Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.2.457

A Study on Detection Method of Multi-Homed Host and Implementation of Automatic Detection System for Multi-Homed Host  

Lee, Mi-hwa (Graduate School of Information Security, Korea University)
Yoon, Ji-won (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.2, 2018 , pp. 457-469 More about this Journal
Abstract
This study aimed to investigate the fundamental reasons for the presence of multi-homed host and the risks associated with such risky system. Furthermore, multi-homed host detection methods that have been researched and developed so far were compared and analyzed to determine areas for improvement. Based on the results, we propose the model of an improved automatic detection system and we implemented it. The experimental environment was configured to simulate the actual network configuration and endpoints of an organization employing network segmentation. And the functionality and performance of the detection system were finally measured while generating multi-homed hosts by category, after the developed detection system had been installed in the experiment environment. We confirmed that the system work correctly without false-positive, false-negative in the scope of this study. To the best of our knowledge, the presented detection system is the first academic work targeting multi-homed host under agent-based.
Keywords
detecting multi-homed host; clock skew; network security;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Kyung-bok Lee, "Security Threats and Countermeasures according to the Environmental Changes of Smart Work", Journal of Digital Convergence, 9(4), p. 30, 2011.
2 Yonhap News, http://www.yonhapnews.co.kr/bull etin/2016/12/06/0200000000AKR20161206117900014 .HTML, Dec. 2016.
3 Reuters, https://www.reuters.com/article /us-usa-fed-bangladesh/bangladesh-bank-exposed-to-hackers-by-cheap-switches-no-firewall-police-idUSKCN0XI1UO, April. 2016.
4 Kyoung-gon Kim, "State-Sponsored Hacker and Changes in hacking techniques", NetSec-KR 2017, April. 2017.
5 Asia Economy, http://www.asiae.co.kr/news/view.htm?idxno=2015091713570518605, Sep. 2015.
6 T. Kohno, A.Brioido, and K. C. Claffy, "Remote physical device fingerprinting," IEEE Transactions on Dependable and Secure Computing, vol. 2, pp. 93-108, 2005.   DOI
7 Martin, Bryan J, "Detecting a multi-homed device using clock skew", Calhoun(Institutional Archive of the Naval Postgraduate School), pp. 2-4, Sep 2016
8 NIST SP800-82 Rev2, "Guide to Industrial Control Systems (ICS) Security", pp. 5-7, May 2015.
9 Barrigas, Jorge Filipe, "Security Probes for Industrial Control Networks", Universidade de Coimbra, pp. 8-9, 2014.
10 "Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies", p. 24, Sep. 2016.
11 Stephen Northcutt, "Inside Network Perimeter Security" 2nd Edition, SANS INSTITUTE, p. 311, p. 331, Mar. 2005.
12 JinGuk-Um, "Model Proposal for Detection Method of Cyber Attack using SIEM", The journal of the institute of internet, broadcasting and communication, 16(6), pp. 43-54, Dec. 2016.   DOI
13 L. Polcak, "Comment on Remote Physical Device Fingerprinting", IEEE Transactions on Dependable and Secure Computing, vol.11, pp. 494-496, Oct. 2014.   DOI
14 Hyoung-jin Jo, "Detection of Unauthorized Internet Access Nodes in Financial Closed Network Environments", Korea University, 2015.
15 E. Byres, https://www.tofinosecurity.com/blog/dual-homed-machines-are-juicies t-targets, Tofino Security, 2010.
16 Oracle Virtuabox User Manual - VBoxMa nage guestproperty https://www.virtualb ox.org/manual/ch08.html#vboxmanage-guestproperty, 2017.
17 Performing common virtual machine-related tasks with command-line utilities (2012964), https://kb.vmware.com/s/article/2012964, 2012.
18 B. Lantz "A network in a laptop: rapid prototyping for software-defined networks" 9th ACM SIGCOMM, p. 19, Oct. 2010.
19 Listing all the IP Addresses used by VMs, https://blogs.msdn.microsoft.com/virtual_pc_guy/2014/04/18/listing-all-the-ip-addresses-used-by-vms/, Apr. 2014.
20 J. Ahrenholz "Core: A realtime network emulator,"MILCOM 2008. IEEE, pp. 1-7, Nov. 2008.
21 Y. WANG and J. WANG, "Use gns3 to simulate network laboratory," Computer Programming Skills & Maintenance, vol. 12, pp. 113-114, 2010.
22 Denis Salopek, "A network testbed for commercial telecommunications product testing", IEEE SoftCOM, p. 373, 2014.
23 Chul-won Lee, "A Study on Analysis and Control of Circumvent Connection to the Private Network of Corporation", Journal of the Korea Institute of Information Security and Cryptology, 20(6), pp. 183-194, Dec. 2012.