DOI QR코드

DOI QR Code

개선된 ATMSim을 이용한 DDoS 공격 분석

정해덕;류명운;지민준;조유빈;예상국;이종숙
Jeong, Hae-Duck J.;Ryu, Myeong-Un;Ji, Min-Jun;Cho, You-Been;Ye, Sang-Kug;Lee, Jong-Suk R.

  • 투고 : 2015.12.21
  • 심사 : 2016.01.27
  • 발행 : 2016.04.30

초록

최근 정보통신망의 발전과 스마트 폰의 대량 보급으로 인하여 인터넷 트래픽이 기하급수적으로 증가하고 있다. 이와 관련하여, 본 논문은 증가하고 있는 인터넷 침해사고와 네트워크 공격 중 대표적인 DDoS 공격에 대해서 탐지 및 분석한다. 이를 위해 네트워크 플로우 정보를 바탕으로 동작할 수 있도록 기존의 ATMSim 분석 패키지의 기능과 GUI를 개선하고, 이를 이용하여 캠퍼스 내부 LAN을 통해 대량으로 유입되는 정상적인 트래픽과 DDoS 공격이 포함된 비정상 트래픽을 생성한다. 수집 생성된 정상 비정상 트래픽의 특성을 분석하기 위해서 자기유사성 추정 기법을 이용하여, 그래픽 분석 및 Hurst 파라메터 (자기유사성 파라메터) 추정량 분석결과 정상 트래픽과 비정상 트래픽이 자기유사성 관점에서 추정치 Hurst 값이 높음을 보여 주고 있다.

키워드

비정상 트래픽;자기유사성;Hurst 파라메터;DDoS 공격

참고문헌

  1. W.-C. Kang, Y.-H. Lee, Y.-S. Lee, "A Hadoop-based Traffic Analysis System Architecture for Multiple Users," Proceedings of KIISE, vol. 38, no. 1D, pp.252-255, 2011. http://www.dbpia.co.kr/Journal/ArticleDetail/NODE0168 0166
  2. B.-M. Choi, J.-H. Kong, M.-M. Han, "The Model of Network Packet Analysis based on Big Data," Journal of Korean Institute of Intelligent Systems, vol. 23, no. 5, pp.392-39, Oct. 2013. http://www.riss.kr/link?id=A99799696 https://doi.org/10.5391/JKIIS.2013.23.5.392
  3. T.-K. Ju, C.-M. Hong, W. Shin, "A Monitoring Tool for Personal Information Leakage Prevention in Network Packets," Journal of Information Processing Systems, vol. 2, no. 11, pp.489-494, 2013. http://www.riss.kr/link?id=A99920290
  4. W. Leland, M. Taqqu, W. Willinger, and D. Wilson. "On the Self-Similar Nature of Ethernet Traffic (Extended Version)," IEEE ACM Transactions on Networking, vol. 2, no. 1, pp. 1-15, 1994. http://ecee.colorado.edu/-ecen5032/handouts/94LelandSe lfSim.pdf https://doi.org/10.1109/90.282603
  5. H.-D. Jeong, J.-S. Lee, Pawlikowski, K. and McNickle, D. "Comparison of Various Estimators in Simulated FGN," Simulation Modelling Practice and Theory. vol.15, pp. 1173-1191, Oct. 2007. http://www.sciencedirect.com/science/article/pii/S156919 0X07001013 https://doi.org/10.1016/j.simpat.2007.08.004
  6. H.-D. Jeong, J.-S. Lee, D. McNickle, K. Pawlikowski, Self-Similar Properties of Malicious Teletraffic, International Journal of Computer Systems Science and Engineering 28(1) (2012) 1-7. http://dblp.uni-trier.de/db/journals/csse/csse27.html#Lee MPJ12
  7. M.-S. Kim, "Internet application traffic monitoring and analysis," PhD Thesis, Dept. of Computer Science and Engineering, Pohang University of Science and Technology (POSTECH), 2004. http://www.riss.kr/link?id=T13645544
  8. J.-S. Lee and S.-K. Ye, H.-D. Jeong, "ATMSim: an Anomaly Teletraffic Detection Measurement Analysis Simulator," Simulation Modelling Practice and Theory, vol. 49, pp.98-109, 2014. http://www.riss.kr/link?id=O64187481 https://doi.org/10.1016/j.simpat.2014.09.001
  9. H.-J. Lee, "Uitilization of Big Data Hadoop Platform," Journal of KICS, vol. 29, no. 11, pp.43-47, 2012. http://www.riss.kr/link?id=A100392834
  10. J.-P. Lee, "Security framework of big data distributed processing environment using Hadoop," Hannam University, 2014. http://www.riss.kr/link?id=T13378318
  11. C.-B. Kim, J.-P. Chung, "Processing Method of Mass Small File Using Hadoop Platform," Journal of KONI, vol. 18, no. 4, pp.401-408, 2014. http://www.riss.kr/link?id=A100111693
  12. X. Su, G. Swart, "Oracle in-database Hadoop: When MapReduce Meets RDBMS," in: SIGMOD '12: Proceedings of the 2012 International Conference on Management of Data, pp. 779-790, 2012. http://www.cs.yale.edu/homes/xs45/pdf/ss-sigmod2012.pdf
  13. M.-J. Ji, E.-K. Cho, S.-R. Kim, I.-S. You, H.-D. Jeong, "Setting Rules for a Fraud Detection System by Applying ATMSim in Mobile Internet Environment," Proceedings of KSII, vol. 16 no. 1, 2015. http://www.riss.kr/link?id=A100503751
  14. Financial Security Agency, "Response Manual for the Different Types of DDoS Attacks," 2008.
  15. Kaspersky. Lab, "Kaspersky DDoS Intelligence Report Q2 2015" Kaspersky, Aug. 2015. https://securelist.com/analysis/quarterly-malware-reports/71663/kaspersky-ddos-intelligence-report-q2-2015/
  16. Chris. Plante, "Valve's $18 million Dota 2 tournament delayed by DDoS attack," THEVERGE, Aug. 2015.
  17. Cisco Systems, "NetFlow Services and Applications," White Papers. http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm
  18. Netbot, http://www.hackeroo.com.

피인용 문헌

  1. Anomalous Traffic Detection and Self-Similarity Analysis in the Environment of ATMSim vol.1, pp.3, 2017, https://doi.org/10.7472/jksii.2016.17.2.19

과제정보

연구 과제 주관 기관 : 한국성서대학교, 한국과학기술정보연구원