Distributed Denial-of-Service attack (DDoS) is one of the most outstanding menaces on the Internet. A DDoS attack generally attempts to overwhelm the victim in order to deny their services to legitimate users. A number of approaches have been proposed for defending against DDoS attacks accurately in real time. However, existing schemes have limits in terms of detection accuracy and delay if the IDRS (Intrusion Detection and Response System) deployed only at a specific location detects and responds against attacks. As in this case, it is not able to catch the characteristic of the attack which is distributed in large-scale. Moreover, the existing detection schemes have vulnerabilities to intellectual DDoS attacks which are able to avoid its detection threshold or delay its detection time. This paper suggests the effective DDoS defense system which uses the collaborative scheme among distributed IDRSs located in the vicinity of the attack source or victim network. In proposed scheme, both victim and source-end IDRS work synergistically to identify the attack and avoid false alarm rate up to great extent. Additionally, we propose the duplicate detection window scheme to detect various attacks dynamics which increase the detection threshold gradually in early stage. The proposed scheme can effectively detect and respond against these diverse DDoS attack dynamics.

Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent this type of traffic is to identify the attack nodes and detach (or block) attack nodes at their egress routers. However, existing traceback mechanisms are currently not widely used for several reasons, such as the necessity of replacement of many routers to support traceback capability, or difficulties in distinguishing between attacks and legitimate traffic. In this paper, we propose a new scheme that enables a traceback from a victim to the attack nodes. More specifically, we identify the egress routers that attack nodes are connecting to by estimating the traffic matrix between arbitral source-destination edge pairs. By monitoring the traffic variations obtained by the traffic matrix, we identify the edge routers that are forwarding the attack traffic, which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately.

It has been widely observed that high-bandwidth traffic aggregates often occur by flooding-based distributed denial-of-service (DDoS) attacks. Several congestion control methods have been proposed for bandwidth controls. These methods are also considered to be important in order to avoid collapse of network services by DDoS attacks. We perform simulation studies of these well-known crowd management methods in order to minimize the damage caused by DDoS attacks with bandwidth control. Internet topologies have many facets in terms of the focus of the observation. Therefore, we need to conduct simulation of DDoS attacks in different Internet topologies, including the tiers model, the transit-stub model, and the Barabasi-Albert model. Using RED, CHOKe, and pushback with ACC as congestion control methods, we evaluate network resistance against DDoS attacks and similar overflow problems.

In the case of miniaturized telemetry capsules, such as a capsule endoscope that can acquire and transmit images from the intestines, the size and the power consumption of the module are restricted. In the capsule endoscopes, it is desirable that the control function can capacitate the sampling of digestive fluid and tissue, drug delivery, and locomotion. In this paper, the control function was embodied by bi-directional communication. A CPLD (complex programmable logic device) controller was designed and implemented for the bi-directional communication in capsule endoscope. The diameter of capsule was 12 mm and the length was 30 mm. The performance of implemented capsule was verified by in-vivo animal experiments.

Diseases of the gastro-intestinal tract are becoming more prevalent. New techniques and devices, such as the wireless capsule endoscope and the telemetry capsule, that are able to measure the various signals of the digestive organs (temperature, pH, and pressure), have been developed for the observation of the digestive organs. In these capsule devices, there are no methods of moving and grasping them. In order to make a swift diagnosis and to give proper medication, it is necessary to control the moving speed of the capsule. This paper presents a wireless system for the control of movements of an electrical stimulus capsule. This includes an electrical stimulus capsule which can be swallowed and an external transmitting control system. A receiver, a receiving antenna (small multi-loop), a transmitter, and a transmitting antenna (monopole) were designed and fabricated taking into consideration the MPE, power consumption, system size, signal-to-noise ratio and the modulation method. The wireless system, which was designed and implemented for the control of movements of the electrical stimulus capsule, was verified by in-vitro experiments which were performed on the small intestines of a pig. As a result, we found that when the small intestines are contracted by electrical stimuli, the capsule can move to the opposite direction, which means that the capsule can go up or down in the small intestines.

Pneumatic pressure, which is easy enough to be handled in comparison with hydraulic pressure and is endowed with high safety, is available for a power source of a robot arm to be utilized in concert with human beings to do various types of work. But pneumatic pressure is so low in comparison with hydraulic pressure that an air cylinder having a diameter long enough and stroke wide enough is required to obtain great output power. In this study, therefore, the investigation was made with layout of air cylinders and transmission mechanisms of the motion power directed toward the driving joints to be followed by development of a new humanoid robot arm with seven degrees of freedom in which air cylinders are compactly incorporated. To be concrete with this, contrivance was made with an endoskeleton structure allowing almost all of the structure materials of the individual arm joints to be shared by the air cylinder with incorporation of the air cylinder in the axes of the upper arm joint and forearm joints by paying attention to the fact that the cylinder itself has high strength. The evaluation experiments driving the robot arm referred to above were conducted by means of I-PD control. The results suggested that the mechanism of the robot with seven degrees of freedom having pneumatic actuators proposed in this study is useful as the humanoid robot arm. The quick and accurate motions were accomplished with I-PD control which is relatively easy to be dealt with but not suitable for non-linear actuator system.

Gastric cancer is a great part of the cancer occurrence and the mortality from cancer in Korea, and the early detection of gastric cancer is very important in the treatment and convalescence. This paper, for the early detection of gastric cancer, proposes the analysis system of an endoscopic image of the stomach, which detects abnormal regions by using the change of color in the image and by providing the surface tissue information to the detector. While advanced inflammation or cancer may be easily detected, early inflammation or cancer is difficult to detect and requires more attention to be detected. This paper, at first, converts an endoscopic image to an image of the IHb (Index of Hemoglobin) model and removes noises incurred by illumination and, automatically detects the regions suspected as cancer and provides the related information to the detector, or provides the surface tissue information for the regions appointed by the detector. This paper does not intend to provide the final diagnosis of abnormal regions detected as gastric cancer, but it intends to provide a supplementary mean to reduce the load and mistaken diagnosis of the detector, by automatically detecting the abnormal regions not easily detected by the human eye and this provides additional information for diagnosis. The experiments using practical endoscopic images for performance evaluation showed that the proposed system is effective in the analysis of endoscopic images of the stomach.

Distributed denial-of-service attacks on public servers have recently become more serious. More are SYN Flood attacks, since the malicious attackers can easily exploit the TCP specification to generate traffic making public servers unavailable. To assure that network services will not be interrupted, we need faster and more accurate defense mechanisms against malicious traffic, especially SYN Floods. One of the problems in detecting SYN Flood traffic is that server nodes or firewalls cannot distinguish the SYN packets of normal TCP connections from those of SYN Flood attack. Moreover, since the rate of normal network traffic may vary, we cannot use an explicit threshold of SYN arrival rates to detect SYN Flood traffic. In this paper we introduce a mechanism for detecting SYN Flood traffic more accurately by taking into consideration the time variation of arrival traffic. We first investigate the statistics of the arrival rates of both normal TCP SYN packets and SYN Flood attack packets. We then describe our new detection mechanism based on the statistics of SYN arrival rates. Our analytical results show that the arrival rate of normal TCP SYN packets can be modeled by a normal distribution and that our proposed mechanism can detect SYN Flood traffic quickly and accurately regardless of time variance of the traffic.

Large-throughput anomaly prevention mechanism in the upstream side of high-speed (over 10-Gbps) networks is required to prevent various anomalies such as distributed denial of service (DDoS) from causing various network problems. This mechanism requests the processors achieving not only high-speed response for analyzing many packets in a short time but also the flexibility to update the anomaly prevention algorithm. In this research, I assumed a dynamic reconfigurable processor (DRP) was most effective in achieving this anomaly prevention mechanism, for processors used in nodes with the mechanism, and I designed an anomaly prevention mechanism using DRPs. The mechanism can shorten anomaly prevention time in high-speed (10 Gbps) lines using an all-packet analysis. Through a simulation, I achieved the goal of the mechanism achieving a throughput of 83-M packets per second using three DRPs (432 execution elements used). Moreover, with the prototype, it was confirmed that the proposed mechanism prevented anomalies in a short time (constant 0.01 second), which was 3000 times faster than that of a legacy mechanism using a packet sampling method. I also proposed integrated prevention, which was able to reduce the number of execution elements comprising anomaly prevention algorithm against various kinds of anomalies. It was achieved with a simulation that the proposed integrated prevention against three kinds of anomalies (DDoS, worm, and peer to peer (P2P)) reduced the number of execution elements by 24% compared to legacy prevention. In addition, non-stop update was proposed to maintain throughput when updating an anomaly prevention algorithm without packet loss. It was confirmed with a simulation that there was enough time for non-stop update in 10 Gbps 4 lines.

A distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim or its Internet connection, or both. Defense against DDoS attacks as well as identification of their sources comprise demanding challenges in the realm of Internet security studies. In this paper, effective measures are proposed for detecting attacks in routers through the use of queuing models, which help detect attacks closer to the attack sources. Utilizing these measures, an effective DDoS attack detection and packet-filtering scheme is proposed. The suggested approach is a cooperative technique among routers intended to protect the network from persistent and severe congestion arising from a rapid increase in attack traffic. Through computer simulations, it is shown that the proposed scheme can trace attacks near to the attack sources, and can effectively filter attack packets.

In this paper, dosimetry of an in vitro exposure apparatus based on a cylindrical waveguide is performed. The SAR distributions are first obtained numerically by using FDTD method. The thermal fields in the medium are then estimated by numerical calculations of the equation of heat conduction. The maximum temperature rise for 17.9 W/kg average SAR during 3000 s exposure is about 2 on the bottom of the medium where cells are located. The thermal distribution is relatively uniform near the center of the dish and the temperature in this region is around 38.7. The results of the numerical calculation are experimentally supported. The results provide the electromagnetic and thermal characteristics of the exposure apparatus, which will define the exposure conditions of the planned experiments using this apparatus.

In order to control the moving speed of an endoscopic capsule in the human intestine, electrical stimulation method is proposed in this paper. The miniaturized endoscopic capsule with the function of various electrical stimulations has been designed and implemented. An in-vivo animal experiment has been performed to show the ability of controlling the movement speed of the endoscopic capsule according to the level of electrical stimulation. In-vivo experiments were performed by inserting the implemented capsule into a pig's intestinal tract. From the experimental results, the activation of peristaltic movement and the relationship between the moving speed of capsule and the stimulation amplitude could be found. It is shown that the moving speed of capsule in the intestine can be controlled by adjustment of the stimulation level applied in the capsule electrodes. The results of the in-vivo experiment verify that the degree of contraction in the intestinal tract is closely related with the level of stimulating electrical voltage, suggesting that the moving speed of capsule in the human gastrointestinal tract can be controlled by externally adjusting the amplitude of stimulating pulse signal.

Although the Internet is playing an increasingly significant role in global communication, it remains vulnerable to malicious traffic such as worms and DoS/DDoS attacks. In the last few years, the emergence of high speed active worms, such as Code Red II, Nimda, SQL Slammer and MS Blaster, has become a serious issue. These worms cause serious damage to communication networks throughout the world by using up network bandwidth. In addition, since conventional firewall systems are located just in front of the server and do not prevent malicious traffic from entering the network, they cannot prevent such network congestion. Therefore, the firewall between domains or between core routers should play important roles in the photonic networks. We have developed a prototype system of a network firewall using reconfigurable processors. In this paper, we overview the developed system and present its evaluation results.

In this letter, we show that some stream authentication schemes using hash chaining are highly vulnerable to denial of service (DoS) attacks. An adversary can disrupt all receivers of group by making use of modifying a few packets in those schemes.

In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.

This study proposes a feasible method to successfully improve probabilistic packet marking (PPM) used to trace back the original DoS attacker. PPM is modified by compensating for the remarked marked packets to achieve the optimal marked packets required for reconstructing the complete attack path.

We propose an improved probabilistic packet marking approach for IP traceback to reconstruct a more precise attack path in an incomplete PPM deployment environment. Moreover, this scheme may also be used with a view to reducing the deployment overhead without requiring the participation of all routers along the attack path.

As the Internet has become the infrastructure for the global communication, the quality degradation due to network failures and illegal traffic such as DDoS (Distributed Denial of Service) have become a serious problem. In order to solve the problem, a network monitoring system that monitors the traffic of Internet in real time is strongly desired. Traffic monitors that collect the statistics from captured packets play a key roll in the system; however, they are not flexible enough for being used in the rapidly changing Internet. The traditional approach such that a new traffic monitor is developed for a new requirement results in a long turn around time of the development. Therefore, we have proposed a flexible network monitoring system that consists of programmable traffic monitors. Traffic monitors are made programmable by introducing active network techniques; therefore, we call the network monitoring system as the programmable monitor network. This paper describes the implementation of the programmable monitor network and its application to DDoS (Distributed Denial of Service) attack detection.

Effective counteraction to Distributed Denial-of-Services (DDoS) attacks is a pressing problem over the Internet. For this counteraction, it is considered important to locate the router interfaces closest to the attackers in order to effectively filter a great number of identification jammed packets with spoofed source addresses from widely distributed area. Edge sample (ES) based Probabilistic Packet Marking (PPM) is an encouraging method to cope with source IP spoofing, which usually accompanies DDoS attacks. But its fragmentation of path information leads to inefficiency in terms of necessary number of packets, path calculation time and identification accuracy. We propose Branch Label (BL) based PPM to solve the above inefficiency problem. In BL, a whole single path information is marked in a packet without fragmentation in contrast to ES based PPM. The whole path information in packets by the BL approach is expressed with branch information of each router interfaces. This brings the following three key advantages in the process of detecting the interfaces: quick increase in true-positives detected (efficiency), quick decrease in false-negatives detected (accuracy) and fast convergence (quickness).

Hash-based IP traceback is a technique to generate audit trails for traffic within a network. Using the audit trails, it reconstructs not only the true attack paths of a Distributed Denial of Service attack (DDoS attack), but also the true path of a single packet attack. However, hash-based IP traceback cannot identify attacker nodes themselves because it has no audit trail on the subnet's layer-2 network under the detected leaf router, which is the nearest node to an attacker node on a layer-3 network. We propose a layer-2 extension to hash-based IP traceback, which stores two identifiers with packets' audit trails while reducing the memory requirement for storing identifiers. One of these identifiers shows the leaf router's interface through which an attacking packet came, and the other represents the ingress port on a layer-2 switch through which the attacking packet came. We implement a prototype on FreeBSD and evaluate it in a preliminary experiment.