System and method for connection fingerprint generation and traceback based on netflow

A stepping stone and fingerprint technology, applied in the field of tracing the origin of attacks, can solve problems such as difficult detection and difficult application

Active Publication Date: 2017-08-18
ELECTRONICS & TELECOMM RES INST
View PDF9 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] In order to solve the problem of the prior art that requires a dedicated monitoring device and thus it is practically difficult to apply to the Internet environment, and detection is difficult in the case where IP spoofing or other methods are used to hide the attacker's information, the present invention

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for connection fingerprint generation and traceback based on netflow
  • System and method for connection fingerprint generation and traceback based on netflow
  • System and method for connection fingerprint generation and traceback based on netflow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] Advantages and features of the present invention and methods of achieving them will become clear by referring to the embodiments described in detail below with reference to the accompanying drawings.

[0022] However, the present invention is not limited to these embodiments described below, and various modifications can be made thereto. These embodiments are provided only to fully disclose the present invention and to convey the scope of the present invention to those skilled in the art. The invention is defined by the appended claims.

[0023] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will be further understood that the terms "comprising" and / or "comprising" when used in this specification designate the presence of...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to a method for tracing a cyber hacking attack and, more particularly, to a system and a method for generating a connection fingerprint and tracing back a source site using a network flow. The method for connection fingerprint generation and traceback based on netflow comprises: a step of receiving a traceback request including IP packet attribute information of a victim and an attacker corresponding to a target connection, which is a final connection of a connection chain; a step of generating a fingerprint for a related connection based on the IP packet attribute information and requesting related information to a network flow collector; a step of detecting connection of a stepping stone for the target connection, which is made when the fingerprint is generated, to confirm whether a selected subject connection is present on the same chain as the target connection; and a step of determining a connection sequence with respect to an attacker host for the subject connection confirmed to be present on the same connection chain as the target connection.

Description

[0001] Cross References to Related Applications [0002] This application claims priority and benefit from Korean Patent Application No. 10-2015-0156952 filed on November 9, 2015 and Korean Patent Application No. 10-2016-0052154 filed on April 28, 2016, hereby incorporated by reference Merge all its disclosures. technical field [0003] The present invention relates to techniques for tracking network hacking attacks, and more particularly, to systems and methods for using Network Flow (NetFlow) data to generate fingerprints of connections and trace the origin of attacks. Background technique [0004] The technique used to trace a network hacking attack consists in locating the real location of the hacker, ie, the origin of the attack, even when the location of the attacking system is different from the real location of the hacker who actually tried to crack the system. [0005] As techniques for tracing network hacking attacks according to the prior art, host-based TCP conn...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1441H04L43/0811H04L63/14H04L63/30H04L2463/146
Inventor 金正泰姜求洪金益均
Owner ELECTRONICS & TELECOMM RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap