한국전자통신학회논문지 (The Journal of the Korea institute of electronic communication sciences)

한국전자통신학회 (Korea Institute of Electronic Communication Science)
권호 표지
DOI QR코드

DOI QR Code

다크넷 트래픽을 활용한 보안관제 체계 구축에 관한 연구

A Study on Constructing of Security Monitoring Schema based on Darknet Traffic

  • 박시장 (호남대학교 컴퓨터공학과) ;
  • 김철원 (호남대학교 컴퓨터공학과)
  • 투고 : 2013.10.15
  • 심사 : 2013.12.16
  • 발행 : 2013.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문에서는 매우 국한된 사이버공격에만 대응할 수 있는 기존 정형화 탐지패턴 기반의 보안관제를 극복하기 위하여 대규모 네트워크상에서 유출입 되는 이상행위 정보에 대한 종합적 체계적 수집 분석을 통해 실시간 보안관제 정확도 향상 및 관제영역 확대 방안에 대하여 연구하였다. 다크넷 네트워크상에 유입되는 다양한 침해위협 정보들을 수집 저장 분석하기 위한 이상 징후 관측 체계를 구축하고 통계 기반의 해킹동향 분석을 통해 알려진 사이버위협, 알려지지 않은 이상징후 및 고위험 이상행위 정보 분류 체계를 제시하였다. 본 연구에서 제시한 다크넷 트래픽을 활용한 보안관제 체계를 적용할 경우, 전체 침해위협 탐지가 기존 대비 12.6% 증가하였으며, 기존에는 감지할 수 없었던 신종 변종 공격을 120여종 감지하는 것으로 나타났다.

In this paper, the plans for improvement of real-time security monitoring accuracy and expansion of control region were investigated through comprehensive and systematic collection and analysis of the anomalous activities that inflow and outflow in the network on a large scale in order to overcome the existing security monitoring system based on stylized detection patterns which could correspond to only very limited cyber attacks. This study established an anomaly observation system to collect, store and analyze a diverse infringement threat information flowing into the darknet network, and presented the information classification system of cyber threats, unknown anomalies and high-risk anomalous activities through the statistics based trend analysis of hacking. If this security monitoring system utilizing darknet traffic as presented in the study is applied, it was indicated that detection of all infringement threats was increased by 12.6 percent compared with conventional case and 120 kinds of new type and varietal attacks that could not be detected in the past were detected.

키워드

참고문헌

  1. Seok-Soo Kim, "A Research on Intrusion Prevention System and Security Monitoring System", Security Engineering Research Paper Journal, Vol 1, No. 1, pp. 2-5, 2005.
  2. Jeong-Nyo Kim, Jong-soo Jang, Sung-Won Son, "Integrated Security Technology for Intrusion Prevention for I&C System Infrastructure", Information and Communications Magazine in Korea, Vol 21, No. 9, pp. 75-90, 2004.
  3. Woo-Seok Seo, Jae-Pyo Seo, Mun-Seok Jeon, "A Research on Platform Design Methodology Standardized for Network Security Infrastructure Constitution", The Journal of the Korea Institute of Electronic Communication Sciences, Vol 7, No. 1, pp. 204-206, 2012.
  4. Jung-Suk Jang, Yong-Hee Jeon, Jong-soo Jang, Sung-Won Son, "A Distributed Communication Model and Performance Evaluation for Information Transfer in a Security Policy-based Intrusion Detection System", Korea Communication Academic Association Journal, Vol 29, No. 12, pp. 1707-1712, 2004.
  5. Tao Ban, Lei Zhu, Jumpei Shimamura, Shaoning Pang, Daisuke Inoue, Koji Nakao, "Behavior Analysis of Long-term Cyber Attacks in the Darknet", ICONIP (5) pp. 620-628, 2012.
  6. Cjha-in Hwan, "A study on the Development of Personal Security Management for Protection against Insider threat", The Journal of the Korea Institute of Electronic Communication Sciences, Vol 3, No. 4, pp. 210-211, 2008.
  7. Taek-Yong Nam, Suk-Yeon Kim, Sung-Min Lee, Jeong-Hun Ji, Sung-Won Son, "Reliable Next Generation Network Security System", Korea Information Protection Academic Association Journal, Vol 6, No. 5, pp. 1-12, 2003.
  8. Woo-Seok Seo, Moon-Seog Jun, "A Study on the Realization of Diskless and Stateless Security Policy Based High-speed Synchronous Network Infrastructure", The Journal of the Korea Institute of Electronic Communication Sciences, Vol 6, No. 5, pp. 676-679, 2011.
  9. Soo-Hyeong Jo, Jeong-Nyo Kim, "Policy-based Security Management for Intrusion Detection", Korea Information Science Academic Association Journal, Vol 29, No. 2, pp. 574-576, 2002.
  10. J. Song, H. Takakura, and Y. Kwon, "A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts", The 2008 International Symposium on Applications and the Internet(SAINT2008)", The IEEE CS Press, pp. 51-56, 28 July-1 Aug. 2008.