• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.809-817
• /
• 2012

One of the OSI 7 Layer DDoS Attack, HTTP POST DDoS can deny legitimate service by web server resource depletion. This Attack can be executed with less network traffic and legitimate TCP connections. Therefore, It is difficult to distinguish DDoS traffic from legitimate users. In this paper, I propose an anomaly HTTP POST traffic detection algorithm and http each page Content-Length field size limit with defense method for HTTP POST DDoS attack. Proposed method showed the result of detection and countermeasure without false negative and positive to use the r-u-dead-yet of HTTP POST DDoS attack tool and the self-developed attack tool.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06a
• /
• pp.124-127
• /
• 2008

DoS/DDoS로 대표되는 트래픽 폭주 공격은 대상 시스템뿐만 아니라 네트워크 대역폭, 프로세서 처리능력, 시스템 자원 등에 악영향을 줌으로써 네트워크에 심각한 장애를 유발할 수 있다. 따라서 신속한 트래픽 폭주 공격의 탐지는 안정적인 서비스 제공 및 시스템 운영에 필수요건이다. 전통적인 패킷 수집을 통한 DoS/DDoS의 탐지방법은 공격에 대한 상세한 분석은 가능하나 설치의 확장성 부족, 고가의 고성능 분석시스템의 요구, 신속한 탐지를 보장하지 못한다는 문제점을 갖고 있다. 본 논문에서는 15초 단위의 SNMP MIB 객체 정보를 바탕으로 SVDD(support vector data description)를 이용하여 보다 빠르고 정확한 침입탐지와 쉬운 확장성, 저비용탐지 및 정확한 공격유형별 분류를 가능케 하는 새로운 시스템을 설계 및 구현하였다. 실험을 통하여 만족스러운 침입 탐지율과 안전한 false negative rate, 공격유형별 분류율 수치 등을 확인함으로써 제안된 시스템의 성능을 검증하였다.

• Proceedings of the KSRS Conference
• /
• 2008.10a
• /
• pp.188-191
• /
• 2008

The Tonle Sap, Cambodia, is a huge lake and periodically flooded due to monsoon climate. The incoming water causes intensive flooding that expands the lake over vast floodplain and wetland consisting mainly of forests and shrubs. Monitoring the water-level change over the floodplain is essential for flood prediction and water resource management. A main objective of this study is flood monitoring over Tonle Sap area using ALOS PALSAR. To study double-bounce effects in the lake, backscattering effect using ALOS PALSAR dual-polarization (HH, HV) data was examined. InSAR technique was applied for detection of water-level change. HH-polarization interferometric pairs between wet and dry seasons were best to measure water level change around northwestern parts of Tonle Sap. The seasonal pattern of water-level variations in Tonle Sap studied by InSAR method is similar to the past and altimeter data. However, water level variation measured by SAR was much smaller than that by altimeter because the DInSAR measurement only represents water level change at a given region of floodplain while altimeter provides water level variation at the central parts of the lake.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.9
• /
• pp.3449-3467
• /
• 2015

A broadcast operation is the fundamental transmission technique in mobile ad-hoc networks (MANETs). Because a broadcast operation can cause a broadcast storm, only selected forwarding nodes have the right to rebroadcast a broadcast message among the one-hop and two-hop neighboring nodes of a sender. This paper proposes the maximum intersection self-pruning (MISP) algorithm to minimize broadcasting redundancy. Herein, an example is given to help describe the main concept of MISP and upper bounds of forward node have been derived based on induction. A simulation conducted demonstrated that when conventional blind flooding (BF), self-pruning (SP), an optimized link state routing (OLSR) multipoint relay (MPR) set, and dominant pruning (DP), are replaced with the MISP in executing Strong duplicate address detection (DAD), the performances in terms of the energy consumption, upper bounds of the number of forward nodes, and message complexity have been improved. In addition, to evaluate the performance in reference to the link error probability, P_e, an enhancement was achieved by computing a proposed retransmission limit, S, for error recovery based on this probability. Retransmission limit control is critical for efficient energy consumption of MANET nodes operating with limited portable energy where Strong DAD reacts differently to link errors based on the operational procedures.

• The Journal of the Korea Contents Association
• /
• v.5 no.6
• /
• pp.378-385
• /
• 2005

Mistaking normal packets for harmful traffic may not offer service in conformity with the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DDoS(Distributed Denial of Service) attack. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWOX and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.

• Korean Journal of Remote Sensing
• /
• v.16 no.4
• /
• pp.327-338
• /
• 2000

The forest conditions of North Korea has been a great concern since it was known to be closely related to many environmental problems of the disastrous flooding, soil erosion, and food shortage. To assess the long-term changes of forest area as well as the canopy conditions, several sources of multitemporal satellite data were applied to the study area near Kaesung. KOMPSAT-1 EOC data were overlaid with 1981 topographic map showing the boundaries of forest to assess the deforestation area. Delineation of the cleared forest was performed by both visual interpretation and unsupervised classification. For analyzing the change of forest canopy condition, multiple scenes of Landsat and SPOT data were selected. After preprocessing of the multitemporal satellite data, such as image registration and normalization, the normalized difference vegetation index (NDVI) was derived as a representation of forest canopy conditions. Although the panchromatic EOC data had radiometric limitation to classify diverse cover types, they can be effectively used t detect and delineate the deforested area. The results showed that a large portion of forest land has been cleared for the urban and agricultural uses during the last twenty years. It was also found that the canopy condition of remaining forests has not been improved for the last twenty years. It was also found that the canopy condition of remaining forests has not been improved for the last twenty years. Possible causes of the deforestation and the temporal pattern of canopy conditions are discussed.

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.413-418
• /
• 2019

Attacks on existing sensor networks include sniffing, flooding, and spoofing attacks. The basic countermeasures include encryption and authentication methods and switching methods. Wormhole attack, HELLO flood attack, Sybil attack, sinkhole attack, and selective delivery attack are the attacks on the network layer in wireless sensor network (WSN). These attacks may not be defended by the basic countmeasures mentioned above. In this paper, new countermeasures against these attacks include periodic key changes and regular network monitoring. Moreover, we present various threats (attacks) in the network layer of wireless sensor networks and new countermeasures accordingly.

• Structural Monitoring and Maintenance
• /
• v.6 no.2
• /
• pp.125-145
• /
• 2019

Bridge scour is one of the predominant causes of bridge failure. Current climate deterioration leads to increase of flooding frequency and severity and thus poses a higher risk of bridge scour failure than before. Recent studies have explored extensively the vibration-based scour monitoring technique by analyzing the structural modal properties before and after damage. However, the state-of-art of this area lacks a systematic approach with sufficient robustness and credibility for practical decision making. This paper attempts to develop a data-driven methodology for bridge scour monitoring using support vector machines. This study extracts features from the bridge dynamic responses based on a generic sensitivity study on the bridge's modal properties and selects the features that are significantly contributive to bridge scour detection. Results indicate that the proposed data-driven method can quantify the bridge scour damage with satisfactory accuracy for most cases. This paper provides an alternative methodology for bridge scour evaluation using the machine learning method. It has the potential to be practically applied for bridge safety assessment in case that scour happens.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.20-34
• /
• 2021

Today, IoT devices are flooding, and traffic is increasing rapidly. The Internet of Things creates a variety of added value through connections between devices, while many devices are easily targeted by attackers due to security vulnerabilities. In the IoT environment, security diagnosis has problems such as having to provide different solutions for different types of devices in network situations where various types of devices are interlocked, personal leakage of security solutions themselves, and high cost, etc. To avoid such problems, a TCP-based active scan was presented. However, the TCP-based active scan has limitations that it is difficult to be applied to real-time systems due to long detection times. To complement this, this study uses UDP-based approaches. Specifically, a lightweight active scan algorithm that effectively identifies devices using UPnP protocols (SSDP, MDNS, and MBNS) that are most commonly used by manufacturers is proposed. The experimental results of this study have shown that devices can be distinguished by more than twice the true positive and recall at an average time of 1524 times faster than Nmap, which has a firm position in the field.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1563-1566
• /
• 2008

본 논문에서는 데이터의 전처리과정으로 SNMP MIB 데이터에 대한 속성 부분집합의 선택 방법(attribute subset selection)을 사용하여 특징선택 및 축소(feature selection & reduction)를 실시하였다. 또한 데이터 마이닝의 대표적인 해석학적 분석 모델인 연관관계규칙기법(association rule mining)을 이용하여 트래픽 폭주 공격 및 공격유형별 SNMP MIB 데이터에 내재되어 있는 특징들을 규칙의 형태로 추출하여 분석하는 의미론적 심층해석을 실시하였다. 공격유형에 대한 패턴 규칙의 추출 및 분석은 공격이 발생한 프로토콜에 대해서만 서비스를 제한하고 관리할 수 있는 정책적 근거를 제공함으로써 보다 안정적인 네트워크 환경과 원활한 자원관리를 지원할 수 있다. 본 논문에서 제시한 트래픽 폭주 공격 및 공격유형별 데이터로부터의 자동적 특징의 규칙 추출 및 의미론적 해석방법은 침입탐지 시스템을 위한 새로운 방법론에 모멘텀을 제시할 수 있다는 긍정적인 가능성과 함께 침입탐지 및 대응시스템의 정책 수립을 지원할 수 있을 것으로 기대된다.