• Title, Summary, Keyword: Attack Mitigation

Search Result 34, Processing Time 0.032 seconds

A DDoS Attack Test, Analysis and Mitigation Method in Real Networks (DDoS 공격 실험 결과, 분석 및 피해 완화 방안)

  • Yang, Jin-Seok;Kim, Hyoung-Chun;Chung, Tai-Myoung
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.3
    • /
    • pp.125-132
    • /
    • 2013
  • In this paper, We send DDoS(Distributed Denial of Service) attack traffic to real homepages in real networks. We analyze the results of DDoS attack and propose mitigation method against DDoS Attacks. In order to analyze the results of DDoS Attacks, We group three defense level by administrative subjects: Top level defense, Middle level defense, Bottom level defense. Also We group four attack methods by feature. We describe the results that average of attack success rate on defense level and average of attack success rate on attack categories about 48ea homepages and 2ea exceptional cases. Finally, We propose mitigation method against DDoS attack.

Theoretical Performance Analysis between Attack Prevention Schemes and Attack Mitigation Schemes (공격차단 기법과 공격경감 기법 간 이론적 성능 분석)

  • Ko Kwang-Sun;Eom Young-Ik
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.43 no.7
    • /
    • pp.84-92
    • /
    • 2006
  • To defeat abnormal traffic driven by DoS (Denial-of-Service) or DDoS (Distributed DoS), there has been a variety of researches or studies in a few decades. In this paper, we present the results of theoretical performance analysis between attack prevention schemes and attack mitigation schemes. The former is a scheme that prevents abnormal incoming traffic from forwarding into a specific network based on filtering rules, and the latter is a scheme that makes some perimeter or intermediate routers, which exist on the traffic forwarding path, prevent abnormal traffic based on their own abnormal traffic information, or that mitigates abnormal traffic by using quality-of-service mechanisms at the gateway of the target network. The aspects of theoretical performance analysis are defined as the transit rates of either normal traffic or false-positive traffic after an attack detection routine processes its job, and we also present the concrete network bandwidth rates to control incoming traffic.

New Distributed SDN Framework for Mitigating DDoS Attacks (DDoS 공격 완화를 위한 새로운 분산 SDN 프레임워크)

  • Alshehhi, Ahmed;Yeun, Chan Yeob;Damiani, Ernesto
    • The Transactions of The Korean Institute of Electrical Engineers
    • /
    • v.66 no.12
    • /
    • pp.1913-1920
    • /
    • 2017
  • Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

A Study on DDoS Attack Mitigation Technique in MANET (MANET 환경에서 DDoS 공격 완화 기법에 관한 연구)

  • Yang, Hwan-Seok;Yoo, Seung-Jae
    • Convergence Security Journal
    • /
    • v.12 no.1
    • /
    • pp.3-8
    • /
    • 2012
  • MANET composed wireless nodes without fixed infrastructure provides high flexibility, but it has weak disadvantage to various attack. It has big weakness to DDoS attack because every node perform packet forwarding especially. In this paper, packet transmission information control technique is proposed to reduce damage of DDoS attack in MANET and search location of attacker when DDoS attacks occur. Hierarchical structure using gateway node is adopted for protect a target of attack in this study. Gateway node in cluster is included like destination nodes surely when source nodes route path to destination nodes and it protects destination nodes. We confirmed efficiency by comparing proposed method in this study with CUSUM and measured the quantity consumed memory of cluster head to evaluate efficiency of information control using to location tracing.

A Moving Window Principal Components Analysis Based Anomaly Detection and Mitigation Approach in SDN Network

  • Wang, Mingxin;Zhou, Huachun;Chen, Jia
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.8
    • /
    • pp.3946-3965
    • /
    • 2018
  • Network anomaly detection in Software Defined Networking, especially the detection of DDoS attack, has been given great attention in recent years. It is convenient to build the Traffic Matrix from a global view in SDN. However, the monitoring and management of high-volume feature-rich traffic in large networks brings significant challenges. In this paper, we propose a moving window Principal Components Analysis based anomaly detection and mitigation approach to map data onto a low-dimensional subspace and keep monitoring the network state in real-time. Once the anomaly is detected, the controller will install the defense flow table rules onto the corresponding data plane switches to mitigate the attack. Furthermore, we evaluate our approach with experiments. The Receiver Operating Characteristic curves show that our approach performs well in both detection probability and false alarm probability compared with the entropy-based approach. In addition, the mitigation effect is impressive that our approach can prevent most of the attacking traffic. At last, we evaluate the overhead of the system, including the detection delay and utilization of CPU, which is not excessive. Our anomaly detection approach is lightweight and effective.

Further Analyzing the Sybil Attack in Mitigating Peer-to-Peer Botnets

  • Wang, Tian-Zuo;Wang, Huai-Min;Liu, Bo;Ding, Bo;Zhang, Jing;Shi, Pei-Chang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.10
    • /
    • pp.2731-2749
    • /
    • 2012
  • Sybil attack has been proved effective in mitigating the P2P botnet, but the impacts of some important parameters were not studied, and no model to estimate the effectiveness was proposed. In this paper, taking Kademlia-based botnets as the example, the model which has the upper and lower bound to estimate the mitigating performance of the Sybil attack is proposed. Through simulation, how three important factors affect the performance of the Sybil attack is analyzed, which is proved consistent with the model. The simulation results not only confirm that for P2P botnets in large scale, the Sybil attack is an effective countermeasure, but also imply that the model can give suggestions for the deployment of Sybil nodes to get the ideal performance in mitigating the P2P botnet.

Cyber attack taxonomy for digital environment in nuclear power plants

  • Kim, Seungmin;Heo, Gyunyoung;Zio, Enrico;Shin, Jinsoo;Song, Jae-gu
    • Nuclear Engineering and Technology
    • /
    • v.52 no.5
    • /
    • pp.995-1001
    • /
    • 2020
  • With the development of digital instrumentation and control (I&C) devices, cyber security at nuclear power plants (NPPs) has become a hot issue. The Stuxnet, which destroyed Iran's uranium enrichment facility in 2010, suggests that NPPs could even lead to an accident involving the release of radioactive materials cyber-attacks. However, cyber security research on industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) systems is relatively inadequate compared to information technology (IT) and further it is difficult to study cyber-attack taxonomy for NPPs considering the characteristics of ICSs. The advanced research of cyber-attack taxonomy does not reflect the architectural and inherent characteristics of NPPs and lacks a systematic countermeasure strategy. Therefore, it is necessary to more systematically check the consistency of operators and regulators related to cyber security, as in regulatory guide 5.71 (RG.5.71) and regulatory standard 015 (RS.015). For this reason, this paper attempts to suggest a template for cyber-attack taxonomy based on the characteristics of NPPs and exemplifies a specific cyber-attack case in the template. In addition, this paper proposes a systematic countermeasure strategy by matching the countermeasure with critical digital assets (CDAs). The cyber-attack cases investigated using the proposed cyber-attack taxonomy can be used as data for evaluation and validation of cyber security conformance for digital devices to be applied, and as effective prevention and mitigation for cyber-attacks of NPPs.

Utilizing OpenFlow and sFlow to Detect and Mitigate SYN Flooding Attack

  • Nugraha, Muhammad;Paramita, Isyana;Musa, Ardiansyah;Choi, Deokjai;Cho, Buseung
    • Journal of Korea Multimedia Society
    • /
    • v.17 no.8
    • /
    • pp.988-994
    • /
    • 2014
  • Software Defined Network (SDN) is a new technology in computer network area which enables user to centralize control plane. The security issue is important in computer network to protect system from attackers. SYN flooding attack is one of Distributed Denial of Service attack methods which are popular to degrade availability of targeted service on Internet. There are many methods to protect system from attackers, i.e. firewall and IDS. Even though firewall is designed to protect network system, but it cannot mitigate DDoS attack well because it is not designed to do so. To improve performance of DDOS mitigation we utilize another mechanism by using SDN technology such as OpenFlow and sFlow. The methodology of sFlow to detect attacker is by capturing and sum cumulative traffic from each agent to send to sFlow collector to analyze. When sFlow collector detect some traffics as attacker, OpenFlow controller will modify the rule in OpenFlow table to mitigate attacks by blocking attack traffic. Hence, by combining sum cumulative traffic use sFlow and blocking traffic use OpenFlow we can detect and mitigate SYN flooding attack quickly and cheaply.

Mitigating Cache Pollution Attack in Information Centric Mobile Internet

  • Chen, Jia;Yue, Liang;Chen, Jing
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.11
    • /
    • pp.5673-5691
    • /
    • 2019
  • Information centric mobile network can significantly improve the data retrieving efficiency by caching contents at mobile edge. However, the cache pollution attack can affect the data obtaining process severely by requiring unpopular contents deliberately. To tackle the problem, we design an algorithm of mitigating cache pollution attacks in information centric mobile network. Particularly, the content popularity distribution statistic is proposed to detect abnormal behavior. Then a probabilistic caching strategy based on abnormal behavior is applied to dynamically maintain the steady-state distribution for content visiting probability and achieve the purpose of defense. The experimental results show that the proposed scheme can achieve higher request hit ratio and smaller latency for false locality content pollution attack than the CacheShield approach and the baseline approach where no mitigation approach is applied.