The Journal of the Korea institute of electronic communication sciences (한국전자통신학회논문지)

Korea Institute of Electronic Communication Science (한국전자통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on WB(Water-Bubble) Based Highly Secure Flexible Network Section

WB(Water-Bubble) 기반의 강한 보안성을 갖는 탄력적 네트워크 구간에 관한 연구

  • Seo, Woo-Seok (Dept. Security Consulting, Gyeonggi-do R&D laboratory)
  • Received : 2017.07.21
  • Accepted : 2017.10.18
  • Published : 2017.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

In 2017, amid changes in the security market such as integrated security (IS) and convergence security (CS), a variety of security paradigms in terms of operation and management have been suggested. Rather than changing existing network infrastructure and bringing about fluid, multi-dimensional changes, these solutions and technologies focus entire security capacity on a primary protection, leading to network infrastructure suffering from unexpected inherent violations and problems in a continued manner. Therefore, it is time to propose and develop a flexible network section that can protect from attacks of similar pattern and concentrated traffic attacks by applying a new concept of WB (Water-Bubble) to network infrastructure and analyzing on the basis of experiment and installation. Methodology of the WB-based highly secure flexible network section proposed in this study is expected to provide materials for studies on how to achieve network section security taking into account three major limitations and security standards: fluidity, unpredictability, and non-area scalability by contact point ratio, by changing a network area predicted to be the final target of attack into resonant network section (area) with flexible area changes.

2017년 통합보안(IS, Integrated Security), 융합 보안(CS, Convergence Security) 등과 같은 새로운 보안시장의 변화 속에서 운영과 관리 차원의 다양한 보안 패러다임이 제시되고 있다. 이러한 솔루션과 기술은 현존하는 네트워크 인프라의 변경과 유동적인 다차원적인 변화를 이끌어 내기보다는 보안성을 높이는 1차원적인 방어에 모든 보안 역량이 집중되어짐으로써 예상치 못한 침해와 장애를 지속적으로 내제하고 있는 네트워크 인프라를 유지해 오고 있다. 따라서 WB(Water-Bubble)이라는 새로운 아이디어를 네트워크 인프라에 접목하고 실험과 구현 기반의 분석을 진행함으로써 유사패턴 공격과 집중화 트래픽 공격을 방어할 수 있는 탄력적 네트워크 구간을 제안하고 개발할 수 있는 기회이기도 한다. 또한 본 논문에서 제안하는 WB 기반의 강한 보안성을 갖는 탄력적 네트워크 구간에 관한 연구기법은 공격의 최종 목적지로 예상되는 네트워크 영역을 울림형태의 탄력적 영역변화를 갖는 네트워크 구간(구역)으로 유동성과 비예측성, 상호 접점비율에 따른 비 영역 확장성 등의 3대 주요 제한 및 보안 기준을 바탕으로 네트워크 구간 보안성 확보를 위한 연구 자료를 제공하고자 한다.

Keywords

References

  1. J. Shin, "Economic Analysis on Effects of Cyber Information Security in Korea: Focused on Estimation of National Loss," J. of the Korean Institute of Information Security and Cryptology, vol. 23 no. 1, 2013, pp. 89-96. https://doi.org/10.13089/JKIISC.2013.23.1.089
  2. S. Paik, S. Kim, and H. Park, "Design and Implementation of Network Access Control for Security of Company Network," Journal of the Institute of Electronics Engineers of Korea, vol. 47, no. 12, 2010, pp. 90-96.
  3. K. Kim, Y. Park, S. Ro, and B. Kim, "Design of Infringement Accidents Preventing System Using DNS Information Retrieval Integration Method," J. of the Korea Institute of Information and Communication Engineering, vol. 16 no. 9, 2012, pp. 1955-1962. https://doi.org/10.6109/jkiice.2012.16.9.1955
  4. M. C. Park, Y. S. Park, Y. R. Choi, "A Study on the Active Traceback Scheme Responding to a Security Incident," J. of the Korea Society of Computer and Information, vol. 10, no. 1, 2005, pp. 27-34.
  5. D. Kim, Y. Jeong, G. Yun, H. Yoo, S. Cho, G. Kim, J. Lee, H. Kim, T. Lee, J. Lim, and D. Won, "Threat Analysis based Software Security Testing for preventing the Attacks to Incapacitate Security Features of Information Security Systems," Korea Institute of Information Security and Cryptology, vol. 22 no. 5, 2012, pp. 1191-1204.
  6. J. Ko, H. Kwak, J. Wang, H. Kwon, and K. Chung, "An Improved Signature Hashing Algorithm for High Performance Network Intrusion Prevention System," Korea Institute of Information Security and Cryptology, vol. 16C no. 4, 2009, pp. 449-460.
  7. J. Hoon, "A Study on The Vulnerabilities and Problems of Security Program," J. of Convergence Security, vol. 12 no. 6, 2012, pp. 77-84.
  8. Y. Lee, "A Design and Analysis of Multiple Intrusion Detection Model," J. of the Korea Institute of Electronic Communication Sciences, vol. 11, no. 6, 2016, pp. 619-626. https://doi.org/10.13067/JKIECS.2016.11.6.619
  9. K. Kim, D. Wang, and S. Han, "Home Security System Based on IoT," J. of the Korea Institute of Electronic Communication Sciences, vol. 11, no. 8, 2016, pp. 743-750. https://doi.org/10.13067/JKIECS.2016.11.8.743