상세정보
등록 넷플로우를 이용한 타이밍 교란을 동반한 스텝핑 스톤 공격 검출 기법
- 출원번호
- 15807425 (2017.11.08)
- 공개번호
- 20180234436 (2018.08.16)
- 등록번호
- 10805319 (2020.10.13)
- 출원국
- 미국
- 협약과제
- 16MH2100, 다중소스 데이터의 Long-term History 분석기반 사이버 표적공격 인지 및 추적기술 개발, 김익균
- 초록
- Disclosed herein are a stepping-stone detection apparatus and method. The stepping-stone detection apparatus includes a target connection information reception unit for receiving information about a target connection from an intrusion detection system (IDS), a fingerprint generation unit for generating a target connection fingerprint based on the information about the target connection, and generating one or more candidate connection fingerprints using information about one or more candidate connections corresponding to one or more flow information collectors, and a stepping-stone detection unit for detecting a stepping stone by comparing the target connection fingerprint, in which a maximum allowable delay time is reflected, with the candidate connection fingerprints.
- KSP 제안 키워드
- Delay Time, Generation unit, Intrusion detection system(IDS), Stepping-stone, Stepping-stone detection, Using information, intrusion detection