• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.7B
• /
• pp.592-600
• /
• 2008

In this paper, a Hybrid Scaling based DTW (HS-DTW) mechanism is proposed for detection of periodic shrew TCP attacks. A low-rate TCP attack which is a type of shrew DoS (Denial of Service) attacks, was reported recently, but it is difficult to detect the attack using previous flooding DoS detection mechanisms. A pattern matching method with DTW (Dynamic Time Warping) as a type of defense mechanisms was shown to be reasonable method of detecting and defending against a periodic low-rate TCP attack in an input traffic link. This method, however, has the problem that a legitimate link may be misidentified as an attack link, if the threshold of the DTW value is not reasonable. In order to effectively discriminate between attack traffic and legitimate traffic, the difference between their DTW values should be large as possible. To increase the difference, we analyze a critical problem with a previous algorithm and introduce a scaling method that increases the difference between DTW values. Four kinds of scaling methods are considered and the standard deviation of the sampling data is adopted. We can select an appropriate scaling scheme according to the standard deviation of an input signal. This is why the HS-DTW increases the difference between DTW values of legitimate and attack traffic. The result is that the determination of the threshold value for discrimination is easier and the probability of mistaking legitimate traffic for an attack is dramatically reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.3-10
• /
• 2004

A Wireless Lan has an importance of access control, because we can use wireless Internet via AP(Access Point). Moreover, to use wireless LAN, we will go through authentication process of EAP. DoS(Denial of Service) attack is one of the fatal attack about these AP access and authentication process. That is, if malicious attacker keeps away access of AP or consumes memory of server and calculation ability of CPU and etc. compulsorily in authentication process, legal user can't get any services. In this paper, we presents the way of protection against the each attack that is classified into access control, allocation of resource, attack on authentication protocol. The first thing, attack to access control, is improved by pre-verification and the parameter of security level. The second, attack of allocation of resource, is done by partial stateless protocol. And the weak of protocol is done by time-stamp and parameter of access limitation.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.614-621
• /
• 2022

This paper proposes RIDS (Random Forest-Based Intrusion Detection), which is an intrusion detection system to detect hacking attack based on random forest. RIDS detects three typical attacks i.e. DoS (Denial of service) attack, fuzzing attack, and spoofing attack. It detects hacking attack based on four parameters, i.e. time interval between data frames, its deviation, Hamming distance between payloads, and its diviation. RIDS was designed in memory-centric architecture and node information is stored in memories. It was designed in scalable architecture where DoS attack, fuzzing attack, and spoofing attack can be all detected by adjusting number and depth of trees. Simulation results show that RIDS has 0.9835 accuracy and 0.9545 F1 score and it can detect three attack types effectively.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1327-1330
• /
• 2005

서비스 거부공격(Denial of Sevice)이란 서버의 자원을 고갈시켜 더이상 정상적인 서비스를 할 수 없도록 하는 공격이다. DoS 공격 중에서 SYN Flooding DoS Attack을 받은 웹 서버는 외부로부터 들어온 공격 패킷에 의해 back log를 소모하게 된다. 그 결과 정상적인 연결 요청에 대해 서비스를 제공하지 못하게 된다. Dos 공격에 관한 다양한 연구가 진행되고 있지만, 본 논문에서는 서비스 거부공격이 TCP 상태 전이에 미치는 영향에 관한 연구를 하였다. 웹 서버의 Tcp 상태정보를 얻기 위해 GetTcpinfo 프로세스를 실행한 후 정상적인 접속을 시도해 보고 정상적인 접속이 진행되고 있는 상태에서 DoS 공격을 시도한다. GetTcpinfo 프로세스에 의해 파일로 저장된 TCP 상태전이 값을 분석하여 DoS 공격이 TCP 상태 전이에 미치는 영향에 대해 알아본다.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.41-48
• /
• 2019

In 2018, Cui et al proposed a three-factor remote user authentication scheme using biometrics. Cui et al claimed that their authentication scheme is vulnerable to eavesdropping attack, stolen smart card attack, and especially Dos(denial-of-service) attack. Also they claimed that it is safe to password guessing attack, impersonation attack, and anonymity attack. In this paper, however, we analyze Cui et al's authentication scheme and show that it is vulnerable to replay attack, insider attack, stolen smart card attack, and user impersonation attack, etc. In addition, we present the design flaws in Cui et al's authentication scheme as well.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.629-630
• /
• 2009

센서 네트워크에 대한 보안은 일반 네트워크와 동일하게 보안성, 무결성, 가용성 등이 요구된다. 그러나 일반적으로 센서 네트워크는 무선 통신을 하는 네트워크이고, 고정된 인프라가 없으며, 네트워크 토폴로지가 자주 변하는 특징으로 인해 보안문제는 어려운 것으로 인식되고 있다. 특히, 센서 노드의 에너지와 같은 자원 고갈을 유발하여 정상적인 동작을 못하게 하는 서비스 거부(Denial of Service, DoS)와 같은 공격에 취약하다. 본 논문에서는 센서 네트워크의 구성을 분석하고, 이를 바탕으로 발생할 수 있는 DoS 공격 유형을 분석한다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.4
• /
• pp.63-72
• /
• 2010

This paper proposes a new authentication protocol for the LR-WPAN. In order to guarantee the reliability and safety of a protocol, this protocol uses the hierarchical authentication approach. In addition, in order to reduce the impact of the denial of service attack, the proposed protocol performs the authentication between a parent router and a joiner device prior to the authentication between a trust center and the joiner device. Moreover, this protocol reduces the authentication delay by decreasing the number of message exchanges during authentication procedure. This paper evaluates the safety of the proposed protocol by the security analysis and reliability of the proposed protocol by the GNY analysis. This paper also compares the number of message exchanges of the ZigBee authentication protocol and the proposed protocol when denial of service attack occurs to evaluate the resistance of the proposed protocol against the denial of service attack. We also analyze the delay for authentication of the joiner device through the implementation of both protocols. Those results show that the proposed protocol effectively protects networks from the denial of service attack and reduces the time for authenticating the joiner device up to maximum 30% as the number of hops increases.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2651-2673
• /
• 2019

In order to detect Denial of Service (DoS) attacks, victim-side detection methods are used popularly such as static threshold-based method and machine learning-based method. However, as DoS attacking methods become more sophisticated, these methods reveal some natural disadvantages such as the late detection and the difficulty of tracing back attackers. Recently, in order to mitigate these drawbacks, source-side DoS detection methods have been researched. But, the source-side DoS detection methods have limitations if the volume of attack traffic is relatively very small and it is blended into legitimate traffic. Especially, with the subtle attack traffic, DoS detection methods may suffer from high false positive, considering legitimate traffic as attack traffic. In this paper, we propose an effective source-side DoS detection method with traffic seasonality aware adaptive threshold. The threshold of detecting DoS attack is adjusted adaptively to the fluctuated legitimate traffic in order to detect subtle attack traffic. Moreover, by understanding the seasonality of legitimate traffic, the threshold can be updated more carefully even though subtle attack happens and it helps to achieve low false positive. The extensive evaluation with the real traffic logs presents that the proposed method achieves very high detection rate over 90% with low false positive rate down to 5%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.11-24
• /
• 2012

Without a proper protection mechanism for the signaling messages to be used for the mobility support in the Proxy Mobile IPv6 (PMIPv6), it is also vulnerable to several security attacks such as redirect attack, MITM (Man-In-The-Middle) attack, replay attack and DoS (Denial of Service) attack as in Mobile IPv6. In this paper, we point out some problems of previous authentication mechanisms associated with PMIPv6, and also propose a new fast and secure authentication mechanism applicable to PMIPv6. In addition, it is also shown that the proposed one is more efficient and secure than the previous ones.