상세정보
학술대회
Traffic Storing and Related Information Generation System for Cyber Attack Analysis
- 발행일
- 201610
- 출처
- International Conference on Information and Communication Technology Convergence (ICTC) 2016, pp.1052-1057
- 협약과제
- 16MH2200, 사이버 공격의 사전 사후 대응을 위한 사이버 블랙박스 및 통합 사이버보안 상황분석 기술 개발, 김종현
- 초록
- As the sophisticated attacks are increased continuously, the attack analysis technologies are getting more important. It is needed to collect attack related information or data first for the attack analysis. But attackers make an effort to get rid of all the attack related information that they can find and adopt anti-forensic technologies as well, so it is quite difficult to collect sufficient information for attack analysis. For further analysis network traffic could be a good candidate. It could not be removed by the attackers and has a lot of information about what the attackers were doing. However, network traffic is volatile information and only exist while they are being transmitted. Therefore, in order to collect network packets they have to be stored while they are being transmitted in real time. Besides, network traffic is huge amount of volatile data so it should be captured and stored on a mass storage device. For that we propose a Traffic storing and Related Information Generation system for cyberattack analysis, TRIG, which can store 20Gbps network traffic in real time and generate various traffic related information at the same time for further analysis.
- KSP 제안 키워드
- Attack analysis, Cyber attacks, Generation system, Mass storage, Network Traffic, Real-Time, Sophisticated attacks, Storage device, anti-forensic, network packets, traffic storing