한국전자통신학회논문지 (The Journal of the Korea institute of electronic communication sciences)

한국전자통신학회 (Korea Institute of Electronic Communication Science)
권호 표지
DOI QR코드

DOI QR Code

명령제어서버 탐색 방법 - DNS 분석 중심으로

A Study of Command & Control Server through Analysis - DNS query log

  • 투고 : 2013.10.27
  • 심사 : 2013.12.16
  • 발행 : 2013.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

서비스 거부공격, 즉 DDoS(Destribute Denial of Service) 공격은 정상적인 사용자가 서비스를 이용하지 못하도록 방해하는 공격 기법이다. DDoS 공격에 대응하기 위해서는 공격주체, 공격대상, 그리고 그 사이의 네트워크를 대상으로 다양한 기법들이 연구개발 되고 있으나 모두 완벽한 답이 되지 못하고 있는 실정이다. 본 연구에서는 DDoS 공격이 발생하는 근원지에서 공격의 사전 준비작업 혹은 공격에 이용되는 봇이나 악성코드 등이 발생시키는 네트워크 트래픽의 분석을 통해 발견된 악성코드 및 봇을 제거하거나 공격 트래픽을 중도에서 차단함으로써 DDoS 공격에 대해 효율적으로 대응하는 방법을 개발하는 것을 목적으로 한다.

DOS attack, the short of Denial of Service attack is an internet intrusion technique which harasses service availability of legitimate users. To respond the DDoS attack, a lot of methods focusing attack source, target and intermediate network, have been proposed, but there have not been a clear solution. In this paper, we purpose the prevention of malicious activity and early detection of DDoS attack by detecting and removing the activity of botnets, or other malicious codes. For the purpose, the proposed method monitors the network traffic, especially DSN traffic, which is originated from botnets or malicious codes.

키워드

참고문헌

  1. Woo-seok Seo, Moon-seog Jun, "A Study on Security Hole Attack According to the Establishment of Policies to Limit Particular IP Area", The Journal of the Korea Institute of Electronic Communication Sciences, Vol. 5, No. 6, pp 625-630, 2010. 12.
  2. Young-Dong Kim. "Performance of VoIP Traffics over MANETs under DDoS Intrusions", The Journal of the Korea Institute of Electronic Communication Sciences, Vol. 6, No. 4, pp. 43-48, 2011. 07.
  3. Woo-Seok Seo, Jae-Pyo Park, Moon-Seog Jun, "A Study on Methodology for Standardized Platform Design to Build Network Security Infrastructure", The Journal of the Korea Institute of Electronic Communication Sciences, Vol. 7, No. 2, pp 203-211, 2011. 12.
  4. Yang, JongHyu, "An Empirical Study of Detection Technique for Zombie PC through Analysis of DNS Query Behavior", Department of IT Policy and Management Graduate School, Soongsil University, 2013.
  5. J. R. Binkley, S. Singh. "An algorithm for anomaly-based botnet detection", In Proceedings of USENIX SRUTI'06, pp. 43-48, 2006.
  6. G Gu, "BotMiner: clustering analysis of network traffic for protocol-and structureindependent botnet detection." Proceedings of the 17th conference on Security symposium. 2008.
  7. Villamarin-Salomon, Ricardo, and Jose Carlos Brustoloni. "Bayesian bot detection based on DNS traffic similarity", Proceedings of the 2009 ACM symposium on Applied Computing. ACM, 2009.
  8. Goebel, J., Holz, T. Rishi, "Identify bot contaminated hosts by IRC nickname evaluation", In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, p. 8, 2007.
  9. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. "BotHunter: Detecting malware infection through ids-driven dialog", In Proceedings of the 16th USENIX Security Symposium (Security'07), 2007.
  10. http://www.boannews.com/media/view.asp?idx=22777&kind=1
  11. J. R. Binkley, S. Singh, " An algorithm for anomaly-based botnet detection", In Proceedings of USENIX SRUTI'06, pp. 43-48, 2006.