• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.88-90
• /
• 2005

컴퓨터와 네트워크의 보급이 일반화되면서 인터넷을 통한 정보 전달이 일상생활처럼 되고 있다. 또한 인터넷, 무선통신, 그리고 자료 교환에 대한 증가로 인해 다른 사용자와 접속하기 위한 방식은 빠르게 변화하고 있다. 그러나 기존의 침입 차단 시스템과 침입 탐지 시스템과 같은 시스템 외부방어 개념의 보안대책은 전산망 내의 중요한 정보 및 자원을 보호함에 있어서 그 한계를 갖는다. 이러한 문제점을 보완하기 위해 본 논문에서는 해킹으로 판단되는 침입에 대하여 라우터의 구조적 변경 없이 효율적으로 역추적하여 공격자로부터 능동적으로 정보 및 자원을 보호할 수 있는 iTrace 메시지를 이용한 역추적 시스템을 설계 및 구현 하였다.

• 한국IT서비스학회:학술대회논문집
• /
• 2007.11a
• /
• pp.382-385
• /
• 2007

최근 들어 TCP/IP(인터넷 프로토콜)기반 역추적의 기술적 한계를 이용해 각종 명의(계정)도용 사건을 비롯해 금융피싱 사고들이 부쩍 늘고 있다. 이 때문에 천문학적인 경제 및 사회적 손실이 초래되고 있음은 물론, 사이버상의 각종 행위에 대한 제약과 발전을 가로막고 있다. 이와 같은 난제를 해결하고 기업 혹은 기관의 보안시스템을 참화하기 위해 실시간 역추적 기술이 등장했다. 과거 정보보호시스템의 가치는 비용 절감, 강력한 보안기술 도입 차원의 맹목적 시도, 구축에 따른 구축 난이도에 초점이 맞추어져 있었다. 하지만 최근에는 정보보호 투자성과 평가에 대해 더욱 설득력 있고 과학적인 결과를 원하고 있으며, 단순한 재무적 시스템 효과보다는 종합적인 비즈니스 효과에 대한 ROI 평가를 중요시하고 있다. 이 논문에서는 역추적 기술의 필요성과 배경에 대하여 살펴보고, 흔히 많이 사용하는 방식인 재무 관점의 비용 효과(Cost-Benefit) 기법을 통해 역추적 기술 개발의 투자수익률(ROI)을 분석할 수 있는 기준을 도출해 본다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2141-2144
• /
• 2003

최근 인터넷의 급속한 보급 확대 및 대중화에 따라 네트워크상의 서비스 속도와 정보보안은 인터넷 사용자에게 중요한 문제로 대두되고 있고, 이로 인해 네트워크의 트래픽 증가와 공격자로부터의 공격이 점점 증가하고 있는 현실이다. 인터넷 사용자의 급속한 증가로 인한 복잡한 TCP 반응과 연관되어 네트워크 서비스에 많은 패킷 손실을 야기하게 되었다. 이러한 문제를 해결하기 위하여 대학 연구소와 기업체에서는 패킷에 임의의 정보를 마킹하고, 마킹된 정보를 추출하는 기법들을 연구하는 중이다. 그러한 기법은 네트워크 트래픽 제어를 위하여 패킷에 우선순위를 두어 차등 서비스 제공을 목적으로 패킷마킹 기법을 사용하기도 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.285-288
• /
• 2010

Chinese hackers hack the e-commerce site by bypass South Korea IP to connect to the third country, finance damaging a violation incident that fake account. 7.7.DDoS attack was the case of a hacker attack that paralyzed the country's main site. In this paper, the analysis is about vulnerabilities that breaches by hackers and DDoS attacks. Hacker's attacks and attacks on the sign of correlation analysis is share the risk rating for in real time, Red, Orange, Yellow, Green. Create a blacklist of hackers and real-time attack will be studied security and air conditioning systems that attacks and defend. By studying generate forensic data and confirmed in court as evidence of accountability through IP traceback and detection about packet after Incident, contribute to the national incident response and development of forensic techniques.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.113-120
• /
• 2018

Today, the development of information and communication technology is rapidly increasing the number of users of network-based service, and enables real-time information sharing among users on the Internet. There are various methods in the information sharing process, and information sharing based on portal service is generally used. However, the process of information sharing serves as a cause of illegal activities in order to amplify the social interest of the relevant stakeholders. Public opinion attack using macro function can distort normal public opinion, so security measures are urgent. Therefore, security measures are urgently needed. Macro attacks are generally defined as attacks in which illegal users acquire multiple IP or ID to manipulate public opinion on the content of a particular web page. In this paper, we analyze network path information based on traceback for macro attack of a specific user, and then detect multiple access of the user. This is a macro attack when the access path information for a specific web page and the user information are matched more than once. In addition, when multiple ID is accessed for a specific web page in the same region, it is not possible to distort the overall public opinion on a specific web page by analyzing the threshold count value.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.6
• /
• pp.580-586
• /
• 2017

The establishment of big data service environment requires both cloud-based network technology and clustering technology to improve the efficiency of information access. These cloud-based networks and clustering environments can provide variety of valuable information in real-time, which can be an intensive target of attackers attempting illegal access. In particular, attackers attempting IP spoofing can analyze information of mutual trust hosts constituting clustering, and attempt to attack directly to system existing in the cluster. Therefore, it is necessary to detect and respond to illegal attacks quickly, and it is demanded that the security policy is stronger than the security system that is constructed and operated in the existing single system. In this paper, we investigate routing pattern changes and use them as detection information to enable active correspondence and efficient information service in illegal attacks at this network environment. In addition, through the step-by -step encryption based on the routing information generated during the detection process, it is possible to manage the stable service information without frequent disconnection of the information service for resetting.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.3
• /
• pp.916-937
• /
• 2023

Most of the existing Distributed Denial-of-Service mitigation schemes in Software-Defined Networking are only implemented in the network domain managed by a single controller. In fact, the zombies for attackers to launch large-scale DDoS attacks are actually not in the same network domain. Therefore, abnormal traffic of DDoS attack will affect multiple paths and network domains. A single defense method is difficult to deal with large-scale DDoS attacks. The cooperative defense of multiple domains becomes an important means to effectively solve cross-domain DDoS attacks. We propose an efficient multi-domain DDoS cooperative defense mechanism by integrating blockchain and SDN architecture. It includes attack traceability, inter-domain information sharing and attack mitigation. In order to reduce the length of the marking path and shorten the traceability time, we propose an AS-level packet traceability method called ASPM. We propose an information sharing method across multiple domains based on blockchain and smart contract. It effectively solves the impact of DDoS illegal traffic on multiple domains. According to the traceability results, we designed a DDoS attack mitigation method by replacing the ACL list with the IP address black/gray list. The experimental results show that our ASPM traceability method requires less data packets, high traceability precision and low overhead. And blockchain-based inter-domain sharing scheme has low cost, high scalability and high security. Attack mitigation measures can prevent illegal data flow in a timely and efficient manner.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.181-190
• /
• 2009

DBMS access that used high speed internet web service through WAS is increasing. Need application of DB security technology for 3-Tier about DBMS by unspecified majority and access about roundabout way connection and competence control. If do roundabout way connection to DBMS through WAS, DBMS server stores WAS's information that is user who do not store roundabout way connection user's IP information, and connects to verge system. To DBMS in this investigation roundabout way connection through WAS do curie information that know chasing station security thanks recording and Forensic data study. Store session about user and query information that do login through web constructing MetaDB in communication route, and to DBMS server log storing done query information time stamp query because do comparison mapping actuality user discriminate. Apply making Rule after Pattern analysis receiving log by elevation method of security authoritativeness, and develop Module and keep in the data storing place through collection and compression of information. Kept information can minimize false positives of station chase through control of analysis and policy base administration module that utilize intelligence style DBMS security client.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.31-38
• /
• 2015

Recently the government civil affairs administration system has been advanced to a cloud computing environment from a simple network environment. The electronic civil affairs processing environment in recent years means cloud computing environment based bid data services. Therefore, there exist lots of problems in processing big data for the government civil affairs service compared to the conventional information acquisition environment. That is, it processes new information through collecting required information from different information systems much further than the information service in conventional network environments. According to such an environment, applications of providing administration information for processing the big data have been becoming a major target of illegal attackers. The objectives of this study are to prevent illegal uses of the electronic civil affairs service based on IPs nationally located in civil affairs centers and to protect leaks of the important data retained in these centers. For achieving it, the safety, usability, and security of services are to be ensured by using different authentication processes and encryption methods based on these processes.