Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Correspondence Training Scenario against Bypassing Information Protection System Attacks

네트워크 정보보호시스템 우회 공격에 대한 대응훈련 시나리오

  • Hong, Jeong Soo (R&D Group, Selim TSG Inc) ;
  • Yang, Dong Min (Department of Archives and Records Management, Graduate School, Chonbuk National University) ;
  • Lee, Bong Hwan (Department of Electronics, Information and Communications Engineering, Daejeon University)
  • Received : 2018.02.26
  • Accepted : 2018.04.23
  • Published : 2018.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

Nowadays, various security systems are developed and used for protecting information on the network. Although security solutions can prevent some of the security risks, they provide high performance only if used appropriately in accordance with their purposes and functionality. Security solutions commonly used in information protection systems include firewalls, IDS, and IPS. However, despite various information protection systems are introduced, there are always techniques that can threaten the security systems through bypassing them. The purpose of this paper is to develop effective training techniques for responding to the bypass attack techniques in the information security systems and to develop effective techniques that can be applied to the training. In order to implement the test bed we have used GNS3 network simulator, and deployed it on top of virtual operating system using VirtualBox. The proposed correspondence training scenario against bypassing information protection system attacks could be very effectively used to counteract the real attacks.

현재 네트워크 정보보호를 위하여 다양한 보안 시스템들이 개발되어 활용되고 있다. 보안 솔루션을 도입하는 것만으로 보안상의 위험을 상당수 방지할 수 있지만, 보안 솔루션은 그 목적과 기능에 따라 적절한 형태로 사용되어야 충분한 가치가 발휘될 수 있다. 정보보호시스템에 많이 사용되는 보안 솔루션으로는 방화벽, IDS, IPS 등이 있다. 그러나 다양한 정보보호시스템을 도입하고 있더라도 이를 우회하여 공격하는 기법은 항상 존재한다. 본 논문에서는 정보보호시스템에서 우회공격 기법에 대한 대응 방안과 우회 공격 기법을 훈련에 적용할 수 있는 효과적인 훈련 시나리오를 제안한다. 제안한 대응 훈련 시나리오의 유효성을 검증하기 위해 GNS3 네트워크 시뮬레이터를 사용하였으며, VirtualBox를 이용하여 가상 운영체제를 구축하였다. 제안하는 네트워크 정보보호시스템을 우회하는 공격에 대한 대응훈련 시나리오는 실제 공격에 대응하는데 매우 효과적으로 활용될 수 있다.

Keywords

References

  1. J. S. Choi, M. J. Choi, and K. H. Kook, "Cases Analysis of Specific Group Targeting APT Attack Characteristics," Journal of Security Engineering, vol.11, no.3. pp.251-262, June 2014. https://doi.org/10.14257/jse.2014.06.05
  2. N. Y. Jo and S. D. Jeon, "Security Audit Checklist and performance evaluation of Intrusion Prevention System(IPS)," M.S. thesis, Kunkook University, 2008.
  3. M. Y. Shin, Y. S. Jeong, and S. H. Lee, "A Design of Time-based Anomaly Intrusion Detection Model," Journal of the Korea Institute of Information and Communication Engineering, vol.15, no.5, pp.1066-1072, May 2011. https://doi.org/10.6109/jkiice.2011.15.5.1066
  4. Y. S. Shin and J. W. Jang, "Design and Implementation of a Responsive Network Monitoring System using Hadoop-based Snort log analysis," in Proceedings of 2016 winter conference of Korean Institute of Information Scientists and Engineers, pp.166-168, 2016.
  5. GNS3: A graphical network simulator to design and configure virtual networks. [Internet]. Available: https://sourceforge.net/projects/gns-3/.
  6. Cisco Catalyst Switch Implementation in GNS3. [Internet]. Available: http://se34.tistory.com/46.
  7. D. H. Park, J. U. Kim, and M. J. Kim, "A study of small scale network security infrastructure construction using GNS3," in Proceeding of 2015 conference of The Korean Institute of Communications and Information Sciences, pp. 398-399, 2015.
  8. J. S. Lee, J. Y. Lee, and H. Y. Kim, "Design and implementation of virus test simulation using VMWare," Journal of Korea Information Assurance Society, vol. 2, no. 2, pp.199-207, Feb. 2002.
  9. Y. J. Park, "Mobile Code Protection Schemes Based on Remote Core Code Execution," M.S. thesis, Soongsil University, 2016.
  10. F. Foomany, E. Foroughi, and R. Sethi, "Inquiring Into Security Requirements of Remote Code Execution for IoT Devices," ISACA Journal, vol.4, pp 29-34, April 2016.
  11. Y. R. Choi, J. Y. Jeong, and B. C. Park, "A Study on System Architecture for Application-Level Mobile Traffic Monitoring and Analysis," KNOM Review, vol. 14, no. 2, pp. 10-21, Dec. 2011.
  12. D. J. Kim, Y. S. Jeong, and K. Y. Yoon, "Threat Analysis based Software Security Testing for preventing the Attacks to Incapacitate Security Feature of Information Security Systems," Journal of Korea Institute of Information Security & Cryptology, vol. 22 no. 5, pp.1191-1204, May 2012.
  13. S. H. Yoon, J. S. Park, and M. S. Kim, "Behavior Signature for Fine-grained Traffic Identification," An International Journal of Applied Mathematics & Information Sciences, vol.9, no. 21, pp. 523-534, April 2015.
  14. B. C. Park, Y. J. Won, and J. Y. Chung, "Fine-grained Traffic Classification based on Functional Separation," International Journal of Network Management (IJNM), vol. 23, no. 6, pp. 350-381, Sept/Oct 2013. https://doi.org/10.1002/nem.1837
  15. Y. S. Lee, "A Competency Assessment Model for Cybersecurity Defense Team using Attack-Defense Simulation Training System," Ph. D. dissertation, Soongsil University, 2016.