefore, research are being carried out to protect the assets from cyber attacks by using the attack graph to identify the possibility and risk of various attacks in advance and prepare countermeasures against the attacks. In the attack graph, security metric is used as a measure for determining the importance of each asset or the risk of an attack. This is a key element of the attack graph used as a criterion for determining which assets should be protected first or which attack path should be removed first. In this survey, we research trends of various security metrics used in attack graphs and classify the research according to application viewpoints, use of CVSS(Common Vulnerability Scoring System), and detail metrics. Furthermore, we discussed how to graft the latest security technologies, such as MTD(Moving Target Defense) or SDN(Software Defined Network), onto the attack graphs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.11
• /
• pp.5404-5424
• /
• 2018

This work is mainly focused on two major topics in cloud platforms by using OpenStack as a case study: management and provisioning of resources to meet the requirements of a service demanded by remote end-user and relocation of virtual machines (VMs) requests to offload the encumbered compute nodes. The general framework architecture contains two subsystems: 1) An orchestrator that allows to systematize provisioning and resource management in OpenStack, and 2) A resource utilization based subsystem for vibrant VM relocation in OpenStack. The suggested orchestrator provisions and manages resources by: 1) manipulating application program interfaces (APIs) delivered by the cloud supplier in order to allocate/control/manage storage and compute resources; 2) interrelating with software-defined networking (SDN) controller to acquire the details of the accessible resources, and training the variations/rules to manage the network based on the requirements of cloud service. For resource provisioning, an algorithm is suggested, which provisions resources on the basis of unused resources in a pool of VMs. A sub-system is suggested for VM relocation in a cloud computing platform. The framework decides the proposed overload recognition, VM allocation algorithms for VM relocation in clouds and VM selection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.2964-2985
• /
• 2019

Global data center IP traffic is expected to reach 20.6 zettabytes (ZB) by the end of 2021. Intra-data center networks (Intra-DCN) will account for 71.5% of the data center traffic flow and will be the largest portion of the traffic. The understanding of traffic distribution in IntraDCN is still sketchy. It causes significant amount of bandwidth to go unutilized, and creates avoidable choke points. Conventional transport protocols such as Optical Packet Switching (OPS) and Optical Burst Switching (OBS) allow a one-sided view of the traffic flow in the network. This therefore causes disjointed and uncoordinated decision-making at each node. For effective resource planning, there is the need to consider joining the distributed with centralized management which anticipates the system's needs and regulates the entire network. Methods derived from Kalman filters have proved effective in planning road networks. Considering the network available bandwidth as data transport highways, we propose an intelligent enhanced SDN concept applied to OBS architecture. A management plane (MP) is added to conventional control (CP) and data planes (DP). The MP assembles the traffic spatio-temporal parameters from ingress nodes, uses Kalman filtering prediction-based algorithm to estimate traffic demand. Prior to packets arrival at edges nodes, it regularly forwards updates of resources allocation to CPs. Simulations were done on a hybrid scheme (1+1) and on the centralized OBS. The results demonstrated that the proposition decreases the packet loss ratio. It also improves network latency and throughput-up to 84 and 51%, respectively, versus the traditional scheme.

• KNOM Review
• /
• v.23 no.1
• /
• pp.10-17
• /
• 2020

As the threat of Distributed Denial-of-Service attacks that exploit weakly secure IoT devices has spread, research on source-side Denial-of-Service attack detection is being activated to quickly detect the attack and the location of attacker. In addition, a collaborative source-side attack detection technique that shares detection results of source-side networks located at individual sites is also being activated to overcome regional limitations of source-side detection. In this paper, we evaluate the performance of a collaborative source-side DDoS attack detection using statistical weights. The statistical weight is calculated based on the detection rate and false positive rate corresponding to the time zone of the individual source-side network. By calculating weighted sum of the source-side DoS attack detection results from various sites, the proposed method determines whether a DDoS attack happens. As a result of the experiment based on actual DNS request to traffic, it was confirmed that the proposed technique reduces false positive rate 2% while maintaining a high attack detection rate.

• KNOM Review
• /
• v.24 no.2
• /
• pp.13-23
• /
• 2021

Recently, as networks become more complex due to the activation of IoT devices, research on long-term traffic prediction beyond short-term traffic prediction is being activated to predict and prepare for network congestion in advance. The recursive strategy, which reuses short-term traffic prediction results as an input, has been extended to multi-step traffic prediction, but as the steps progress, errors accumulate and cause deterioration in prediction performance. In this paper, an LSTM-based multi-step traffic prediction method using a multi-output strategy is introduced and its performance is evaluated. As a result of experiments based on actual DNS request traffic, it was confirmed that the proposed LSTM-based multiple output strategy technique can reduce MAPE of traffic prediction performance for non-stationary traffic by 6% than the recursive strategy technique.