Netflow 기반 Connection FingerPrint 생성 및 경유지 역추적 방법
김정태, 강구홍, 김익균
- ZL201610987131.2 (2020.07.14)
14MS2300, 다중소스 데이터의 Long-term History 분석기반 사이버 표적공격 인지 및 추적기술 개발,
- The present invention relates to a method for tracing a cyber hacking attack and, more particularly, to a system and a method for generating a connection fingerprint and tracing back a source site using a network flow. The method for connection fingerprint generation and traceback based on netflow comprises: a step of receiving a traceback request including IP packet attribute information of a victim and an attacker corresponding to a target connection, which is a final connection of a connection chain; a step of generating a fingerprint for a related connection based on the IP packet attribute information and requesting related information to a network flow collector; a step of detecting connection of a stepping stone for the target connection, which is made when the fingerprint is generated, to confirm whether a selected subject connection is present on the same chain as the target connection; and a step of determining a connection sequence with respect to an attacker host for the subject connection confirmed to be present on the same connection chain as the target connection.
- KSP 제안 키워드
- Connection chain, IP packet, Network flow, Stepping-stone, connection based