상세정보
등록 Netflow 기반 Connection FingerPrint 생성 및 경유지 역추적 방법
- 출원번호
- 201610987131.2 (2016.11.09)
- 공개번호
- 107070851 (2017.08.18)
- 등록번호
- ZL201610987131.2 (2020.07.14)
- 출원국
- 중국
- 협약과제
- 14MS2300, 다중소스 데이터의 Long-term History 분석기반 사이버 표적공격 인지 및 추적기술 개발, 김익균
- 초록
- The present invention relates to a method for tracing a cyber hacking attack and, more particularly, to a system and a method for generating a connection fingerprint and tracing back a source site using a network flow. The method for connection fingerprint generation and traceback based on netflow comprises: a step of receiving a traceback request including IP packet attribute information of a victim and an attacker corresponding to a target connection, which is a final connection of a connection chain; a step of generating a fingerprint for a related connection based on the IP packet attribute information and requesting related information to a network flow collector; a step of detecting connection of a stepping stone for the target connection, which is made when the fingerprint is generated, to confirm whether a selected subject connection is present on the same chain as the target connection; and a step of determining a connection sequence with respect to an attacker host for the subject connection confirmed to be present on the same connection chain as the target connection.
- KSP 제안 키워드
- Connection chain, IP packet, Network flow, Stepping-stone, connection based
- 패밀리
| 구분 | 특허 | 출원국 | KIPRIS |
|---|---|---|---|
| 등록 | 넷플로우 기반 연결 핑거프린트 생성 및 경유지 역추적 방법 | 대한민국 | KIPRIS |
| 등록 | Netflow 기반 Connection FingerPrint 생성 및 경유지 역추적 방법 | 미국 | |
| 등록 | Netflow 기반 Connection FingerPrint 생성 및 경유지 역추적 방법 | 일본 |