公开(公告)号：US09350712B2

公开(公告)日：2016-05-24

申请号：US14470604

申请日：2014-08-27

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： YuJeong Han ,  Jung Hwan Moon ,  Dong Su Nam ,  HyungGeun Oh ,  Kiwook Sohn

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L63/0428 ,  H04L63/14

Abstract: A packet analysis apparatus and method and a VPN server, which secure evidence against a situation in which a hacker disguises a packet as a normal packet to make an attack using a VPN server as a router. The packet analysis apparatus includes a packet classification unit for gathering and classifying packets which are used between a host and the VPN server and plaintext packets which are used between the VPN server and a target. A first comparative analysis unit compares contents of an encapsulated IP datagram of each encrypted VPN packet, obtained by decrypting the encrypted VPN packet, with contents of a plaintext IP datagram included in each plaintext packet and present for a target to which the host desires to transfer the encrypted VPN packet. A second comparative analysis unit compares lengths of the encapsulated IP datagram and the plaintext IP datagram with each other.

Abstract translation: 一种分组分析装置和方法以及VPN服务器，用于保护黑客将数据包伪装成普通数据包以使用VPN服务器作为路由器进行攻击的情况。 分组分析装置包括用于收集和分类在主机与VPN服务器之间使用的分组以及在VPN服务器与目标之间使用的明文分组的分组分类单元。 第一比较分析单元将通过解密加密的VPN分组获得的每个加密的VPN分组的封装的IP数据报的内容与包含在每个明文分组中的明文IP数据报的内容进行比较，并且存在于主机期望转移的目标 加密的VPN数据包。 第二比较分析单元将封装的IP数据报和明文IP数据报的长度彼此进行比较。