DOI QR코드

DOI QR Code

Wireless DDoS Attack Detection and Prevention Mechanism using Packet Marking and Traffic Classification on Integrated Access Device

IAD 기반 패킷 마킹과 유무선 트래픽 분류를 통한 무선 DDoS 공격 탐지 및 차단 기법

  • 조제경 (한신대학교 컴퓨터공학부) ;
  • 이형우 (한신대학교 컴퓨터공학부) ;
  • 박영준 (청강문화산업대학 물류유통정보과)
  • Published : 2008.06.28

Abstract

When DDoS attack is achieved, malicious host discovering is more difficult on wireless network than existing wired network environment. Specially, because wireless network is weak on wireless user authentication attack and packet spoofing attack, advanced technology should be studied in reply. Integrated Access Device (IAD) that support VoIP communication facility etc with wireless routing function recently is developed and is distributed widely. IAD is alternating facility that is offered in existent AP. Therefore, advanced traffic classification function and real time attack detection function should be offered in IAD on wireless network environment. System that is presented in this research collects client information of wireless network that connect to IAD using AirSensor. And proposed mechanism also offers function that collects the wireless client's attack packet to monitoring its legality. Also the proposed mechanism classifies and detect the attack packet with W-TMS system that was received to IAD. As a result, it was possible for us to use IAD on wireless network service stably.

Keywords

DDoS;AD;Wired-Wireless Classification;Packet Mark;W-TMS;AirSensor

References

  1. Y. X. Lim, T. Schmoyer, H. Levine, and H. L. Owen, "Wireless Intrusion Detection and Response," Proceedings of the 2003 IEEE Workshop on Information Assurance, pp.68-75, 2003. https://doi.org/10.1109/SMCSIA.2003.1232403
  2. R. Fleck and J. Dimov, "Wireless Access Points and ARP Poisoning: Wireless vulnerabilities that expose the wired network," 2001.
  3. http://snort-wireless.org/
  4. R. Beyah, S. Kangude, G. Yu, B. Strickland, and J. Copeland, "Rogue Access Point Detection Using Temporal Traffic Characteristics," Proceedings of IEEE GLOBECOM, 2004. https://doi.org/10.1109/GLOCOM.2004.1378413
  5. 신승원, 오진태, 김기영, 장종수, "인터넷 웜 공격 탐지 방법 동향", 전자통신동향분석, Vol.20, No.1, pp.9-16, 2005.
  6. J. Branch, N. Petroni, V. Doorn, and D. Safford, "Autonomic 802.11 Wireless LAN Security Auditing," IEEE Security & Privacy, 2004. https://doi.org/10.1109/MSP.2004.4
  7. W. Wei, B. Wang, C. Zhang, J. Kurose, and D. Towsley, "Classification of Access Network Types: Ethernet, Wireless LAN, ADSL, Cable Modem or Dialup ?" Proceedings of IEEE INFOCOM, pp.1060-1071, 2005. https://doi.org/10.1109/INFCOM.2005.1498334
  8. S. J. Scott, "Threat Management Systems, The State of Intrusion Detection," SNORT, 2002.
  9. M. Lynn and R. Baird, "Airjack: a device driver for 802.11 raw frame injection and reception," 2003.
  10. V. Navda, A. Bohra, and S. Ganguly, "Using Channel Hopping to Increase 802.11 Resilience to Jamming Attacks," IEEE Infocom Minisymposium, 2007. https://doi.org/10.1109/INFCOM.2007.314
  11. J. Y. Jung, S. Schechter, and Arthur W. Berger, "Fast Detection of Scanning Worm Infections," RAID 2004, Sophia Antipolis French, 2004(10).
  12. C. Z. Cliff, G. Weibo, and T. Don, "Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense," ACM WORMS '03, Washington DC, USA, 2003(10).
  13. R. David, "Message Queues," The Linux Kernel, 2001.
  14. 윤종호, 무선 LAN 보안프로토콜, 교학사, 2005
  15. IEEE Standards, "IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements," Retrieved on 2007.