넷플로우를 이용한 타이밍 교란을 동반한 스텝핑 스톤 공격 검출 기법
김정태, 김익균, 강구홍
- 10805319 (2020.10.13)
16MH2100, 다중소스 데이터의 Long-term History 분석기반 사이버 표적공격 인지 및 추적기술 개발,
- Disclosed herein are a stepping-stone detection apparatus and method. The stepping-stone detection apparatus includes a target connection information reception unit for receiving information about a target connection from an intrusion detection system (IDS), a fingerprint generation unit for generating a target connection fingerprint based on the information about the target connection, and generating one or more candidate connection fingerprints using information about one or more candidate connections corresponding to one or more flow information collectors, and a stepping-stone detection unit for detecting a stepping stone by comparing the target connection fingerprint, in which a maximum allowable delay time is reflected, with the candidate connection fingerprints.
- KSP 제안 키워드
- Delay Time, Generation unit, Intrusion detection system(IDS), Stepping-stone, Stepping-stone detection, Using information, intrusion detection