Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Network Attacks Visualization using a Port Role in Network Sessions

트래픽 세션의 포트 역할을 이용한 네트워크 공격 시각화

  • 장범환 (호원대학교 사이버수사보안학부)
  • Received : 2015.11.13
  • Accepted : 2015.11.26
  • Published : 2015.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose a simple and useful method using a port role to visualize the network attacks. The port role defines the behavior of the port from the source and destination port number of network session. Based on the port role, the port provides the brief security features of each node as an attacker, a victim, a server, and a normal host. We have automatically classified and identified the type of node based on the port role and security features. We detected and visualized the network attacks using these features of the node by the port role. In addition, we are intended to solve the problems with existing visualization technologies which are the reflection problem caused an undirected network session and the problem caused decreasing of distinct appearance when occurs a large amount of the sessions. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacker, victim, server, and hosts. In addition, by providing a categorized analysis of network attacks, this method can more precisely detect and distinguish them from normal sessions.

Keywords

References

  1. A. Oline and D. Reiners, "Exploring Three- Dimensional Visualization for Intrusion Detection," Proceedings of the IEEE Workshop on Visualization for Computer Security, Oct. 2005, pp. 113-120.
  2. E. L. Malecot, M. Kohara, Y. Hori, and K. Sakurai, "Interactively Combining 2D and 3D Visualization for Network Traffic Monitoring," Proceedings of the 3rd International Workshop on Visualization for Computer Security, Nov. 2006, pp. 123-127.
  3. 장범환, "종단간의 유사 연결 패턴을 갖는 정상서버 활동과 공격의 구분 및 탐지 방법," 정보보호학회논문지, 22(6), 2012, pp. 1315-1324.
  4. 장범환, 나중찬, 장종수, "보안 이벤트 시각화를 이용한 보안 상황 인지 기술," 정보보호학회지, 16(2), 2006, pp. 18-25.
  5. 정치윤, 손선경, 장범환, 나중찬, "시각화 기반의 효율적인 네트워크 보안 상황 분석 방법," 한국정보보호학회논문지, 19(3), 2009, pp. 107-117.
  6. Beom-Hwan Chang and Chi-Yoon Jeong, "An Efficient Network Attack Visualization using Security Quad and Cube," ETRI Journal, vol. 33 no 5, Oct. 2011, pp. 770-779. https://doi.org/10.4218/etrij.11.0110.0570
  7. A. Giani, I. G. D. Souza, V. Berk, and G. CybenkoI, "Attribution and Aggregation of Network Flows for Security Analysis," Proceedings of the 2006 CERT FloCon Workshop, Oct. 2006, pp. 1-4.
  8. E. W. Bethel, S. Campbell, E. Dart, K. Stockinger, and K. Wu, "Accelerating Network Traffic Analytics Using Query-Driven Visualization," Proceedings of the 2006 IEEE Symposium on Visual Analytics Science and Technology, Oct. 2006, pp. 115-122.
  9. K. Lakkaraju, W. Yurcik, and A. J. Lee, "NVisionIP: Netflow Visualizations of System State for Security Situational Awareness," Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, Oct. 2004, pp. 65-72.
  10. R. Ball, G. A. Fink, and C. North, "Home-Centric Visualization of Network Traffic for Security Administration," Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, Oct. 2004, pp. 55-64.
  11. Y. Hu, "Adaptive Flow Aggregation-A New Solution for Robust Flow Monitoring under Security Attacks," Proceedings of the 10th IEEE/IFIP on Network Operations and Management Symposium, Apr. 2006, pp. 424-435.
  12. X. Yin, W. Yurcik, and A. Slagell, "The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness," Proceedings of the 3rd IEEE International Workshop on Information Assurance, Mar. 2005, pp. 141-153.
  13. T. Taylor, D. Paterson, J. Glanfield and et al., "FloVis: Flow visualization system," Conference For Homeland Security, 2009. CATCH'09. Cybersecurity Applications & Technology, Mar. 2009, pp. 186-198.
  14. S. Krasser, G. Conti, J. Grizzard, J. Gribschaw, and H. Owen, "Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization," Proceedings of the 2005 IEEE Workshop on Information Assurance Workshop, Jun. 2005, pp. 42-49.
  15. G. Conti, and K. Abdullah, "Passive Visual Fingerprinting of Network Attack Tools," Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, Oct. 2004, pp. 45-54.
  16. 장범환, "스마트그리드 전력망의 NSM 기반 보안관리시스템 설계 및 구현," 디지털산업정보학회논문지, 제9권, 제3호, 2013, pp. 107-117.
  17. 최희식, 전문석, 박재표, "SIP 플러딩 탐지 차단 실험방법에 대한 연구," 디지털산업정보학회논문지, 제7권, 제2호, 2011, pp. 39-46.

Cited by

  1. 입출력 형태에 따른 다중처리기 시스템의 성능 분석 vol.12, pp.4, 2015, https://doi.org/10.17662/ksdim.2016.12.4.071
  2. Efficient and Security Enhanced Evolved Packet System Authentication and Key Agreement Protocol vol.13, pp.1, 2015, https://doi.org/10.17662/ksdim.2017.13.1.087
  3. 시계열 방사축과 원통좌표계를 이용한 네트워크 트래픽 공격 시각화 vol.10, pp.12, 2019, https://doi.org/10.15207/jkcs.2019.10.12.017