• KEPCO Journal on Electric Power and Energy
• /
• v.1 no.1
• /
• pp.55-59
• /
• 2015

Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.929-931
• /
• 2016

최근에 모바일 게임을 즐기는 이용자들이 증가하고 있다. 우리나라 뿐만 아니라 전 세계적으로 모바일 게임의 인기가 식을 줄 모르고 있는 가운데 블루오션이라 불리는 중국시장을 겨냥해서 게임이 개발되고 있다. 게임의 장르는 서바이벌(생존)게임인데, pc게임시장에서는 서바이벌게임이 상위권에 많은 반면 모바일시장에서는 서바이벌 장르의 게임의 비중이 적다. 뿐만 아니라 모바일시장에는 카피캣 게임이 대다수를 차지하고 있다. 본 논문에서는 틈새시장 공략하기 위해서 서바이벌(생존)게임을 기획하고 새롭고 참신한 독자적인 모바일게임을 개발에 대한 연구를 한다. 유비쿼터스 컴퓨팅 환경에서 다양한 접속 채널과 서비스 플랫폼에 대응하는 게임의 개발도 요구 되고 있는 상황에서 본 연구에서 개발된 게임은 좋은 사례가 될 것이다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.3
• /
• pp.87-96
• /
• 2014

Hackers try to achieve their purpose in a variety of ways, such as operating own website and hacking a website. Hackers seize a large amount of private information after they have made a zombie PC by using malicious code to upload the website and it would be used another hacking. Almost detection technique is the use Snort rule. When unknown code and the patterns in IDS/IPS devices are matching on network, it detects unknown code as malicious code. However, if unknown code is not matching, unknown code would be normal and it would attack system. Hackers try to find patterns and make shellcode to avoid patterns. So, new method is needed to detect that kinds of shellcode. In this paper, we proposed a noble method to detect the shellcode by using Shannon's information entropy.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.79-86
• /
• 2013

The objective of DDoS Attacks is to simply disturb the services. In recent years, the DDoS attacks have been evolved into Multi-Vector Attacks which use diversified and mixed attacking techniques. Multi-Vector Attacks start from DDoS Attack and Malware Infection, obtain inside information, and make zombie PC to reuse for the next DDoS attacks. These forms of Multi-Vector Attacks are unable to be prevented by the existing security strategies for DDoS Attacks and Malware Infection. This paper presents an approach to effectively defend against diversified Multi-Vector attacks by using Reverse Proxy Group and PMS(Patch Management Server).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.491-498
• /
• 2014

Recently, cyber terror has been occurred frequently based on advanced persistent threat(APT) and it is very difficult to detect these attacks because of new malwares which cannot be detected by anti-virus softwares. This paper proposes and verifies the algorithms to detect the advanced persistent threat previously through real-time network monitoring and combinatorial analysis of big data log. In the future, APT attacks can be detected more easily by enhancing these algorithms and adapting big data platform.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.135-142
• /
• 2017

DDoS (Distributed Denial of Service) exhausts the target server's resources using the large number of zombie pc, As a result normal users don't access to server. DDoS Attacks steadly increase by many attacker, and almost target of the attack is critical system such as IT Service Provider, Government Agency, Financial Institution. In this paper, We will introduce the CNN (Convolutional Neural Network) of deep learning based real-time detection system for DNS amplification Attack (DNS DDoS Attack). We use the dataset which is mixed with collected data in the real environment in order to overcome existing research limits that use only the data collected in the experiment environment. Also, we build a deep learning model based on Convolutional Neural Network (CNN) that is used in pattern recognition.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.659-666
• /
• 2012

Recently, cloud computing service has become a rising issue in terms of utilizing sources more efficiently and saving costs. However, the service still has some limitations to be popularized because it lacks the verification towards security safety. In particular, the possibility to induce Denial of service is increasing as it is used as Zombie PC with exposure to security weakness of Guest OS's. This paper suggests how cloud system, which is implemented by Xen, detects intrusion caused by Denial of service using hypercall. Through the experiment, the method suggested by K-means and EM shows that two data, collected for 2 mins, 5 mins, 10mins and 20mins each, are distinguished 90% when collected for 2mins and 5mins while collected over 10mins are distinguished 100% successfully.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.135-140
• /
• 2015

The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.