DOI QR코드

DOI QR Code

IP 마킹 서버를 활용한 금융 전산망 공격자 역추적 기술 연구

A Study on Trace-Back Method of Financial Network Using IP Marking Server

  • Park, Keunho (Department of Computer Engineering, Ajou University) ;
  • Choi, Ken (Department of Electrical and Computer Engineering, Illinois Institute of Technology) ;
  • Shon, TaeShik (Department of Cyber Security, Ajou University)
  • 투고 : 2017.11.02
  • 심사 : 2017.11.14
  • 발행 : 2017.11.30

초록

핀테크의 등장으로 인하여 많은 금융 서비스가 모바일 인터넷 환경에서 이용할 수 있게 되었고, 최근에는 온라인으로 모든 은행 서비스를 제공하는 인터넷 은행도 생겼다. 이처럼 인터넷을 통한 금융 서비스의 비중이 늘어남에 따라 사용자들에게 편의를 제공하지만 그와 동시에 금융 전산망에 대한 위협도 증가하고 있다. 이에 따라, 금융 기관들은 침해사고에 대비하여 보안시스템에 많은 투자를 하고 있지만 날이 갈수록 해커에 의한 공격은 정교해지고 있어서 대응하기 어려운 경우도 많다. 본 논문에서는 공격자의 실제 위치를 파악할 수 있는 IP 역추적 기술을 살펴보고 금융 전산망 분석을 통해 IP 역추적 기술을 적용하기 위한 다양한 방안을 제시한다. 그리고 Infra-Structure 구축을 통한 새로운 IP 역추적 방법을 금융 전산망에 적용하는 방법을 제안하고 시뮬레이션을 활용한 실험을 통해 효율성을 증명하고자한다.

With the advent of FinTech, many financial services have become available in the mobile Internet environment and recently, there is an internet bank that provides all bank services online. As the proportion of financial services over the Internet increases, it offers convenience to users, but at the same time, the threat of financial network is increasing. Financial institutions are investing heavily in security systems in case of an intrusion. However attacks by hackers are getting more sophisticated and difficult to cope with. However, applying an IP Trace-back method that can detect the actual location of an attacker to a financial network can prepare for an attacker's arrest and additional attacks. In this paper, we investigate IP Trace-back technology that can detect the actual location of attacker and analyze it to apply it to financial network. And we propose a new IP Trace-back method through Infra-structure construction through simulation experiments.

키워드

참고문헌

  1. Arena Simulation Software, https://www.arenasimulation.com/.
  2. Belenky, A. and Ansari, N., “IP traceback with deterministic packet marking,” IEEE communications letters, Vol. 7, No. 4, pp. 162-164, 2003. https://doi.org/10.1109/LCOMM.2003.811200
  3. DARPA 1999 Intrusion Detection Data Sets, https://ll.mit.edu/ideval/data/.
  4. Foroushani, V. A. and Zincir-Heywood, A. N., "Deterministic and authenticated flow marking for IP traceback," Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on. IEEE, 2013.
  5. Incident Response Team and Incident countermeasure planning team of Financial Security Institute, "Effective response to the financial crisis," 2015.
  6. Kuhl et al., "Cyber attack modeling and simulation for network security analysis," Proceedings of the 39th Conference on Winter Simulation: 40 years! The best is yet to come, IEEE Press, 2007.
  7. Park, E. Y. and Yoon, J. W., “A study of accident prevention effect through anomaly analysis in E-banking,” The Journal of Society for e-Business Studies, Vol. 19, No. 4, pp. 119-134, 2014. https://doi.org/10.7838/jsebs.2014.19.4.119
  8. Savage, S., Wetherall, D., Karlin, a., and Anderson, T., “Network support for IP traceback,” IEEE/ACM Transaction on Networking, Vol. 9, No. 3, pp. 226-237, 2001. https://doi.org/10.1109/90.929847
  9. Savage, S., Wetherall, D., Karlin, a., and Anderson, T., “Practical network support for IP traceback,” ACM SIGCOMM Computer Communication Review, Vol. 30, No. 4, pp. 295-306, 2000. https://doi.org/10.1145/347057.347560
  10. Song, D. X. and Perrig, A., "Advanced and authenticated marking schemes for IP traceback," INFOCOM 2001, Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, Proceedings, IEEE, Vol. 2, pp. 878-886, 2001.