• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.3011-3019
• /
• 1999

Denial of service is about knocking off services, without permission for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved. This paper analyses system-based inside denial of services attack(DoS) and system metric for performance of each machine provided. And formalize the conclusions results in ways that clearly expose the performance impact of those observations. So, we present new approach. It is detecting DoS attack using performance signature for system and program behavior. We present new approach. It is detecting DoS attack using performance signature for system and program behavior. We believe that metric will be to guide to automated development of a program to detect the attack. As a results, we propose the AIDPS(Architecture for Intrusion Detection using Performance Signature) model to detect DoS attack using performance signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.71-82
• /
• 2005

Though there are many authentication protocols for RFID system, only a few protocols support location privacy. Because of tag's hardware limitation, these protocols suffer from many security threats, especially from DoS (Denial of Service) attack. In this paper, we explain location privacy problem and show vulnerabilities of RFID authentication protocols. And then, we suggest an authentication protocol that is strong against location tracing, spoofing attack and DoS attack

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2002.05a
• /
• pp.252-255
• /
• 2002

As more critical services are provided in the internet, the risk to these services from malicious users increases. Several networks have experienced problems like Denial of Service(DoS) attacks recently. We analyse a network-based denial of service attack, which is called SYM flooding, to TCP-based networks. It occurs by an attacker who sends TCP connection requests with spoofed source address to a target system. Each request causes the targeted system to send instantly data packets out of a limited pool of resources. Then the target system's resources are exhausted and incoming TCP port connections can not be established. The paper is concerned with a detailed analysis of TCP SYN flooding denial of service attack. In this paper, we propose a Real Time Scan Detector(RTSD) mechanism and evaluate it\`s Performance.

• KEPCO Journal on Electric Power and Energy
• /
• v.1 no.1
• /
• pp.55-59
• /
• 2015

Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.709-711
• /
• 2003

현재 사용되어지는 컴퓨터 통신 프로토콜(OSI 7 layer reference model)은 구조적인 문제점을 들어내고 있다. 이런 문제점 때문에, 해커들은 수많은 패킷들을 생성시키는 Denial of Service(DoS) 공격과 Distributed Denial of Service(DDoS) 공격을 사용하여 한 호스트나 한 네트워크 자원에 치명적인 악영향을 미친다. 특정한 TCP 포트나 UDP 포트에 공격을 가하는 경우에는 룰 기반의 침입탐지 시스템(IDS)이 탐지 해낼 수 있지만 다른 임의의 포트에 공격을 가하게 되연 IDS는 이것을 탐지하지 못한다. 따라서 우리는 잉의의 포트에 DoS나 DDoS 공격들이 일어났을 때 이 공격들을 탐지할 수 있는 모델을 설계하였다.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1913-1920
• /
• 2017

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.660-663
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

• Journal of Multimedia Information System
• /
• v.7 no.2
• /
• pp.125-136
• /
• 2020

Nowadays, cloud computing is becoming more popular among companies. However, the characteristics of cloud computing such as a virtualized environment, constantly changing, possible to modify easily and multi-tenancy with a distributed nature, it is difficult to perform attack detection with traditional tools. This work proposes a solution which aims to collect traffic packets data by using Flume and filter them with Spark Streaming so it is possible to only consider suspicious data related to HTTP Slow Rate Denial-of-Service attacks and reduce the data that will be stored in Hadoop Distributed File System for analysis with the FP-Growth algorithm. With the proposed system, we also aim to address the difficulties in attack detection in cloud environment, facilitating the data collection, reducing detection time and enabling an almost real-time attack detection.

• ETRI Journal
• /
• v.44 no.2
• /
• pp.346-354
• /
• 2022

The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.67-74
• /
• 2022

One type of network security breach is the availability breach, which deprives legitimate users of their right to access services. The Denial of Service (DoS) attack is one way to have this breach, whereas using the Intrusion Detection System (IDS) is the trending way to detect a DoS attack. However, building IDS has two challenges: reducing the false alert and picking up the right dataset to train the IDS model. The survey concluded, in the end, that using a real dataset such as MAWILab or some tools like ID2T that give the researcher the ability to create a custom dataset may enhance the IDS model to handle the network threats, including DoS attacks. In addition to minimizing the rate of the false alert.