Browse > Article
http://dx.doi.org/10.7840/kics.2016.41.12.1771

Tracking the Source of Cascading Cyber Attack Traffic Using Network Traffic Analysis  

Goo, Young-Hoon (Korea University Department of Computer and Information Science)
Choi, Sun-Oh (Network Security Research Section, Cyber Security Research Laboratory, ETRI)
Lee, Su-Kang (Korea University Department of Computer and Information Science)
Kim, Sung-Min (Korea University Department of Computer and Information Science)
Kim, Myung-Sup (Korea University Department of Computer and Information Science)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.41, no.12, 2016 , pp. 1771-1779 More about this Journal
Abstract
In these days, the world is getting connected to the internet like a sophisticated net, such an environment gives a suitable environment for cyber attackers, so-called cyber-terrorists. As a result, a number of cyber attacks has significantly increased and researches to find cyber attack traffics in the field of network monitoring has also been proceeding. But cyber attack traffics have been appearing in new forms in every attack making it harder to monitor. This paper suggests a method of tracking down cyber attack traffic sources by defining relational information flow of traffic data from highest cascaded and grouped relational flow. The result of applying this cyber attack source tracking method to real cyber attack traffic, was found to be reliable with quality results.
Keywords
Traffic Analysis; APT Traffic Analysis; APT Atack Tracking; Cascade Grouping; Network Management;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 KISA, "2016 report of 10 issues on Internet a nd information security(2016)," Retrieved Feb. 16, 2016, from http://www.kisa.or.kr/public/ library/IS_View.jsp?mode=view&p_No=158&b_No=158&d_No=295
2 J. Mirkovic, G. Prier, and P. L. Reiher, "Attacking DDoS at the source," in Proc. IEEE ICNP, pp. 312-321, Nov. 2002
3 J.-S. Choi, W.-H. Park, and K.-H. Kook, "Analysis of the advanced persistent threat (APT) - Targeting the korean defense industry -," Korea Ass. Defense Ind. Stud., vol. 19, no. 2, pp. 73-89, Dec. 2012.
4 Y.-H. Kim and W.-H. Park, "A study on cyber threat prediction based on intrusion detection event for APT attack detection," Multimedia Tools and Appl., vol. 71, no. 2, pp. 685-698, Jul. 2014.   DOI
5 S.-H. Yoon, J.-W. Park, and M.-S. Kim, "A study on internet traffic analysis based on two-way-flow," in Proc KICS ICC 2008, pp. 483-486, Yonsei Univ, Korea, Nov. 2008.
6 S.-H. Yoon and M.-S. Kim, "Research on signature maintenance method for internet application traffic identification using header signatures," J. KSII, vol. 12, no. 6, pp. 19-33, Dec. 2011.
7 S.-H. Yoon and M.-S. Kim, "Research on header signature maintenance method for internet application traffic identification," in Proc. KICS ICC 2011, pp. 1200-1201, Jeju Island, Korea, Jun. 2011.
8 H.-M. An, J.-H. Ham, and M.-S. Kim, "Performance improvement of the statistical information based traffic identification system," KIPS Trans. Computer and Commun. Syst. (KTCCS), vol. 2, no. 8, pp. 335-342, Aug. 2013.   DOI
9 H.-M. An, S,-K. Lee, J,-H. Ham, and M,-S. Kim, "Traffic identification based on applications using statistical signature free from abnormal TCP behavior," J. Inf. Sci. and Eng., vol. 31, no. 5, pp. 1669-1692, Sept. 2015.
10 J.-S Park, J.-W. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of application- level traffic classification algorithm based on payload signature," in Proc. KICS ICC 2010, pp. 1059-1060, Jun. 2010.