• Title/Summary/Keyword: flooding attack

Search Result 99, Processing Time 0.024 seconds

Design and Implementation of ATP(Advanced Persistent Threat) Attack Tool Using HTTP Get Flooding Technology (HTTP Get Flooding 기술을 이용한 APT(지능적 지속 위협)공격 도구의 설계와 구현)

  • Cheon, Woo-Bong;Park, Won-Hyung;Chung, Tai-Myoung
    • The Journal of Korean Association of Computer Education
    • /
    • v.14 no.6
    • /
    • pp.65-73
    • /
    • 2011
  • As we can see from the recent cyber attack, APT(Advanced Persistent Threat) is trend of hacking attack in the World. Thus, HTTP Get Flooding attack is considered to be one of the most successful attacks in cyber attack method. In this paper, designs and implements new technique for the cyber attack using HTTP get flooding technology. also, I need a defence about DDoS attack through APT Tools.

  • PDF

A SYN flooding attack detection approach with hierarchical policies based on self-information

  • Sun, Jia-Rong;Huang, Chin-Tser;Hwang, Min-Shiang
    • ETRI Journal
    • /
    • v.44 no.2
    • /
    • pp.346-354
    • /
    • 2022
  • The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

A Study on Network based Intelligent Intrusion Prevention model by using Fuzzy Cognitive Maps on Denial of Service Attack (서비스 거부 공격에서의 퍼지인식도를 이용한 네트워크기반의 지능적 침입 방지 모델에 관한 연구)

  • Lee, Se-Yul;Kim, Yong-Soo;Sim, Kwee-Bo
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.13 no.2
    • /
    • pp.148-153
    • /
    • 2003
  • A DoS(Denial of Service) attack appears in the form of the intrusion attempt and Syn Flooding attack is a typical example. The Syn Flooding attack takes advantage of the weak point of 3-way handshake between the end-points of TCP which is the connection-oriented transmission service and has the reliability This paper proposes a NIIP(Network based Intelligent Intrusion Prevention) model. This model captures and analyzes the packet informations for the detection of Syn Flooding attack. Using the result of analysis of decision module, the decision module, which utilizes FCM(Fuzzy Cognitive Maps), measures the degree of danger of the DoS and trains the response module to deal with attacks. This model is a network based intelligent intrusion prevention model that reduces or prevents the danger of Syn Flooding attack.

Stateful Virtual Proxy for SIP Message Flooding Attack Detection

  • Yun, Ha-Na;Hong, Sung-Chan;Lee, Hyung-Woo
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.3 no.3
    • /
    • pp.251-265
    • /
    • 2009
  • VoIP service is the transmission of voice data using SIP protocol on an IP-based network. The SIP protocol has many advantages, such as providing IP-based voice communication and multimedia service with low communication cost. Therefore, the SIP protocol disseminated quickly. However, SIP protocol exposes new forms of vulnerabilities to malicious attacks, such as message flooding attack. It also incurs threats from many existing vulnerabilities as occurs for IP-based protocol. In this paper, we propose a new virtual proxy to cooperate with the existing Proxy Server to provide state monitoring and detect SIP message flooding attack with IP/MAC authentication. Based on a proposed virtual proxy, the proposed system enhances SIP attack detection performance with minimal latency of SIP packet transmission.

An Adaptive Probe Detection Model using Fuzzy Cognitive Maps

  • Lee, Se-Yul;Kim, Yong-Soo
    • Proceedings of the Korean Institute of Intelligent Systems Conference
    • /
    • 2003.09a
    • /
    • pp.660-663
    • /
    • 2003
  • The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

  • PDF

DDoS Attack Detection using SNMPGET (SNMPGET을 이용한 DDoS 공격 탐지)

  • 박한상;유대성;오창석
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2004.05a
    • /
    • pp.278-282
    • /
    • 2004
  • Recently traffic flooding attack has happened faster and faster owing to expansion of the worm attack and development of the method of traffic flooding attack. The method in the past time is problematic in detecting the recent traffic flooding attacks, which are running quickly. Therefore, this paper aims to establish the algorithm which reduces the time of detection to traffic flooding attack in collecting and analyzing traffics.

  • PDF

Design of IPv6 Based Traffic Analysis Tool (IPv6 기반 트래픽 분석 도구 설계)

  • Lee Hong-Kyu;Oh Seung-Hee;Seo Dong-Il;Oh Chang-Suk;Kim Sun-Young
    • The Journal of the Korea Contents Association
    • /
    • v.5 no.2
    • /
    • pp.115-121
    • /
    • 2005
  • In the present internet environment, various traffic flooding attacks and worm attacks cause economical loss. If IPv4 is substituted by IPv6 because of the lack of IP address, it will be more serious. Therefore, we design and implement the traffic analysis tool which can detect attacks by expecting them encountered in the IPv6 environment. Proposed tool is composed of packet generation module, packet gathering module, discrimination module, and display module in X-windows. As a simulation result, it is proved that it can effectively detect DAD-NA message attack, TCP SYN flooding attack, UDP flooding attack and ICMP flooding attack in the IPv6 environment.

  • PDF

A Protection Method using Destination Address Packet Sampling for SYN Flooding Attack in SDN Environments (SDN 환경에서의 목적지 주소별 패킷 샘플링을 이용한 SYN Flooding 공격 방어기법)

  • Bang, Gihyun;Choi, Deokjai;Bang, Sangwon
    • Journal of Korea Multimedia Society
    • /
    • v.18 no.1
    • /
    • pp.35-41
    • /
    • 2015
  • SDN(Software Defined Networking) has been considered as a new future computer network architecture and DDoS(Distributed Denial of Service) is the biggest threat in the network security. In SDN architecture, we present the technique to defend the DDoS SYN Flooding attack that is one of the DDoS attack method. First, we monitor the Backlog queue in order to reduce the unnecessary monitoring resources. If the Backlog queue of the certain server is occupied over 70%, the sFlow performs packet sampling with the server address as the destination address. To distinguish between the attacker and the normal user, we use the source address. We decide the SYN packet threshold using the remaining Backlog queue that possible to allow the number of connections. If certain sources address send the SYN packet over the threshold, we judge that this address is attacker. The controller will modify the flow table entry to block attack traffics. By using this method, we reduce the resource consumption about the unnecessary monitoring and the protection range is expanded to all switches. The result achieved from our experiment show that we can prevent the SYN Flooding attack before the Backlog queue is fully occupied.

A Efficient Detection of Traffic Flooding Attack using SNMP (SNMP를 이용한 트래픽 폭주 공격의 효율적 탐지)

  • 이홍규;김근영;유대성;오창석
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2004.05a
    • /
    • pp.273-277
    • /
    • 2004
  • In this paper, We used thresholds $\varepsilon$, $\theta$ a to improve traffic flooding attack detection method using SNMP in opposition to frequent traffic flooding attack. accordingly, we can use system resources more efficient as execute traffic analysys by threshold.

  • PDF

Detection of Traffic Flooding Attack using SNMP (SNMP를 이용한 트래픽 폭주 공격 검출)

  • 김선영;박원주;유대성;서동일;오창석
    • The Journal of the Korea Contents Association
    • /
    • v.3 no.4
    • /
    • pp.48-54
    • /
    • 2003
  • Recently it frequently occur that remote host or network device breaks down because of various traffic flooding attacks. This kind of attack is classified an one of the most serious attacks of it can be used to a need of other hackings. This research is gathering system's informations for detecting a traffic flooding attack using the SNMP MIB. We analyze the traffic characteristic applying the critical value commonly used in analytical procedure of traffic flooding attacks. As a result or this analysis, traffic flooding attacks have a special character of its on. The proposed algorithm in this paper would be more available to a previous detecting method and a previous protecting method.

  • PDF