An Improved Model Design for Traceback Analysis Time Based on Euclidean Distance to IP Spoofing Attack

IP 스푸핑 공격 발생 시 유클리드 거리 기반의 트레이스 백 분석시간 개선 모델

  • 유양 (경상대학교 컴퓨터과학과) ;
  • 백현철 (경남도립남해대학 스마트융합정보과) ;
  • 박재흥 (경상대학교 컴퓨터과학과) ;
  • 김상복 (경상대학교 컴퓨터과학과)
  • Received : 2017.11.30
  • Accepted : 2017.12.29
  • Published : 2017.12.31

Abstract

Now the ways in which information is exchanged by computers are changing, a variety of this information exchange method also requires corresponding change of responding to an illegal attack. Among these illegal attacks, the IP spoofing attack refers to the attack whose process are accompanied by DDoS attack and resource exhaustion attack. The way to detect an IP spoofing attack is by using traceback information. The basic traceback information analysis method is implemented by comparing and analyzing the normal router information from client with routing information existing in routing path on the server. There fore, Such an attack detection method use all routing IP information on the path in a sequential comparison. It's difficulty to responding with rapidly changing attacks in time. In this paper, all IP addresses on the path to compute in a coordinate manner. Based on this, it was possible to analyze the traceback information to improve the number of traceback required for attack detection.

오늘날 컴퓨터를 이용한 정보교환 방식은 다양하게 변화하고 있으며, 이를 이용한 불법적인 공격은 더욱 증가하고 있다. 특히 IP 스푸핑 공격은 그 특성상 DDoS 공격과 같은 자원고갈 공격을 수반하기 때문에 정확하고 빠른 탐지가 요구된다. IP 스푸핑 공격을 탐지하는 기존 방식에는 접속을 요청한 클라이언트의 트레이스 백 경로 정보를 서버에서 미리 보유하고 있는 정상적인 경로 정보와 비교하는 방식을 사용하고 있다. 그렇지만 이러한 공격 탐지 방식은 경로상에 존재하는 모든 라우터들의 IP 정보를 순차적으로 단순 비교하는 방식을 사용하기 때문에 빠르게 변화하는 공격을 탐지하고 대응하기에는 시간적 어려움이 존재한다. 본 논문에서는 이러한 문제를 개선하기 위하여 먼저 경로상에 존재하는 모든 라우터들의 IP에 해당하는 좌표값을 유클리드 거리 계산을 통하여 도출해 놓고, 이를 기반으로 트레이스 백 정보를 분석하여 공격 탐지를 위한 분석횟수를 개선할 수 있었다.

Keywords

References

  1. Telecommunication Technology Association 2008. Botnat trend and respond technology present, TTA Journal, 118(Special Report) : 58-65.
  2. J.z. Li, and X.M. Liu An important aspectt of big data : Data usability, School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, pp. 1147-1162, 2013.
  3. R-W. Huang, X-L. Gui, S. Yu, and W. Zhuang, Privacy-Preserving Computable Encryption Scheme of Cloud Computing, Chinese Journal of Computers, Vol. 34, No. 12, pp. 2391-2402, 2011. https://doi.org/10.3724/SP.J.1016.2011.02391
  4. Lee, A (1999). Guideline for Implementing Cryptography in the Federal Government. Nist SP 800-21.112.
  5. Gueron, S. (2008). Advanced Encryption Standard (AES) Instructions Set. White paper of Inter.
  6. X-F. Meng, and X-B. Ci, Data management : Concepts, techniques and challenges, School of Information, Renmin University of China, Beijing 100872, pp. 146-169, 2013.
  7. J.H. Sun, and K.J. Kim, Cloud Computing in the Vulerability Analysis for Personal Information Security, Journal of Information and Security, Vol. 10, No. 4, pp. 77-82, 2010.
  8. H-D. Lee, H-T. Ha, H-C Baek, C-G. Kim, and S-B. Kim, Efficient detction and defence model against IP spoofing attack through cooperation of trusted hosts, Journal of the Korea Institute of Information and Communication Engineering, Vol. 24, No. 12, pp. 2649-2656, 2012.
  9. Y-T. Mu, H-C. Baek, J-Y. Choi, W-C. Jeong, and S-B. Kim, A Proposal of a Defence Model for the Abnormal Data Collection using Trace Back Information in Big Data Environments, Journal of the Korea Institute of Information and Communication Engineering, Vol. 10, No. 2, pp. 153-162, 2015.
  10. Joon Heo, Detecting Abnormal SIP (Session Initiation Protocol) Traffic using Statistical Distribution Estimation. Journal of KISS : Software and Applications 38(11), 2011.11, 606-612.
  11. Shin, Y. H. Lim, G. H and Im, E. G. 2009. A Research on the possibility of ARPspoofing attack in SCADA System Based on TCP/IP environment. Convergence security journal, 9(3) : 9-17.
  12. M-H Kim, H-C Beak, S-W Hong and J-H Park, 2015. An Encrypted Service Data Model for Using Illegal Applications of the Government Civil Affairs Service under Big Data Environments, Convergence security journal, 15(7) : 31-38.
  13. Woochan Hong, Kwangwoo Lee, Seungjoo Kim and Dongho Won. Vulnerabilities Andlysis of the OTP Implemented on a PC, DOI; 10.3745/KIPSTC. 2010.17C.4.361.
  14. Shuang Li, Seog Geun Kang, Design of 3-Dimensional Cross-Lattice Signal Constellations with Increased Compactness. Journal of the Korea Institute of Information and Communication Engineering, Vol.20, No.4 : 715-720 Apr. 2016. https://doi.org/10.6109/jkiice.2016.20.4.715
  15. M-S Kim, J-H Kim, J-H Wo, L-S Lee and B-H Kim, A function of a variety of distance in accordance with the definition of a regular polygon. The Korean Soc. Math. Ed. Proceedings of the 47th National Meeting of Math. Ed. November 4-5, 2011, 259-268.