Á¤º¸°úÇÐȸ ³í¹®Áö I : Á¤º¸Åë½Å
ÇѱÛÁ¦¸ñ(Korean Title) |
º¿³Ý Æ®·¡ÇÈ Æ¯¼ºÀ» ÀÌ¿ëÇÑ 6LoWPAN ±â¹Ý º¿³Ý ŽÁö¹ý |
¿µ¹®Á¦¸ñ(English Title) |
A 6LoWPAN based Botnet Detection Mechanism Using Botnet Traffic Characteristics |
ÀúÀÚ(Author) |
Á¶ÀÀÁØ
±èÁøÈ£
È«Ãæ¼±
Eung Jun Cho
Jin Ho Kim
Choong Seon Hong
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 38 NO. 01 PP. 0033 ~ 0041 (2011. 02) |
Çѱ۳»¿ë (Korean Abstract) |
ÃÖ±Ù µé¾î BotnetÀº DDoS (Distributed Denial of Service), ½ºÆÔ ¸ÞÀÏ, Å° ·Î±ë µî ´Ù¾çÇÑ °ø°Ý¿¡ »ç¿ëµÇ°í ÀÖ´Ù. BotnetÀº ´Ù¼öÀÇ Bot°ú ±×°ÍÀ» °ü¸®ÇÏ´Â C&C (Command and Control) ¼¹ö·Î ±¸¼ºµÈ ³×Æ®¿öÅ©·Î °ø°ÝÀÚÀÇ ¸í·ÉÀ» C&C ¼¹ö¸¦ ÅëÇØ Bot¿¡°Ô Àü´ÞÇÏ¿© °ø°ÝÀ» ½ÇÇàÇÏ´Â ±¸Á¶ÀÌ´Ù. µû¶ó¼ °ø°ÝÀÚÀÇ À§Ä¡°¡ Á÷Á¢ÀûÀ¸·Î ³ëÃâµÇÁö ¾Ê°í ¹«¾ùº¸´Ù ´Ù¼öÀÇ BotÀ» ÀÌ¿ëÇÏ¿© °ø°ÝÀ» ½ÇÇàÇϱ⠶§¹®¿¡ °ø°ÝÀÌ Å½ÁöµÇ¾îµµ ´ëóÇϱⰡ ±î´Ù·Î¿ü´Ù. ±×·¯³ª ±×µ¿¾È IP ³×Æ®¿öÅ©¿Í´Â º°°³·Î °³¹ßÀÌ ÁøÇàµÇ¾î¿À´ø ¹«¼± ¼¾¼ ³×Æ®¿öÅ©°¡ ÃÖ±Ù IP¸¦ ±â¹ÝÀ¸·Î ÇÏ´Â IP-USNÀ¸·Î °³¹ßµÇ°í ÀÖÀ¸¸ç, ±× ¹æ¾ÈÀ¸·Î ÀúÀü·Â ÀåÄ¡¿¡ IPv6¸¦ žÀçÇÒ ¼ö ÀÖ´Â 6LoWPAN (IPv6 over Low power WPAN)ÀÌ ÁÖ¸ñ¹Þ°í ÀÖ´Ù. ÀÌ·± IP ±â¹ÝÀÇ ¼¾¼ ³×Æ®¿öÅ©¿¡¼´Â ±âÁ¸ ¹«¼± ¼¾¼ ³×Æ®¿öÅ©¿¡¼´Â ºÒ°¡´ÉÇÏ´ø IP ±â¹ÝÀÇ °ø°Ý ±â¹ýµéÀÌ °¡´ÉÇØÁø´Ù. ¾Õ¼ ¼Ò°³ÇÑ BotnetÀÌ ±× Áß Çϳª·Î ¹«¼± ¼¾¼ ³×Æ®¿öÅ© ¿ÜºÎ¿¡ À§Ä¡ÇÑ °ø°ÝÀÚ°¡ ¼¾¼ ³ëµå·Î Á÷Á¢ Á¢±ÙÀÌ °¡´ÉÇϱ⠶§¹®ÀÌ´Ù. º» ³í¹®¿¡¼´Â 6LoWPAN ±â¹ÝÀÇ BotnetÀÌ ½ÇÇà °¡´ÉÇÑ °ø°Ý À¯ÇüÀ» ºÐ¼®Çغ¸°í À̸¦ ¹ÙÅÁÀ¸·Î ÇÏ¿© 6LoWPAN ±â¹ÝÀÇ Botnet Æ®·¡ÇÈ Æ¯¼ºÀ» ºÐ¼®ÇÏ¿© BotnetÀ» ŽÁöÇÏ´Â ¸ÞÄ¿´ÏÁòÀ» Á¦¾ÈÇÏ°íÀÚ ÇÑ´Ù.
|
¿µ¹®³»¿ë (English Abstract) |
Recently, Botnets are used as malicious tools for sending spam-mail, logging keys and launching DDoS attacks. A Botnet is a network of Bots which are controlled by an attacker, and it is composed of several Bots and C&C (Command and Control) servers. The attacker sends commands to the C&C server in order to spread commands among the Bots. In this way, it is hard to find the attacker because there is no direct connection between the Bots and the attacker. A lot of mechanisms have been proposed to detect the Botnet on wired networks, and there are a number of commercial products to detect the Botnet. However, in a IP-based sensor network environment, especially in a 6LoWPAN (IPv6 over Low power WPAN), there is no detection mechanism for the Botnet attacks. In this paper, we analyze the threat of Botnet in a 6LoWPAN, and propose a mechanism to detect Botnet in a 6LoWPAN using characteristics of Botnet traffic. We also present the implementation of our mechanism in a 6LoWPAN environment.
|
Å°¿öµå(Keyword) |
6LoWPAN
º¿³Ý
ŽÁö±â¹ý
Botnet
Detection mechanism
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|