• Title/Summary/Keyword: 심층 패킷 분석

Search Result 2, Processing Time 0.02 seconds

Performance Analysis of Detection Algorithms for the Specific Pattern in Packet Payloads (패킷 페이로드 내 특정 패턴 탐지 알고리즘들의 성능 분석에 관한 연구)

  • Jung, Ku-Hyun;Lee, Bong-Hwan;Yang, Dongmin
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.22 no.5
    • /
    • pp.794-804
    • /
    • 2018

  • Various applications running in computers exchange information in the form of packets through the network. Most packets are formatted into UDP/IP or TCP/IP standard. Network management administrators of enterprises and organizations should be able to monitor and manage packets transmitted over the network for Internet traffic measurement & monitoring, network security, and so on. The goal of this paper is to analyze the performance of several algorithms which closely examine and analyze payloads in a DPI(Deep Packet Inspection) system. The main procedure of packet payload analysis is to quickly search for a specific pattern in a payload. In this paper, we introduce several algorithms which detect a specific pattern in payloads, analyze the performance of them from three perspectives, and suggest an application method suitable for requirements of a given DPI system.

  • https://doi.org/10.6109/jkiice.2018.22.4.794 인용 PDF KSCI

A Study on Collection and Analysis Method of Malicious URLs Based on Darknet Traffic for Advanced Security Monitoring and Response (효율적인 보안관제 수행을 위한 다크넷 트래픽 기반 악성 URL 수집 및 분석방법 연구)

  • Kim, Kyu-Il;Choi, Sang-So;Park, Hark-Soo;Ko, Sang-Jun;Song, Jung-Suk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1185-1195
    • /
    • 2014

  • Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.

  • https://doi.org/10.13089/JKIISC.2014.24.6.1185 인용 PDF KSCI HTML