Detection of Abnormal Traffic by Pre-Inflow Agent

사전유입 에이전트가 발생하는 이상트래픽 탐지 방안

  • Cho, Young Min (Graduate School of Information Security, Korea University) ;
  • Kwon, Hun Yeong (Graduate School of Information Security, Korea University)
  • 조영민 (고려대학교 정보보호대학원) ;
  • 권헌영 (고려대학교 정보보호대학원)
  • Received : 2018.07.17
  • Accepted : 2018.09.13
  • Published : 2018.10.31


Modern society is a period of rapid digital transformation. This digital-centric business proliferation offers convenience and efficiency to businesses and individuals, but cyber threats are increasing. In particular, cyber attacks are becoming more and more intelligent and precise, and various attempts have been made to prevent these attacks from being discovered. Therefore, it is increasingly difficult to respond to such attacks. According to the cyber kill chain concept, the attacker penetrates to achieve the goal in several stages. We aim to detect one of these stages and neutralize the attack. In this paper, we propose a method to detect anomalous traffic caused by an agent attacking an external attacker, assuming that an agent executing a malicious action has been introduced in advance due to various reasons such as a system error or a user's mistake.

JBBHCB_2018_v28n5_1169_f0001.png 이미지

Fig. 1. Related Research Field

JBBHCB_2018_v28n5_1169_f0002.png 이미지

Fig. 2. Irregular Iteration Access

JBBHCB_2018_v28n5_1169_f0003.png 이미지

Fig. 3. Flow-chart(Irregular Iteration Access)

JBBHCB_2018_v28n5_1169_f0004.png 이미지

Fig. 4. Multiple Access

JBBHCB_2018_v28n5_1169_f0005.png 이미지

Fig. 5. Flow-chart(Multiple Access)

JBBHCB_2018_v28n5_1169_f0006.png 이미지

Fig. 6. Bypass Attempt Access

JBBHCB_2018_v28n5_1169_f0007.png 이미지

Fig. 7. Flow-chart(Bypass Attempt Access)

JBBHCB_2018_v28n5_1169_f0008.png 이미지

Fig. 8. Experiment Environment

Table 1. Selected Header Field

JBBHCB_2018_v28n5_1169_t0001.png 이미지

Table 2. Result of Verification

JBBHCB_2018_v28n5_1169_t0002.png 이미지


  1. IDC, 3rd platform Digital Transformation,
  2. IDG, Top 5 cybersecurity facts, figures, statistics for 2018,
  3. Boannews,
  4. Lockheedmartin, Cyber Kill Chain,
  5. AVTEST(The Independent IT-Security Institute), Malware Statistics,
  6. Kirti Mathur and Saroj Hiranwal, "A Survey on Techniques in Detection and Analyzing Malware Executables", International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 3, Issue 4, 2013.
  7. PAYLOAD SECURITY, "Hybrid Analys is - Innovative Technology",
  8. Jan Goebel, Thorsten Holz, "Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation", USENIX Hot Bots. pp.4-9, July. 2007.
  9. Marina Thottan and Chuanyi Ji, "Anomaly Detection in IP Networks", IEEE Transaction On Signal Processing, Vol. 51, No. 8, Aug. 2003.
  10. K. Illgun, R. Kemmerer, Phillip A. Porras, "State Transition Analysis : A rule-based intrusion detection approach," IEEE Transaction On Software Engineering, pp.181-199, Mar. 1995.
  11. Shen Maying, Jiang Xinghao, Sun Tanfeng, "Anomaly detection based on Nearest Neighbor search with Locality-Sensitive B-tree," Neurocomputing, Vol. 289, pp.55-67, May. 2018.
  12. Tonejc Jernej, Kobekova Alexandra, "Machine Learning Methods for Anomaly Detection in BACnet Networks," Journal Of Universal Computer Science, Vol. 22, No 9, pp.1203-1224, 2016.
  13. Liu, Weixin, Zheng, Kangfengm "Flow-based Anomaly Detection Using Access Behavior Profiling and Time-sequenced Relation Mining," KSII Transactions On Internet And Information Systems, Vol. 10, Issue 6, pp.2781-2800, June. 2016.
  14. Siwoon Son, Myeong-Seon Gil, "Anomaly Detection of Hadoop Log Data Using Moving Average and 3-Sigma," KIPS Tr. Software and Data Eng, Vol. 5, No. 6, pp.283-288, 2016.