분산 서비스 거부 공격 대응 시스템 및 방법
김현주, 나중찬, 손승원
- 7200866 (2007.04.03)
- A system for defending against a distributed denial-of-service attack includes an intrusion detection system, an active security management system and an active security node. The intrusion detection system generates alert data if a denial-of-service attack is detected. The active security management system manages a domain, analyzes the alert data, generates and transmits a backtracking sensor in a case of the distributed denial-of-service attack, transmits mobile sensors to a host backtracked by the backtracking sensor to remove a master or an agent program within the host; and generates and transmits a backtracking sensor by using an IP address of a host that has transmitted a packet to the removed master or agent program. The active security node executes the transmitted backtracking sensor to backtrack an attacking host of the distributed denial-of-service attack and, if the backtracked host is determined as a real attacker, intercepts a traffic generated from the real attacker.
- KSP 제안 키워드
- Active network, Denial of service attack, Distributed Denial of Service attacks, Distributed denial-of-service(DDoS), IP address, Intrusion detection system(IDS), Management system, Mobile sensor, Security Management, denial of service(DoS), intrusion detection, security management system