| 发明名称 |
METHOD AND SYSTEM FOR NETWORK CONNECTION CHAIN TRACEBACK USING NETWORK FLOW DATA |
| 摘要 |
Disclosed are provided a method and a system for network connection chain traceback by using network flow data in order to trace an attack source site for cyber hacking attacks that goes by way of various sites without addition of new equipment of a network or modification a standard protocol when the cyber hacking attack occurs in the Internet and an internal network. |
| 申请公布号 |
US2015256555(A1) |
申请公布日期 |
2015.09.10 |
| 申请号 |
US201514635962 |
申请日期 |
2015.03.02 |
| 申请人 |
Electronics and Telecommunications Research Institute |
发明人 |
CHOI Yang Seo;KIM Ik Kyun;HAN Min Ho;KIM Jung Tae;KIM Jong Hyun |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for network connection chain traceback in a traceback system for a network attack, the method comprising:
(A) searching, by one or more respective trace agents distributed on a network, a network session including a trace address included in finger printing information as a destination address by referring to a database for network flow information to generate finger printing information in which a source address of the searched session is substituted with the trace address; and (B) searching, by the respective trace agents, the network flow information including the substituted finger printing information by referring to the database to generate new finger printing information including a corresponding destination address of the searched network flow information as the trace address and generate an attack connection chain list further including an ID for a corresponding network session in addition to an ID for the previous network session. |
| 地址 |
Daejeon KR |
