Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Web Monitoring based Encryption Web Traffic Attack Detection System

웹 모니터링 기반 암호화 웹트래픽 공격 탐지 시스템

  • Lee, Seokwoo (Department of Computer Engineering, Paichai University) ;
  • Park, Soonmo (Department of Computer Engineering, Paichai University) ;
  • Jung, Hoekyung (Department of Computer Engineering, Paichai University)
  • Received : 2020.03.10
  • Accepted : 2021.03.15
  • Published : 2021.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.

본 논문에서는 기존의 웹애플리케이션 모니터링 시스템을 기반으로 한 암호화 웹트랜잭션 공격탐지 시스템을 제안한다. 기존의 웹트래픽 보안 시스템들은 클라이언트와 서버간의 암호화 구간인 네트워크 영역에서 암호화된 패킷을 기반으로 공격을 탐지하고 방어하기 때문에 암호화된 웹트래픽에 대한 공격 탐지가 어려웠지만, 웹애플리케이션 모니터링 시스템의 기술을 활용하게 되면 웹애플리케이션 서버의 메모리 내에서 이미 복호화 되어 있는 정보를 바탕으로 다양한 지능적 사이버 공격에 대한 탐지가 가능해 진다. 또한, 애플리케이션 세션 아이디를 통한 사용자 식별이 가능해지기 때문에 IP 변조 공격, 대량의 웹트랜잭션 호출 사용자, DDoS 공격 등 사용자별 통계기반의 탐지도 가능해 진다. 이와 같이 암호화 웹트래픽에 대한 비 암호화 구간에서의 정보 수집 및 탐지를 통하여 암호화 트래픽에 숨어 있는 다양한 지능적 사이버공격에 대한 대응이 가능할 것으로 사료된다.

Keywords

References

  1. HUSTON III and B. Lawrence, "IEKEL-JOHNSON, Scott. Scalable DDoS protection of SSL-encrypted services," U.S. Patent No 10,116,692, 2018.
  2. W. Chen, S. H. Jeong, and H. K. Jung, "WiFi-Based Home IoT Communication System," Journal of Information and Communication Convergence Engineering, vol. 18, no. 1, pp. 8-15, Mar. 2020. https://doi.org/10.6109/jicce.2020.18.1.8
  3. S. E. Yang, K. Y. Park, and H. K. Jung, "A convergence implementation of realtime traffic shapping and IPS on small integrated security router for IDC," Journal of the Korea Institute of Information and Communication Engineering, vol. 23, no. 7, pp. 861-868, 2019. https://doi.org/10.6109/JKIICE.2019.23.7.861
  4. T. Junwei, "Detecting SSL security vulnerabilities of android applications based on a novel automatic traversal method," Security and Communication Networks, 2019.
  5. T. Adrian, "Decrypting SSL traffic: best practices for security, compliance and productivity," NETWORK SECURITY, vol. 2019, no. 8, pp. 17-19, Aug. 2019. https://doi.org/10.1016/s1353-4858(19)30098-4
  6. J. H. Hyun and H. J. Kim, "Security operation implementation through big data analysis by using open source ELK stack," Journal of Digital Contents Society, vol. 19, no. 1, pp. 181-191, Jan. 2018. https://doi.org/10.9728/dcs.2018.19.1.181
  7. D. K. Kim, S. B. Pyo, and C. H. Kim, "Study on APT attack response techniques based on big data analysis," The Society of Convergence Knowledge Transactions, vol. 4, no. 1, pp. 29-34, Jan. 2016.