인공지능 기술기반의 서비스거부공격 대응 위한 서비스 모델 개발 방안

김동맹(Dong-Maeong Kim),조인준(In-June Jo) 한국콘텐츠학회 2021 한국콘텐츠학회논문지 Vol.21 No.2

본 논문에서는 나날이 발전하는 대규모 서비스거부공격에 대해 고전적인 방식의 DDoS 대응시스템에서 벗어나, 4차 혁명 시대의 핵심기술 중의 하나인 인공지능 기반의 기술을 활용해 지능화된 서비스거부공격을 효율적으로 감내 할 수 있는 서비스모델 개발방안을 제안하였다. 즉, 다수의 보안장비, 웹서버로부터 수집된 다량의 데이터를 대상으로 머신러닝 인공지능 학습을 통해 서비스거부공격을 탐지하고 피해를 최소화할 수 있는 방안을 제안하였다. 특히, 인공지능기술을 활용하기 위한 모델을 개발은 일정한 트래픽 변화를 반복하며 안정적 흐름의 데이터를 전송이 이루어지다가 서비스거부공격이 발생하면 다른 양상의 데이터 흐름을 보인다는 점에 착안하여 서비스서부공격 탐지에 인공지능기술을 활용하였다. 서비스거부공격이 발생하면 확률기반의 실제 트래픽과 예측값과의 편차가 발생하기 때문에 공격성 데이터로 판단하여 대응이 가능하다. 이 논문에서는 보안장비나 서버에서 발생하는 로그를 기반으로 데이터를 분석하여 서비스거부공격 탐지모델을 설명하였다. In this thesis, we will break away from the classic DDoS response system for large-scale denial-of-service attacks that develop day by day, and effectively endure intelligent denial-of-service attacks by utilizing artificial intelligence-based technology, one of the core technologies of the 4th revolution. A possible service model development plan was proposed. That is, a method to detect denial of service attacks and minimize damage through machine learning artificial intelligence learning targeting a large amount of data collected from multiple security devices and web servers was proposed. In particular, the development of a model for using artificial intelligence technology is to detect a Western service attack by focusing on the fact that when a service denial attack occurs while repeating a certain traffic change and transmitting data in a stable flow, a different pattern of data flow is shown. Artificial intelligence technology was used. When a denial of service attack occurs, a deviation between the probability-based actual traffic and the predicted value occurs, so it is possible to respond by judging as aggressiveness data. In this paper, a service denial attack detection model was explained by analyzing data based on logs generated from security equipment or servers.

Robust Finite-horizon l2-l∞ Filtering for Discrete-time Nonhomogeneous Markovian Jump Systems Under Denial-of-service Attacks

Quangui He,Zhiwei Shi,Dingli Wu,Shisheng Fan,Zhengkuan Zhang,Deshuang Liu 제어·로봇·시스템학회 2022 International Journal of Control, Automation, and Vol.20 No.7

The problem of robust finite-horizon l2-l∞ filtering is investigated for a class of discrete-time Markovian jump systems under denial-of-service attacks. The considered dynamic model is more appropriate, on account of polyhedral feature of time-varying transition probabilities. Denial-of-service attack that may jam or compromise the measurement packets on communication channels is assumed as a Bernoulli distributed sequence. Based on stochastic Lyapunov function approach, sufficient criteria corresponding to the error system are established for designing a finite-horizon l2-l∞ filter in the light of linear matrix inequalities. In the end, three illustrative examples are worked out to substantiate the theoretical results.

A Survey on Defense Mechanism against Distributed Denial of Service (DDoS) Attacks in Control System

Kwon, YooJin Korea Electric Power Corporation 2015 KEPCO Journal on electric power and energy Vol.1 No.1

Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

High Rate Denial-of-Service Attack Detection System for Cloud Environment Using Flume and Spark

( Janitza Punto Gutierrez ),( Kilhung Lee ) 한국정보처리학회 2021 Journal of information processing systems Vol.17 No.4

Nowadays, cloud computing is being adopted for more organizations. However, since cloud computing has a virtualized, volatile, scalable and multi-tenancy distributed nature, it is challenging task to perform attack detection in the cloud following conventional processes. This work proposes a solution which aims to collect web server logs by using Flume and filter them through Spark Streaming in order to only consider suspicious data or data related to denial-of-service attacks and reduce the data that will be stored in Hadoop Distributed File System for posterior analysis with the frequent pattern (FP)-Growth algorithm. With the proposed system, we can address some of the difficulties in security for cloud environment, facilitating the data collection, reducing detection time and consequently enabling an almost real-time attack detection.

멀티미디어 콘텐츠의 서비스거부 방지 알고리즘 성능분석

장희선(Hee-Seon Jang),신현철(Hyun-Chul Shin),이현창(Hyun-Chang Lee) 한국컴퓨터정보학회 2010 韓國컴퓨터情報學會論文誌 Vol.15 No.4

본 논문에서는 멀티미디어 콘텐츠 트래픽을 주고받는 노드들 사이에 상호 서비스 제공을 위한 정보보호 알고리즘의 성능을 분석한다. 먼저, 콘텐츠 유통에 필요한 정보보호 요소 기술들을 정의하고 멀티캐스팅 서비스를 이용하는 네트워크에서 기존 노드들의 그룹에 새로운 노드가 참여하는 경우를 가정한다. 그룹 가입을 위하여 노드는 그룹 식별자 주소가 필요하게 되며 이는 노드 스스로 생성하고 다른 노드들과의 중복성을 확인하는 과정에서 임의의 악의적인 노드에 의한 DoS(Denial of Service, 서비스거부) 공격이 발생된다. NS2를 이용한 시뮬레이션 분석결과, 새로운 주소를 생성하기 위한 난수값의 범위에 따라 주소 충돌횟수(DoS 공격의 최대 가능 횟수)와 다른 주소와 충돌되지 않는 신규 주소를 할당받기까지의 평균 시도횟수가 변하며, 네트워크의 규모에 따라 적정한 규모의 난수의 범위를 포함한 효율적인 알고리즘의 사전 설계가 필요함을 알 수 있다. In this paper, the performance of the DoS information security algorithm is evaluated to provide the multimedia traffic between the nodes using the multicasting services. The essence technology for information security to distribute the multimedia contents is presented. Under the multicasting services, a node participating new group needs a new address and the node compares the collision with the existing nodes, then DoS attack can be occurred between the nodes by a malicious node. Using the NS2 simulator, the number of DoS attacks, the average number of trials to generate new address, and the average time to create address are analyzed. From simulation results, the efficient algorithm with relevant random number design according to the DRM network is needed to provide secure multimedia contents distribution.

Secure Control of Networked Switched Systems with Random DoS Attacks via Event-triggered Approach

Yonghui Liu 제어·로봇·시스템학회 2020 International Journal of Control, Automation, and Vol.18 No.10

This paper considers security control of networked switched systems in which the denial-of-service attacks may happen when the output information is transmitted from the sensor to the controller. Besides, it is assumed that the denial-of-service obeys Bernoulli distribution. First, to reduce the communication burden and retaining a satisfactory performance, an event-triggered sampling mechanism is adopted. And then, security control of the switched systems is analyzed by designing an output-feedback controller and a switching signal based on the average dwell time method. It is shown that the state trajectory can be driven onto a certain bound despite the presence of the random denial-of-service attacks. Finally, a numerical example is given to demonstrate the effectiveness of the proposed method.

IoT 네트워크 상의 머신러닝 기반 DoS 및 DRDoS 탐지연구

여승연,조소영,김지연 한국컴퓨터정보학회 2022 韓國컴퓨터情報學會論文誌 Vol.27 No.7

We propose an intrusion detection model that detects denial-of-service(DoS) and distributed reflection denial-of-service(DRDoS) attacks, based on the empirical data of each internet of things(IoT) device by training system and network metrics that can be commonly collected from various IoT devices. First, we collect 37 system and network metrics from each IoT device considering IoT attack scenarios; further, we train them using six types of machine learning models to identify the most effective machine learning models as well as important metrics in detecting and distinguishing IoT attacks. Our experimental results show that the Random Forest model has the best performance with accuracy of over 96%, followed by the K-Nearest Neighbor model and Decision Tree model. Of the 37 metrics, we identified five types of CPU, memory, and network metrics that best imply the characteristics of the attacks in all the experimental scenarios. Furthermore, we found out that packets with higher transmission speeds than larger size packets represent the characteristics of DoS and DRDoS attacks more clearly in IoT networks. 본 논문은 다수의 사물인터넷 단말에서 보편적으로 수집할 수 있는 시스템 및 네트워크 메트릭을학습하여 각 사물의 경험데이터를 기반으로 서비스거부 및 분산반사 서비스거부 공격을 탐지하는침입 탐지 모델을 제안한다. 먼저, 공격 시나리오 유형별로 각 사물에서 37종의 시스템 및 네트워크메트릭을 수집하고, 이를 6개 유형의 머신러닝 모델을 기반으로 학습하여 사물인터넷 공격 탐지 및분류에 가장 효과적인 모델 및 메트릭을 분석한다. 본 논문의 실험을 통해, 랜덤 포레스트 모델이96% 이상의 정확도로 가장 높은 공격 탐지 및 분류 성능을 보이는 것을 확인하였고, 그 다음으로는K-최근접 이웃 모델과 결정트리 모델의 성능이 우수한 것을 확인하였다. 37종의 메트릭 중에는 모든공격 시나리오에서 공격의 특징을 가장 잘 반영하는 CPU, 메모리, 네트워크 메트릭 5종을 발견하였으며 큰 사이즈의 패킷보다는 빠른 전송속도를 갖는 패킷이 사물인터넷 네트워크에서 서비스거부및 분산반사 서비스거부 공격 특징을 더욱 명확히 나타내는 것을 실험을 통해 확인하였다.

항공기내 사이버 위협에 대한 선제적 대응 방안에 관한 연구 - 전사적 정보보안 관리체계 개선 방안 중심으로 -

전상훈 한국항공경영학회 2023 한국항공경영학회지 Vol.21 No.5

급변하고 있는 ICT 기술과 함께 항공기내 무선 네트워크 및 인터넷 서비스가 제공되는 등의 항공 서비스가 발전하고 있다. 항공기 기내에서는 운항승무원의 EFB와 객실승무원의 태블릿을 통해 무선 네트워크 접속이 제공되고, 승객에게는 엔터테인먼트 시스템 접속 및 인터넷 서비스가 제공되고 있다. 항공기는 기체 통제시스템, 항공사 정보시스템 그리고 엔터테인먼트 시스템 등이 상호 연동되고 있어, 허가된 운영자 이외로 부터의 무선 네트워크 접근은 항공기 운항 및 안전에 치명적인 영향을 미칠 수 있는 취약점을 갖고 있다. 항공기내의 시스템은 외부로 부터의 접근을 제공하지 않는 폐쇄적인 네트워크를 사용하고 있어, 외부로부터의 접근이 불가능했지만, 편의성, 효율성 등으로 현재 항공기내에서 무선 네트워크 접속 기술을 사용하고 있을 뿐만 아니라 객실 승객에게도 무선 네트워크 서비스를 제공하게 되며, 더욱 사이버 위협에 노출되고 있는 것이 현실이다. 사이버 위협으로 인해 항공기내 시스템의 오동작, 오남용, 비정상 동작을 유발시킬 수 있는 위협이 상존하게 되지만, 현행 항공기내의 안전을 위한 보안 활동으로서는, 기내의 불법행위 근절 및 대응, 기내 반입물 통제, 지상에서 검색 등의 인적 요소에 집중하여, 물리적 보안 활동을 수행하고 있으며, 항공기의 안전을 위협할 수 있는 사이버 위협에 대한 대응방법은 부재한 것이 현실이다. 다시 말해, 현재 항공기내에서는 잠재적 사이버 위협에 대한 관련법 및 보안 관리체계가 전무한 상태로, 발전하고 있는 정보통신기술 및 항공 서비스 맞춰 항공 보안정책, 관련법 및 대응 보안 관리체계 수립․시행을 위한 연구가 시급한 시점이기도 하다. 예측 불가능한 사이버 위협에 대응에 선제적으로 대응하기 위해서는 항공기내 객실․운항 승무원의 보안 활동을 강화하여, 사이버 위협에 대응하는 것이 가장 효율적이며, 필수적이다. 따라서 본 논문에서는 안전한 항공 운항을 위해 항공기내의 잠재적 사이버 위협으로부터 선제적 대응을 위한 보안 관리체계 구축을 위한 연구의 필요성 및 항공보안 정책․관련법 개선 방안 그리고 항공기내의 사이버 위협 대응 프로세스 등을 제안하여, 항공기내 무선 네트워크 서비스의 가용성을 강화하고, 사이버 위협으로부터 항공기 운항의 안전성 확보를 위한 대응방안을 제시하였다. Aviation services, including in-flight wireless networks and internet access, are advancing in conjunction with the rapidly changing ICT technology. Within aircraft, wireless network access is provided to flight crew through EFB (Electronic Flight Bag) and to cabin crew through tablets. Passengers are also offered access to entertainment systems and internet services. Aircraft systems, such as aircraft control, airline information, and entertainment systems, are interconnected. Unauthorized wireless network access poses critical vulnerabilities that can have a significant impact on aircraft operation and safety. In the past, aircraft systems used closed networks that were not accessible from the outside. However, for the sake of convenience and efficiency, current aircraft employ wireless network access technology both for crew members and for providing wireless network services to cabin passengers, thus exposing them to cyber threats. Cyber threats can result in the malfunction, misuse, and abnormal operation of in-flight systems. However, current in-flight security activities primarily focus on addressing misconduct within the cabin, controlling onboard items, and conducting ground inspections, with an emphasis on physical security measures. As a result, there is a lack of measures to address cyber threats that could jeopardize the safety of aircraft. In other words, the current state of in-flight aviation lacks relevant laws and security management systems to address potential cyber threats. It is a pressing need to conduct research and establish aviation security policies, related laws, and corresponding security management systems aligned with the evolving information and communication technology and aviation services. To proactively address unpredictable cyber threats, the most efficient and essential approach is to strengthen the security activities of cabin and flight crew within aircraft. Therefore, this paper proposes the necessity of research for establishing a security management system to proactively address potential cyber threats within aircraft for safe aviation operations. It suggests improvements to aviation security policies, related laws, and proposes processes to address cyber threats within aircraft. The goal is to enhance the availability of in-flight wireless network services and present measures to ensure the safety of aviation operations against cyber threats.

A Secured OpenFlow-Based Software Defined Networking Using Dynamic Bayesian Network

Natnaree Sophakan,Chanboon Sathitwiriyawong 제어로봇시스템학회 2019 제어로봇시스템학회 국제학술대회 논문집 Vol.2019 No.10

OpenFlow has been the main standard protocol of software defined networking (SDN) since the launch of this new networking paradigm. It is a programmable network protocol that controls traffic flows among switches and routers regardless of their platforms. Its security relies on the optional implementation of Transport Layer Security (TLS) which has been proven vulnerable. The aim of this research was to develop a secured OpenFlow, so-called Secured-OF. A stateful firewall was used to store state information for further analysis. Dynamic Bayesian Network (DBN) was used to learn denial-of-service attack and distributed denial-of-service attack. It analyzes packet states to determine the nature of an attack and adds that piece of information to the flow table entry. The proposed Secured-OF model in Ryu controller was evaluated with several performance metrics. The analytical evaluation of the proposed Secured-OF scheme was performed on an emulated network. The results showed that the proposed Secured-OF scheme offers a high attack detection accuracy at 99.5%. In conclusion, it was able to improve the security of the OpenFlow controller dramatically with trivial performance degradation compared to an SDN with no security implementation.

A SYN fl ooding attack detection approach with hierarchical policies based on self-information

Jia-Rong Sun,Chin-Tser Huang,황민성 한국전자통신연구원 2022 ETRI Journal Vol.44 No.2

The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.