• The Journal of the Korea Contents Association
• /
• v.3 no.4
• /
• pp.48-54
• /
• 2003

Recently it frequently occur that remote host or network device breaks down because of various traffic flooding attacks. This kind of attack is classified an one of the most serious attacks of it can be used to a need of other hackings. This research is gathering system's informations for detecting a traffic flooding attack using the SNMP MIB. We analyze the traffic characteristic applying the critical value commonly used in analytical procedure of traffic flooding attacks. As a result or this analysis, traffic flooding attacks have a special character of its on. The proposed algorithm in this paper would be more available to a previous detecting method and a previous protecting method.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.127-134
• /
• 2011

Malicious botnet has been used for more malicious activities, such as DDoS attacks, sending spam messages, steal personal information, etc. To prevent this, many studies have been preceded. But malicious botnets have evolved and evaded detection systems. In particular, HTTP GET Request attack that exploits the vulnerability of the application layer is used. ALAB of ALADDIN proposed by ETRI is DDoS attack detection system that HTTP GET, Incomplete GET request flooding attack detection algorithm is applied. In this paper, we extend Incomplete GET detection algorithm of ALAB and derive the optimal configuration parameters to verify the validity of the algorithm ALAB by the study of the normal and attack packets.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.935-938
• /
• 2008

DoS/DDoS 공격과 웜 공격으로 대표되는 트래픽 폭주 공격은 그 특성상 사전 차단이 어렵기 때문에 빠르고 정확한 탐지는 공격 탐지 시스템이 갖추어야 할 필수요건이다. 기존의 SNMP MIB 기반 트래픽 폭주공격 탐지 방법은 1 분 이상의 탐지 시간을 요구하였다. 본 논문은 SNMP MIB 객체의 상관 관계를 이용한 빠른 트래픽 폭주 공격 탐지 알고리즘을 제안한다. 또한 빠른 탐지 시간으로 발생되는 시스템의 부하와 탐지 트래픽을 최소화하는 방안도 함께 제시한다. 공격 탐지 방법은 3 단계로 구성되는데, 1 단계에서는 MIB 정보의 갱신주기를 바탕으로 탐지 시점을 결정하고, 2 단계에서는 MIB 정보간의 상관 관계를 이용하여 공격의 징후를 판단하고, 3 단계에서는 프로토콜 별 상세 분석을 통하여 공격 탐지뿐만 아니라 공격 유형까지 판단한다. 따라서 빠르고 정확하게 공격을 탐지할 수 있고, 공격 유형을 분류해 낼 수 있어 신속한 대처가 가능해 질 수있다.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.13 no.2
• /
• pp.148-153
• /
• 2003

A DoS(Denial of Service) attack appears in the form of the intrusion attempt and Syn Flooding attack is a typical example. The Syn Flooding attack takes advantage of the weak point of 3-way handshake between the end-points of TCP which is the connection-oriented transmission service and has the reliability This paper proposes a NIIP(Network based Intelligent Intrusion Prevention) model. This model captures and analyzes the packet informations for the detection of Syn Flooding attack. Using the result of analysis of decision module, the decision module, which utilizes FCM(Fuzzy Cognitive Maps), measures the degree of danger of the DoS and trains the response module to deal with attacks. This model is a network based intelligent intrusion prevention model that reduces or prevents the danger of Syn Flooding attack.

• Journal of Korea Multimedia Society
• /
• v.15 no.2
• /
• pp.258-265
• /
• 2012

Our country is suffering from many human victims and property damages caused to occur great and small tidal waves in southern areas every year. Even though there were progressing many researches for storm surges, it was required more researches for detection of tidal wave and prevention system of its which can be applied in practical living fields. In this paper, we propose the disaster prevention system that can approximately detect a dangerousness of coast flooding and number of overtopping per time based on images of CCTV considering actual field application. And if it is detected a hazard of flooding of coast, the proposed detection system for tidal wave based GIS is quickly informed the areas of flooding to manager. The analyzing results of CCTV image of this proposed are derived from difference images between photos of fine day and photos or videos which are taken for the typhoon which is called "DIANMU" at our laboratory.

• 제어로봇시스템학회:학술대회논문집
• /
• 2002.10a
• /
• pp.35.4-35
• /
• 2002

$\textbullet$ Intrusion Detection Algorithm based on Artificial Immune System 1. Introduction 2. Research Background 3. The adaptation algorithm of SYN flooding attack 4. SIMULATION 5. Conclusion 6. References

• Proceedings of the Korea Contents Association Conference
• /
• 2003.11a
• /
• pp.109-112
• /
• 2003

A traffic flooding attack is an attack type that interfere with normal service by running out network bandwidth, process throughput, and system resource. It can be recognized intuitively by network slowdown, connect impossibility state and detected more exactly by collecting and analyzing packets that generate traffic flooding. In this paper, the packet analysis scheme is proposed for the more precise detection.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.971-974
• /
• 2011

본 논문에서는 대용량 네트워크에 비정상적인 트래픽이 유입이 되거나 나가는 경우 패킷 기반의 비정상 트래픽의 탐지와 분석이 가능토록 하는 시스템을 설계하고 구현하였다. 본 논문에서 구현한 시스템은 네트워크상의 이상 행위를 탐지하기 위하여, DDoS HTTP Get Flooding 공격 탐지 알고리즘을 적용하고, NetFPGA를 이용하여 라우터 단에서 패킷을 모니터링하며 공격을 탐지한다. 본 논문에서 구현한 시스템은 Incomplete Get 공격 타입의 Slowloris 봇과, Attack Type-2 공격 타입의 BlackEnergy, Netbot Vip5.4 봇에 높은 탐지율을 보였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.626-628
• /
• 2011

인터넷이 발전함에 따라 기존의 PSTN(Public Switch Telephone Network)망이 감소하고 VoIP 서비스가 증가하고 있다. VoIP 서비스가 기존의 인터넷을 기반으로 서비스가 되어 보안문제까지 같이 떠안게 되었다. 이에 VoIP상의 다양한 공격에 대한 분석 및 효율적인 탐지 방법이 연구 되고 있다. 본 연구에서는 공격 중에서 SIP 상에서의 INVITE Flooding 공격에 대해 분석하고, 기존의 탐지 알고리즘을 연구하여 오탐율이 개선된 탐지 알고리즘을 제안한다.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.37-48
• /
• 2008

VoIP service is a transmission of voice data using SIP protocol on IP based network, The SIP protocol has many advantages such as providing IP based voice communication and multimedia service with cheap communication cost and so on. Therefore the SIP protocol spread out very quickly. But, SIP protocol exposes new forms of vulnerabilities on malicious attacks such as Message Flooding attack and protocol parsing attack. And it also suffers threats from many existing vulnerabilities like on IP based protocol. In this paper, we propose a new Virtual Proxy Server system in front of the existed Proxy Server for anomaly detection of SIP attack and stateful management of SIP session with enhanced security. Based on stateful virtual proxy server, out solution shows promising SIP Message Flooding attack verification and detection performance with minimized latency on SIP packet transmission.