The Journal of Korea Institute of Information, Electronics, and Communication Technology (한국정보전자통신기술학회논문지)

Korea Information Electronic Communication Technology (한국정보전자통신기술학회)
권호 표지
DOI QR코드

DOI QR Code

A step-by-step service encryption model based on routing pattern in case of IP spoofing attacks on clustering environment

클러스터링 환경에 대한 IP 스푸핑 공격 발생시 라우팅 패턴에 기반한 단계별 서비스 암호화 모델

  • Baek, Yong-Jin (Department of Computer Science, Gyeongsang National University) ;
  • Jeong, Won-Chang (Department of Computer Science, Gyeongsang National University) ;
  • Hong, Suk-Won (Department of Computer Science, Gyeongsang National University) ;
  • Park, Jae-Hung (Department of Computer Science, Gyeongsang National University)
  • Received : 2017.11.30
  • Accepted : 2017.12.22
  • Published : 2017.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

The establishment of big data service environment requires both cloud-based network technology and clustering technology to improve the efficiency of information access. These cloud-based networks and clustering environments can provide variety of valuable information in real-time, which can be an intensive target of attackers attempting illegal access. In particular, attackers attempting IP spoofing can analyze information of mutual trust hosts constituting clustering, and attempt to attack directly to system existing in the cluster. Therefore, it is necessary to detect and respond to illegal attacks quickly, and it is demanded that the security policy is stronger than the security system that is constructed and operated in the existing single system. In this paper, we investigate routing pattern changes and use them as detection information to enable active correspondence and efficient information service in illegal attacks at this network environment. In addition, through the step-by -step encryption based on the routing information generated during the detection process, it is possible to manage the stable service information without frequent disconnection of the information service for resetting.

빅데이터 서비스 환경 구축과 서비스에는 클라우드 기반의 네트워크 기슬과 정보 접근의 효율성 개선을 위한 클러스터링 기술이 함께 요구된다. 이러한 클라우드 기반의 네트워크와 클러스터링 환경은 다양하고 가치있는 정보를 실시간으로 제공 할 수 있기 때문에, 불법적인 접근을 시도하는 공격자들의 집중적이 표적이 될 수 있다. 특히 IP 스푸핑을 시도하는 공격자들은 클러스터링을 구성하고 있는 상호 신뢰 호스트들의 정보를 분석하여, 클러스터 내에 존재하는 시스템으로 직접 공격을 시도할 수 있다. 그러므로 불법적인 공격에 대한 빠른 탐지와 대응이 필요하며, 기존의 단일 시스템에서 구축하여 운용하는 보안시스템 보다 강화된 보안정책이 요구된다고 할 것이다. 본 논문은 이러한 네트워크 환경에서의 불법적인 공격 발생에 능동적인 대응 및 효율적인 정보 서비스가 가능 할 수 있도록 라우팅 패턴 변화를 추적하여 탐지 정보로 활용하였다. 아울러 탐지 과정에서 발생하는 라우팅 정보에 기반한 단계별 암호화를 통하여 재설정을 위한 잦은 정보 서비스의 단절이 발생하지 않으면서 안정적인 서비스 정보의 관리가 가능하도록 하였다.

Keywords

References

  1. C-C. Park, G-H. Park, S-H. Kim, and S-H. Koh, "The proposal of evaluation measure from hospital information system : The case study of C national university hospital in Korea", Journal of The Korea Knowledge Information Technology Systems, Vol. 2, No. 2, pp. 69-77, 2007.
  2. J-H. Choi, "Analysis of changes in the muscle activity and fatigue of the erector spinae using IT convergent type medical equipment", Journal of Knowledge Information Technology and Systems, Vol. 10, No. 6, pp. 665-673, 2015.
  3. S-K. Park, "A study on the regional differences of telemedicine and digital divide", Journal of the Korean Geographical Society, Vol. 50, No. 3, pp. 325-338, 2015.
  4. J-J. Hoon, "A study on the vulnerability and corresponding technique trends of the cloud computing service", Convergence security journal, Vol 13, No. 6, pp. 17-24, 2013. 4.
  5. J-K. Park, "A study on measures to active cultural contents service in big data age", Vol. 20, No. 1, pp. 324-334, Mar. 2014.
  6. Q. Miao, "When intelligence meeting wity big data : Review and perceptions of big Data'S hotspot intelligence tracking", Institute of Scientific & Technical Information of Shanghai,Shanghai 200031, No. 5, Serial No. 187, 2013.
  7. S-Y. Kim, J-I. Lim, and K-h. Lee, "A study on the security policy improvement using the big data, Korea University", Graduate School of Information Security, Vol. 23, No. 5, pp. 969-976, 2013, http://dx.doi.org/10.13089/JKIISC.2013.23.5.96, 2013.
  8. M-H. Kim, B-H. Chul, H-S. Won, and J-H. Park, "An Encrypted Service Data Model for Using Illegal Applications of the Government Civil Affairs Service under Big Data Environments", Convergence security journal, Vol 15, No. 7, pp. 31-38, 2015. 12.
  9. S. Bellovin, M. Leech, and T. Taylor, "ICMP Traceback message", IETF, draft-ietfitrace-04, Feb. 2003.
  10. Y-Y. Mu, H-C. Baek, J-Y. Choi, W-C. Jeong, and S-B. Kim, "A proposal of a defense model for the abnormal data collection using trace back information in big data environments", Journal of Knowledge Information Technology and Systems, Vol. 10, No. 2. pp. 753-162, 2015.
  11. S-P. Huh, D-S. Lee, K-N. Kim, "A Study on The Improvement of User Authentication using the Facial Recognition and OTP Technique in the Mobile Environment", Convergence security journal, Vol 11, No. 3, pp. 75-84, 2011. 6.