METHOD AND SYSTEM FOR NETWORK CONNECTION-CHAIN TRACEBACK USING NETWORK FLOW DATA
摘要
The present invention is to provide a method and a system for back-tracking a network connection chain by using network flow data to track an attack source for a cyber hacking attack which is via several sites without additional new equipment of networks or correction of a standard protocol when the cyber hacking attack occurs in the Internet and inner networks. According to the present invention, the method comprises the following steps: searching a network session to generate finger printing information in which a corresponding source address is replaced by the tracking address; and generating an attack connection chain list in which an ID for the corresponding network session is further added to an ID for a previous network session.
申请公布号
KR20150105039(A)
申请公布日期
2015.09.16
申请号
KR20140027202
申请日期
2014.03.07
申请人
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
发明人
CHOI, YANG SEO;KIM, IK KYUN;HAN, MIN HO;KIM, JUNG TAE;KIM, JONG HYUN