• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.809-817
• /
• 2012

One of the OSI 7 Layer DDoS Attack, HTTP POST DDoS can deny legitimate service by web server resource depletion. This Attack can be executed with less network traffic and legitimate TCP connections. Therefore, It is difficult to distinguish DDoS traffic from legitimate users. In this paper, I propose an anomaly HTTP POST traffic detection algorithm and http each page Content-Length field size limit with defense method for HTTP POST DDoS attack. Proposed method showed the result of detection and countermeasure without false negative and positive to use the r-u-dead-yet of HTTP POST DDoS attack tool and the self-developed attack tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.39-52
• /
• 2011

An application-layer attack can effectively achieve its objective with a small amount of traffic, and detection is difficult because the traffic type is very similar to that of legitimate users. We have discovered a unique characteristic that is produced by a difference in client intention: Both a legitimate user and DDoS attacker establish a session through a 3-way handshake over the TCP/IP layer. After a connection is established, they request at least one HTTP service by a Get request packet. The legitimate HTTP user waits for the server's response. However, an attacker tries to terminate the existing session right after the Get request. These different actions can be interpreted as a difference in client intention. In this paper, we propose a detection algorithm for application layer DDoS attacks based on this difference. The proposed algorithm was simulated using traffic dump files that were taken from normal user networks and Botnet-based attack tools. The test results showed that the algorithm can detect an HTTP-Get flooding attack with almost zero false alarms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.289-299
• /
• 2024

Blockchains are not efficient for real-time processing because the growing number of transactions and users delays many computations and network communications. This study proposes a cloud proxy server, so that legitimate users can use blockchain as well as reduce network latency. To proceed with a blockchain transaction, the blockchain copy server verifies all transaction-related data, but the cloud proxy server verifies legitimate users with a simple zero-knowledge proof algorithm, enabling efficient blockchain real-time processing. The cloud proxy server can support blockchain anonymity, security, and scalability that can verify legitimate users with the proposed zero-knowledge proof by receiving the registered key pair of the blockchain user. In the proposed research analysis, blockchain-based cloud proxy server reduces network latency compared to previous studies and key processing on cloud proxy servers reduces the cost of key computation compared to previous studies.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.3 s.357
• /
• pp.33-40
• /
• 2007

In this paper, low-rate TCP attack as one of shrew attacks is considered and the scaling based dynamic time warping (S-DTW) algorithm is introduced. The low-rate TCP attack can not be detected by the detection method for the previous flooding DoS/DDoS (Denial of Service/Distirbuted Denial of Service) attacks due to its low average traffic rate. It, however, is a periodic short burst that exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and then some pattern matching mechanisms have been proposed to detect it among legitimate input flows. A DTW mechanism as one of detection approaches has proposed to detect attack input stream consisting of many legitimate or attack flows, and shown a depending method as well. This approach, however, has a problem that legitimate input stream may be caught as an attack one. In addition, it is difficult to decide a threshold for separation between the legitimate and the malicious. Thus, the causes of this problem are analyzed through simulation and the scaling by maximum auto-correlation value is executed before computing the DTW. We also discuss the results on applying various scaling approaches and using standard deviation of input streams monitored.

• Journal of The Korean Association For Science Education
• /
• v.36 no.3
• /
• pp.371-387
• /
• 2016

Learning at the elbow of scientist is a well-known educational approach to improve students' understanding of science and scientific practice. This study, in the perspective of legitimate peripheral participation in a community of practice, explores how students' scientific practice and perception could be shifted through R&E program with the development of participation. Data from participant observation for 18 months and in-depth interviews were analyzed based on constant comparative method to extract common characteristics of students' participation and major shifts in their scientific practices and perceptions. Students' development of participation was categorized into three stages: legitimate, peripheral, and full participation. In the stage of peripheral participation, students perceived themselves as mere students and showed passive engagement. They just followed the directions of researchers and didn't know what they should be doing. But through continuous participation, students showed enhanced engagement like voluntary article reading, role assignments, and establishing norms in a community of practice with the reference of scientists'. In this stage of transitional participation, students also showed a deepened perception on everyday life of scientist and the community of scientist. And finally in the stage of full participation, students showed responsibility and ownership on research and continuous efforts to refine their research. They recognized themselves as beginning scientists. With these findings, this paper highlighted the dynamic processes of students' development of scientific practices and identity through R&E participation. It also suggests implications for research programs for education, especially for students who have already articulated a science-related career but still have only foggy notions about science.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4529-4548
• /
• 2016

DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.538-543
• /
• 2009

A wiretap channel I is one of the channel models that was proved to achieve unconditional security. However, it has been an open problem in realizing such a channel model in a practical network environment. The paper is committed to solve the open problem by introducing a novel approach for building wiretap channel I in which the eavesdropper sees a binary symmetric channel (BSC) with error probability p while themain channel is error free. By taking advantage of the feedback and low density parity check (LDPC) codes, our scheme adds randomness to the feedback signals from the destination for keeping an eavesdropper ignorant; on the other hand, redundancy is added and encoded by the LDPC codes such that a legitimate receiver can correctly receive and decode the signals. With the proposed approach, unconditionallysecure communication can be achieved through interactive communications, in which the legitimate partner can realize the secret information transmission without a pre-shared secret key even if the eavesdropper has better channel from the beginning.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.7
• /
• pp.1-8
• /
• 2016

Nowadays, distributed denial of service (DDoS) attacks on web sites reward attackers financially or politically because our daily lifes tightly depends on web services such as on-line banking, e-mail, and e-commerce. One of DDoS attacks to web servers is called HTTP-GET flood attack which is becoming more serious. Most existing techniques are running on the application layer because these attack packets use legitimate network protocols and HTTP payloads; that is, network-level intrusion detection systems cannot distinguish legitimate HTTP-GET requests and malicious requests. In this paper, we propose a practical detection technique against HTTP-GET flood attacks, based on the access behavior of inline objects in a webpage using NetFlow data. In particular, our proposed scheme is working on the network layer without any application-specific deep packet inspections. We implement the proposed detection technique and evaluate the ability of attack detection on a simple test environment using NetBot attacker. Moreover, we also show that our approach must be applicable to real field by showing the test profile captured on a well-known e-commerce site. The results show that our technique can detect the HTTP-GET flood attack effectively.

• Journal of the Korean Society of Clothing and Textiles
• /
• v.32 no.11
• /
• pp.1680-1691
• /
• 2008

This study examines how the development and value of dresses shown in MBC historical dramas have changed with the overall change of the dramas. As for the research method, the second data analysis was done with literature study which was supplemented with interviews with the wardrobe team of MBC production design center. Historical dramas produced by MBC have gone through the developmental period, legitimate historical drama-oriented period, stagnant period, and historical dramas-modernized period. The value of costume in each period is as follows: Costume in the developmental period is considered only as part of drama setting. During legitimate historical drama-oriented period, it carries value as educational data and historical replica produced by historical research. Production design including costume obtains its own value in the stagnant period although the production of historical dramas decreases dramatically. And lastly, in the historical dramas-modernized period, costume starts to have commercial value as cultural contents. Historical drama costume may contain important value in terms of education and history, even though there has been controversy on TV historical dramas' role: they should focus on reproducing historical facts or they should support writers' creativity.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.17
• /
• pp.129-146
• /
• 2002

The electronic technology development have occurred in the face of existing legal barriers to legal efficacy of computer information goods, and the liberating promise of electronic transactions cannot fully realized unless there is predictability in the legal rules that govern such transactions. This study analyzes some theoretical fundamentals of the Act. First, it proposes that the Act clarify and set forth uniform legal principles applicable to computer information transactions. Secondly, it suggests that if the individual is risk averse, the acceptance set for electronic transactions will be a convex set, and that the application of the Act will make the acceptance set more expanded by lowering the probability of conflicts and by downsizing the risk averness. Thirdly, it also suggest that through the mothod of contingent commodities analysis, the application of the Act by means of its restricted regulations will give more expected utility than the absence of the Act. Fourthly, it derives some implications that the degree of legitimate restriction will be affected by the objective risk inherent to the electronic transactions, and the individual's subjective risk-averseness. Finally, it concludes that harmonization of restriction and protection of individual's rights in electronic transaction process will be a necessary condition for more efficient body of law from the law-economic perspectives.