The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Detection Method of Distributed Denial-of-Service Flooding Attacks Using Analysis of Flow Information

플로우 분석을 이용한 분산 서비스 거부 공격 탐지 방법

  • Jun, Jae-Hyun (School of Computer Science and Engineering, Kyungpook National University) ;
  • Kim, Min-Jun (School of Computer Science and Engineering, Kyungpook National University) ;
  • Cho, Jeong-Hyun (School of Computer Science and Engineering, Kyungpook National University) ;
  • Ahn, Cheol-Woong (School of Computer Science and Engineering, Kyungpook National University) ;
  • Kim, Sung-Ho (School of Computer Science and Engineering, Kyungpook National University)
  • Received : 2014.01.08
  • Accepted : 2014.02.07
  • Published : 2014.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Today, Distributed denial of service (DDoS) attack present a very serious threat to the stability of the internet. The DDoS attack, which is consuming all of the computing or communication resources necessary for the service, is known very difficult to protect. The DDoS attack usually transmits heavy traffic data to networks or servers and they cannot handle the normal service requests because of running out of resources. It is very hard to prevent the DDoS attack. Therefore, an intrusion detection system on large network is need to efficient real-time detection. In this paper, we propose the detection mechanism using analysis of flow information against DDoS attacks in order to guarantee the transmission of normal traffic and prevent the flood of abnormal traffic. The OPNET simulation results show that our ideas can provide enough services in DDoS attack.

오늘날 DDoS 공격은 인터넷 안정성에 매우 중요한 위협을 가하고 있다. DDoS 공격은 대량의 트래픽을 네트워크에 전송함으로써 자원을 고갈시키고 정상적인 서비스 제공을 불가능하게 하며 사전 탐지가 힘들고 효율적인 방어가 매우 어렵다. 인터넷과 같은 대규모 망을 대상으로 한 네트워크 공격은 효과적인 탐지 방법이 요구된다. 그러므로 대규모 망에서 침입 탐지 시스템은 효율적인 실시간 탐지가 필요하다. 본 논문에서는 DDoS 공격에 따른 비정상적인 트래픽 범람을 방지하고 합법적인 트래픽 전송을 보장하기 위하여 플로우 정보 분석을 이용한 DDoS 공격 대응 기법을 제안한다. OPNET을 이용해 구현한 결과 DDoS 공격중에 원활한 서비스를 제공할 수 있는 것을 확인하였다.

Keywords

References

  1. Y. Xie and S. Z. Yu, "Monitoring the Application-Layer DDoS Attacks for Popular Websites," IEEE/ACM Trans on Networking, vol 17, No. 1, pp. 15-25, Feb. 2009. https://doi.org/10.1109/TNET.2008.925628
  2. H.g Noh and N. Kang, "Efficient Buffer Management Scheme for Mitigating Possibility of DDoS Attack," The Journal of The Institute of Webcasting, Internet and Telecommunication, vol 12, no. 2, pp. 1-7, Apr. 2012.
  3. J. Mirkovic and P. Reiher, "A Taxonomy of DDoS Attack and DDoS Defense Mechanisms," in ACM SIGCOMM Computer Communications Review, vol. 34, no. 2, pp. 39-53, Apr. 2004.
  4. J. B. D. Cabrear, L. Lewis, X. Qin, W. Lee, R. K. Prasanth, B. Ravichandran, and R. K. Mehra, "Proactive Detection of Distributed Denial of Service Attacks using MIB Traffic Varables - A Feasibility Study," in Proc. of the IEEE/IFIP International Symposium on Integrated Network Management, pp. 609-622, May 2001.
  5. J. Yuan and K. Mills, "Monitoring the Macroscopic Effect of DDoS Flooding Attacks," in IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 4, pp. 324-335, Oct.-Dec. 2005. https://doi.org/10.1109/TDSC.2005.50
  6. J. Mirkovic, G. Prier, and P. L. Reiher, "Attacking DDoS at the Source," in Proc. of the 10th IEEE International Conference on Network Protocols, pp. 312-321, nov. 2002.
  7. H. Wang, D. Zhang, K. G. Shin, "Detecting SYN Flooding Attacks", in Proc. of IEEE INFOCOM, vol. 3, pp. 1530-1539, Jun. 2002.
  8. S. Noh, C. Lee, K. Choi, and G. Jung, "Detecting Distributed Denial of Service (DDoS) Attacks through Inductive Learning," in Lecture Notes in Computer Science, vol. 2690, pp. 286-295, 2003.
  9. S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly, "DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection," in Proc. of IEEE INFOCOM, pp. 1-13, Apr. 2006.
  10. X. Kuai, Z. Zhi, and B. Supratik, "Profiling Internet Backbone Traffic Behavior Models and Applications," ACM SIGCOMM, vol.35, no.4, pp.169-180, Oct. 2005. https://doi.org/10.1145/1090191.1080112
  11. H, K. Kim and Y. Ky Chung, "Framework for Anomaly Traffic Detection and Queue Management Component," Journal of Advanced Information Technology and Convergence, vol.7, no.3, pp.156-170, Jun. 2009.
  12. K, K. Shin, U. C. Park, and M. S. Jun, "A Design of SMS DDoS Detection and Defense Method using Counting Bloom Filter," Proceedings of the KAIS Fall Conference, vol.1, pp.53-56, May. 2011.
  13. H. Noh and N. Kang, "Efficient Buffer Management Scheme for Mitigating Possibility of DDoS Attack," The International Journal of Internet, Broadcasting and Communication, vol.12, no.2, pp.1-7, Apr. 2012.

Cited by

  1. Key-pair(Public key, Private key) conflict analysis using OpenSSL vol.15, pp.8, 2014, https://doi.org/10.5762/KAIS.2014.15.8.5294