公开(公告)号：US20150150133A1

公开(公告)日：2015-05-28

申请号：US14518623

申请日：2014-10-20

Applicant: Electronics and Telecommunications Research Institute

Inventor： Min-Ho HAN ,  Jung-Tae KIM ,  Ik-Kyun KIM ,  Hyun-Sook CHO

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1466 ,  H04L63/164

Abstract: An apparatus and a method for an attack source traceback capable of tracing back an attacker, that is, an attack source present behind a command and control (C&C) server in a cyber target attack having non-connectivity over a transmission control protocol (TCP) connection are disclosed. The apparatus for the attack source traceback includes: a server information extracting unit detecting an attack for a system, which is generated via a server to thereby extract information on the server; a traceback agent installing unit installing a traceback agent in the server based on the information on the server; and a traceback unit finding an attack source for the system by analyzing network information of the server obtained by the traceback agent.

Abstract translation: 一种用于跟踪攻击者的攻击源追溯的装置和方法，即在具有通过传输控制协议（TCP）上的非连接性的网络目标攻击中的命令和控制（C＆C）服务器后面的攻击源， 连接被公开。 用于攻击源追溯的装置包括：服务器信息提取单元，其检测经由服务器生成的系统的攻击，从而在服务器上提取信息; 追溯代理安装单元，基于服务器上的信息在服务器中安装回溯代理; 追溯单元通过分析由追溯代理获得的服务器的网络信息来查找系统的攻击源。