Browse > Article
http://dx.doi.org/10.33778/kcsa.2021.21.2.011

A Study on the Detection Model of Illegal Access to Large-scale Service Networks using Netflow  

Lee, Taek-Hyun (서울과학기술대학교 IT정책전문대학 산업정보시스템)
Park, WonHyung (상명대학교 정보보안공학과)
Kook, Kwang-Ho (서울과학기술대학교 기술경영융합대학 글로벌융합산업공학과)
Publication Information
Convergence Security Journal / v.21, no.2, 2021 , pp. 11-18 More about this Journal
Abstract
To protect tangible and intangible assets, most of the companies are conducting information protection monitoring by using various security equipment in the IT service network. As the security equipment that needs to be protected increases in the process of upgrading and expanding the service network, it is difficult to monitor the possible exposure to the attack for the entire service network. As a countermeasure to this, various studies have been conducted to detect external attacks and illegal communication of equipment, but studies on effective monitoring of the open service ports and construction of illegal communication monitoring system for large-scale service networks are insufficient. In this study, we propose a framework that can monitor information leakage and illegal communication attempts in a wide range of service networks without large-scale investment by analyzing 'Netflow statistical information' of backbone network equipment, which is the gateway to the entire data flow of the IT service network. By using machine learning algorithms to the Netfllow data, we could obtain the high classification accuracy of 94% in identifying whether the Telnet service port of operating equipment is open or not, and we could track the illegal communication of the damaged equipment by using the illegal communication history of the damaged equipment.
Keywords
Netflow; Backdoor; Machine Learning; Fruad Detection; Intrusion Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 화웨이/논란, 나무위키 홈페이지, 2021년03월08월 수정, 2021년03월08월 접속, https://namu.wiki/w/화웨이/논란.
2 Backdoors Keep Appearing In Cisco's Routers, Tom's Hardware, 2018년7월19일수정, 2021년3월8일접속, https://www.tomshardware.com/news/cisco-backdoor-hardcoded-accounts-software,37480.html.
3 CISCO, Cisco Annual Internet Report (2018-2023) White Paper, March 2020.
4 Hameed, S., Ali, U. HADEC: Hadoop-based live DDoS detection framework. EURASIP J. on Info. Security 2018, 11 (2018).   DOI
5 L. Dias, S. Valente and M. Correia, "Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DynIDS," 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA), Cambridge, MA, USA, 2020, pp. 1-10.
6 Sonicwall, 2020 Sonicwall Cyber Threat Report Mid-Year Update, July 2020.
7 Zhang, S., Shi, R. & Zhao, J. Seeflow: A Visualization System Using 2T Hybrid Graph for Characteristics Analysis of Abnormal Netflow. Wireless Pers Commun 101, 2127-2142   DOI
8 Bilge, Leyla & Balzarotti, Davide & Robertson, William & Kirda, Engin & Kruegel, Christopher. (2012). Disclosure: Detecting botnet command and control servers through large-scale NetFlow analysis. ACM International Conference Proceeding Series. 129-138.
9 Proto, Andre & Alexandre, Leandro & Batista, Maira & Oliveira, Isabela & Cansian, Adriano. (2010). Statistical Model Applied to NetFlow for Network Intrusion Detection. Transactions on Computational Science. 11. 179-191. 10.1007/978-3-642-17697-5_9.   DOI
10 Cisco IOS NetFlow, CISCO 홈페이지, 2021년3월8월 접속, http://www.cisco.com/web/go/netflow.
11 강원철. "MapReduce 기반의 대용량 트래픽 분석 도구." 국내석사학위논문 忠南大學校 大學院, 2011.
12 안혜선, 박제원, 최재현, 이남용. "GPU기반의 보안로그 이벤트 고속필터링기법에 대한 실증적 연구." 한국정보기술학회논문지 11.9 (2013): 133-141.
13 임익규, 안명수, 박성봉, 10기가급 패킷 캡쳐링에 의한 트래픽 분석 및 망 감시 시스템, KR101602189B1, 2015-04-28, 2016-03-11.
14 최상용, 천은영, 고대식. (2019). Suricata를 이용한 대용량 네트워크 트래픽 수집성능분석. 한국정보기술학회논문지, 17(8), 59-6 .
15 한태현,이현명,조효재,조희승. "암호화 통신의 모니터링을 위한 SSLSPLIT 성능 분석." 정보과학회 컴퓨팅의 실제 논문지 25.10 (2019): 485-492.
16 Fortinet Finds More SSH Backdoors, Bankinfo Security 홈페이지, 2016년 1월 25일 수정, 2021년 3월 8일 접속, https://www.bankinfosecurity.com/fortinet-finds-more-ssh-backdoors-a-8826.
17 M. M. Najafabadi, T. M. Khoshgoftaar, C. Calvert and C. Kemp, "Detection of SSH Brute Force Attacks Using Aggregated Netflow Data," 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), Miami, FL, USA, 2015, pp. 283-288, doi: 10.1109/ICMLA.2015.20.   DOI
18 Thapngam T, Yu S, Zhou W, Makki S (2012) Distributed Denial of service (DDoS) detection by traffic pattern analysis. In: Peer-to-Peer networking and applications December 2014, Springer, Vol 7, Issue 4, pp 346-358   DOI
19 탕천연. "디지털 시대의 포스터 디자인 문화와 발전 방향에 관한 연구." 국내박사학위논문 인천대학교 일반대학원, 2020.