Cybertrap : Unknown Attack Detection System based on Virtual Honeynet

Cybertrap : 가상 허니넷 기반 신종공격 탐지시스템

  • 강대권 (한전KDN(주) 임베디드연구그룹) ;
  • 현무용 (한전KDN(주) SG기반시설보안연구TF) ;
  • 김천석 (전남대학교 전자통신공학과)
  • Received : 2013.04.15
  • Accepted : 2013.06.20
  • Published : 2013.06.30


Recently application of open protocols and external network linkage to the national critical infrastructure has been growing with the development of information and communication technologies. This trend could mean that the national critical infrastructure is exposed to cyber attacks and can be seriously jeopardized when it gets remotely operated or controlled by viruses, crackers, or cyber terrorists. In this paper virtual Honeynet model which can reduce installation and operation resource problems of Honeynet system is proposed. It maintains the merits of Honeynet system and adapts the virtualization technology. Also, virtual Honeynet model that can minimize operating cost is proposed with data analysis and collecting technique based on the verification of attack intention and focus-oriented analysis technique. With the proposed model, new type of attack detection system based on virtual Honeynet, that is Cybertrap, is designed and implemented with the host and data collecting technique based on the verification of attack intention and the network attack pattern visualization technique. To test proposed system we establish test-bed and evaluate the functionality and performance through series of experiments.