등록
Netflow 기반 Connection FingerPrint 생성 및 경유지 역추적 방법
- 발명자
-
김정태, 강구홍, 김익균
- 출원번호
-
201610987131.2 (2016.11.09)
- 공개번호
-
107070851 (2017.08.18)
- 등록번호
- ZL201610987131.2 (2020.07.14)
- 출원국
- 중국
- 협약과제
-
14MS2300, 다중소스 데이터의 Long-term History 분석기반 사이버 표적공격 인지 및 추적기술 개발,
김익균
- 초록
- The present invention relates to a method for tracing a cyber hacking attack and, more particularly, to a system and a method for generating a connection fingerprint and tracing back a source site using a network flow. The method for connection fingerprint generation and traceback based on netflow comprises: a step of receiving a traceback request including IP packet attribute information of a victim and an attacker corresponding to a target connection, which is a final connection of a connection chain; a step of generating a fingerprint for a related connection based on the IP packet attribute information and requesting related information to a network flow collector; a step of detecting connection of a stepping stone for the target connection, which is made when the fingerprint is generated, to confirm whether a selected subject connection is present on the same chain as the target connection; and a step of determining a connection sequence with respect to an attacker host for the subject connection confirmed to be present on the same connection chain as the target connection.
- KSP 제안 키워드
- Connection chain, IP packet, Network flow, Stepping-stone, connection based
- 패밀리
-