• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.3
• /
• pp.595-603
• /
• 2017

We propose a scheme to reduce the time for the SSL/TLS handshake by embedding it into the TCP 3-way handshake. The scheme can be selectively applied on the standard TCP for making the SSL/TCP handshake happen within the TCP handshake, rather than performing the TCP handshake and SSL/TLS handshake in sequence. We implemented a prototype of the scheme and did some experiments on its performance. Experimental results showed that, compared to the sequential handshakes of the TCP and the SSL/TLS, the time reduction achieved by the scheme varied in the range of 3.2% and 14%(when the elapsed time by the ping program from the client to the server was 11.6ms). The longer the time measured by the ping program, which would grow as the propagation and queuing delays do, the larger the reduction rate. It accords with the supposition that the reduced time due to the scheme will increase in proportion to the amount of the elapsed time measured by the ping program.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.605-607
• /
• 2012

In this paper, we propose another TCP Reset Attack. In the process of TCP's 3-way handshake, the receiver in the listen state receives segment including abnormal ACK number, then sends Reset to the sender (RFC 792). In this study, Attacker who monitors sender's packets sent in TCP initial connection sends segment including abnormal ACK number to the receiver before the sender sends normal ACK segment. The receiver received abnormal ACK number sends Reset to the sender. As a result, TCP connection is not established between the sender and the receiver.

• Proceedings of the KIEE Conference
• /
• 2004.11c
• /
• pp.234-236
• /
• 2004

Transmission control protocol(TCP) is protocol used in internet. TCP is seldom transmission error and is protocol based on wire environment. TCP uses 3 way handshake ways, data transmission control through windows size, data transmission control through reception confirmation, sliding window for packet delivery. In this study, designed TCP packet ion module for analyze the TCP segments & correct information about TCP. TCP capture in internet using designed TCP module and analysed TCP segments composition. Through this, could analyze the correct information of protocol in network.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.10
• /
• pp.491-498
• /
• 2005

The Denial of Service(DoS) attacks, which are done by consuming all of the computing or communication resources necessary for the services, are known very difficult to be protected from. TCP has drawbacks in its connection establishment for possible DoS attacks. TCP maintains the state of each partly established connection in the connection queue until it is established completely and accepted by the application. The attackers can make the queue full by sending connection requests repeatedly and not completing the connection establishment steps for those requests. In this paper, we have designed and implemented the extended TCP for preventing from SYN Flood DoS attacks. In the extended TCP, the state of each partly established connection is not maintained in the queue until the connection is established completely. For the extended TCP, we have modified the 3-way handshake procedure of TCP and implemented the extended TCP in the Linux operating system. The test result shows $0.05\%$ delay more than original TCP, but it shows that the extended TCP is strong for SYN Flood attacks.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.276-282
• /
• 2022

One of the most essential foundations upon which big institutions rely in delivering cloud computing and hosting services, as well as other kinds of multiple digital services, is the security of infrastructures for digital and information services throughout the world. Distributed denial-of-service (DDoS) assaults are one of the most common types of threats to networks and data centers. Denial of service attacks of all types operates on the premise of flooding the target with a massive volume of requests and data until it reaches a size bigger than the target's energy, at which point it collapses or goes out of service. where it takes advantage of a flaw in the Transport Control Protocol's transmitting and receiving (3-way Handshake) (TCP). The current study's major focus is on an architecture that stops DDoS attacks assaults by producing code for DDoS attacks using a cloud controller and calculating Round-Tripe Time (RTT).

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2002.05a
• /
• pp.252-255
• /
• 2002

As more critical services are provided in the internet, the risk to these services from malicious users increases. Several networks have experienced problems like Denial of Service(DoS) attacks recently. We analyse a network-based denial of service attack, which is called SYM flooding, to TCP-based networks. It occurs by an attacker who sends TCP connection requests with spoofed source address to a target system. Each request causes the targeted system to send instantly data packets out of a limited pool of resources. Then the target system's resources are exhausted and incoming TCP port connections can not be established. The paper is concerned with a detailed analysis of TCP SYN flooding denial of service attack. In this paper, we propose a Real Time Scan Detector(RTSD) mechanism and evaluate it\`s Performance.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.13 no.2
• /
• pp.148-153
• /
• 2003

A DoS(Denial of Service) attack appears in the form of the intrusion attempt and Syn Flooding attack is a typical example. The Syn Flooding attack takes advantage of the weak point of 3-way handshake between the end-points of TCP which is the connection-oriented transmission service and has the reliability This paper proposes a NIIP(Network based Intelligent Intrusion Prevention) model. This model captures and analyzes the packet informations for the detection of Syn Flooding attack. Using the result of analysis of decision module, the decision module, which utilizes FCM(Fuzzy Cognitive Maps), measures the degree of danger of the DoS and trains the response module to deal with attacks. This model is a network based intelligent intrusion prevention model that reduces or prevents the danger of Syn Flooding attack.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1202-1205
• /
• 2009

본 논문은 단말 호스트에서 발생한 트래픽 정보를 분석하여 단말 호스트의 다양한 정보를 수집하는 방법론에 대하여 기술한다. 본 논문에서는 첫째로 TCP 의 3-way handshake 중 SYN 패킷의 정보를 이용한 호스트의 운영체제를 예측하는 방법론과 해당 호스트에서 발생한 TCP 연결의 응답시간 분포를 분석하여 호스트의 네트워크 접근 밥법이 유 무선인지 분류하는 새로운 방법론을 제안한다. 분석이 완료된 호스트는 데이타베이스에 해당 호스트의 정보를 기록한다. 이는 웹을 통해 손쉽게 확인 가능하도록 하기 위함이다. 또한 하나의 호스트에서 유 무선 트래픽이 동시에 발생되었을 경우, 이에 대한 정보를 기반으로 유 무선 공유기 설치 유무를 판별할수 있도록 설계하였다.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2002.12a
• /
• pp.258-261
• /
• 2002

최근 네트워크 취약점 검색 방법을 이용한 침입 공격이 증가하는 추세이며 이런 공격에 대하여 적절하게 실시간 탐지 및 대응 처리하는 침입방지시스템(IPS: Intrusion Prevention System)에 대한 연구가 지속적으로 이루어지고 있다. 본 논문에서는 시스템에 허락을 얻지 않은 서비스거부 공격(Denial of Service Attack) 기술 중 TCP의 신뢰성 및 연결 지향적 전송서비스로 종단간에 이루어지는 3-Way Handshake를 이용한 Syn Flooding Attack에 대하여 침입시도패킷 정보를 수집, 분석하고 퍼지인식도(FCM : Fuzzy Cognitive Maps)를 이용한 침입시도여부결정 및 대응 처리하는 네트워크 기반의 실시간 탐지 및 방지 모델(Network based Real Time Scan Detection & Prevention Model)을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11a
• /
• pp.363-366
• /
• 2002

최근 네트워크 취약점 검색 방법을 이용한 침입 공격이 늘어나는 추세이며 이런 공격에 대하여 적절하게 실시간 탐지 및 대응 처리하는 침입방지시스템(IPS: Intrusion Prevention System)에 대한 연구가 지속적으로 이루어지고 있다. 본 논문에서는 시스템에 허락을 얻지 않은 서비스 거부 공격(Denial of Service Attack) 기술 중 TCP의 신뢰성 및 연결 지향적 전송서비스로 종단간에 이루어지는 3-Way Handshake를 이용한 Syn Flooding Attack에 대하여 침입시도패킷 정보를 수집, 분석하고 퍼지인식도(FCM : Fuzzy Cognitive Maps)를 이용한 침입시도여부를 결정하는 네트워크 기반의 실시간 탐지 모델(Network based Real Time Scan Detection Model)을 제안한다.