公开(公告)号：US10447715B2

公开(公告)日：2019-10-15

申请号：US15251134

申请日：2016-08-30

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung Tae Kim ,  Koo Hong Kang ,  Ik Kyun Kim

IPC: H04L29/06

Abstract: Disclosed is an apparatus of detecting a distributed reflection denial of service attack, including: a monitoring unit obtaining flow information including an IP and a port number of a source, an IP and a port number of a destination of data, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit detecting the DRDoS attack by using at least one of the number and the size of packets of the first entry and the flow information of the first entry.

公开(公告)号：US10264004B2

公开(公告)日：2019-04-16

申请号：US15345354

申请日：2016-11-07

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung Tae Kim ,  Koo Hong Kang ,  Ik Kyun Kim

IPC: H04L12/26 ,  H04L29/06

Abstract: The method for tracking a cyber hacking is provided. The method of connection fingerprint generation and stepping-stone traceback based on NetFlow includes receiving a traceback request including IP packet attribute information of a victim and an attacker which corresponds to a target connection that is the last connection on a connection chain, generating a fingerprint for an associated connection based on the IP packet attribute information and requesting a NetFlow collector for relevant information, detecting a stepping-stone connection to the target connection which is generated at the time of generation of the fingerprint and instructing to check whether sorted candidate connections are present on the same connection chain as the target connection, and determining an order of the candidate connections based on an attacker host when the candidate connections are determined to be present on the same connection chain as the target connection.