The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Detection of Personal Information Leakage using the Network Traffic Characteristics

네트워크 트래픽 특성을 이용한 개인정보유출 탐지기법

  • 박정민 (이화여자대학교 컴퓨터정보통신공학과) ;
  • 김은경 (이화여자대학교 컴퓨터정보통신공학과) ;
  • 정유경 (이화여자대학교 컴퓨터정보통신공학과) ;
  • 채기준 (이화여자대학교 컴퓨터정보통신공학과) ;
  • 나중찬 (한국전자통신연구원 능동보안기술연구팀)
  • Published : 2007.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

In a ubiquitous network environment, detecting the leakage of personal information is very important. The leakage of personal information might cause severe problem such as impersonation, cyber criminal and personal privacy violation. In this paper, we have proposed a detection method of personal information leakage based on network traffic characteristics. The experimental results indicate that the traffic character of a real campus network shows the self-similarity and Proposed method can detect the anomaly of leakage of personal information by malicious code.

유비쿼터스 네트워크 환경에서 개인정보의 유출은 다양한 사이버 범죄를 야기하며 개인정보의 상품화로 프라이버시의 침해가 증가하므로 개인정보의 유출을 탐지하는 것은 매우 중요하다. 본 논문은 네트워크의 트래픽 특성을 기반으로 한 개인정보 유출 탐지 기법을 제안하고자 한다. 실제 대학망에서 정상 상태의 트래픽을 수집하여 트래픽의 특성을 분석함으로써 네트워크 트래픽이 자기유사성을 지님을 확인하였다. 개인정보의 유출을 시도하는 악성코드의 사전정보수집단계를 모사한 비정상적인 트래픽에 대하여 정상 트래픽에서의 자기유사성과의 변화를 살펴봄으로써 이상을 조기 감지할 수 있었다.

Keywords

References

  1. Y. Xin, B.-X. Fang, X.-C. Yun, and H.-Y. Chen, 'Worm Detection in Large Scale Network by Traffic,' Proc. of the 6th Intl. Conf. on Parallel and Distributed Computing, Applications and Technologies (PDCAT'05), pp.270-273, 2005 https://doi.org/10.1109/PDCAT.2005.255
  2. W. Leland, W. Willinger, M. Taqqu and D. Wilson, 'On the Self-similarity nature of Ethernet Traffic (Extended Version),' IEEE/ACM Transactions on Networking, Vol. 2(1), pp. 1-15, 1994 https://doi.org/10.1109/90.282603
  3. M. E. Crovella and A. Bestavros, 'Self-similarity in World Wide Web Traffic: Evidence and Possible Causes,' IEEE/ACM Trans. on Networking, Vol. 5(6), pp.835-846, 1997 https://doi.org/10.1109/90.650143
  4. A. Popescu, 'Traffic Self-similarity,' Proc. of IEEE Intl, Conf. on Telecommunications, 2001
  5. R. Pacheco, J. Cesar and T. R. Deni, 'Performance Analysis of Time-domain Algorithms for Self-similar Traffic,' Proc. of IEEE Intl' Conf. on Electronics, Communications and Computers, 2006 https://doi.org/10.1109/CONIELECOMP.2006.47
  6. V. Paxson and S. Floyd, 'Wide-area traffic: The failure of Poisson modeling,' IEEE-ACM Transactions on Networking, Vol. 3(3), pp.226-244, 1995 https://doi.org/10.1109/90.392383
  7. V. Paxson, 'Fast Approximation of Self-similarity Traffic,' Technical Report LBL-36750, Lawrence Berkeley Laboratory, 1995
  8. R. Kalden and S. Ibrahim, 'Searching for Self-similarity in GPRS,' LNCS Vol. 3015, pp. 83-92, 2004 https://doi.org/10.1007/b96961
  9. Laura Feinstein, Dan Schnackenberg Ravindra Balupari, Darrell Kindred, 'Statistical Approaches to DDoS Attack Detection and Response,' Proc. of The DARPA Information Survivability Conference and Exposition, 2003
  10. Wenke Lee, Salvatore J. Stolfo, 'Data Mining Approaches for Intrusion Detection,' Proc. of the 7th USENIX Security Symposium, pp.79-94, Jan. 1998
  11. Susan C. Lee, David V. Heinbuch, 'Training a Neural-Network Based Intrusion Detector to Recognize Novel Attacks,' IEEE Trans. on Systems, Man and Cybernetics, Vol. 31, No.4, pp.294-299, 2001 https://doi.org/10.1109/3468.935046
  12. C & C Instruments Co. Ltd., http://www.cncinst.com/
  13. The CERIAS Intrusion Detection Research Group, 'Digging for Worms, Fishing for Answers,' Proc. of 18th Annual Computer Security Applications Conference, 2002 https://doi.org/10.1109/CSAC.2002.1176293