Á¤º¸°úÇÐȸ ³í¹®Áö A : ½Ã½ºÅÛ ¹× ÀÌ·Ð
| ÇѱÛÁ¦¸ñ(Korean Title) |
°í »óÈ£ÀÛ¿ë Ŭ¶óÀ̾ðÆ® Çã´ÏÆÌ¿¡¼ ºÐÇÒÁ¤º¹ ¹× ¼øÂ÷ ¹æ¹® ¾Ë°í¸®ÁòÀÇ °áÇÕ |
| ¿µ¹®Á¦¸ñ(English Title) |
Combining Divide-and-Conquer and Sequential Visitation Algorithms on High-Interaction Client Honeypots |
| ÀúÀÚ(Author) |
±èµ¿Áø
±èÈ«±Ù
¹Ú¹Î±Ô
Á¶¼ºÁ¦
Dong-Jin Kim
Hong-Geun Kim
Minkyu Park
Seong-Je Cho
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 39 NO. 02 PP. 0076 ~ 0083 (2012. 04) |
Çѱ۳»¿ë
(Korean Abstract) |
°í »óÈ£ÀÛ¿ë Ŭ¶óÀ̾ðÆ® Çã´ÏÆÌ(high interaction client honeypot) ½Ã½ºÅÛÀº Àǽɽº·¯¿î À¥¼¹öµéÀ» ½ÇÁ¦ ¹æ¹®ÇÏ¿© Ŭ¶óÀ̾ðÆ® ½Ã½ºÅÛÀÇ »óÅ º¯È¸¦ ¸ð´ÏÅ͸µÇÏ¿© ¾Ç¼º À¥¼¹ö¸¦ ŽÁöÇÑ´Ù. À̶§ Àǽɽº·¯¿î À¥¼¹öµéÀ» È¿À²ÀûÀ¸·Î ¹æ¹®ÇÏ´Â ¾Ë°í¸®ÁòÀÌ ¿ä±¸µÈ´Ù. ºÐ¼® ´ë»ó À¥¼¹öÀÇ ¼ö°¡ ¸Å¿ì ¸¹°í ¾Ç¼º À¥¼¹öÀÇ ºñÀ²ÀÌ ³·Àº °æ¿ì¿¡´Â, Àǽɽº·¯¿î k°³ÀÇ À¥¼¹ö¸¦ µ¿½Ã ¹æ¹®ÇÑ ÈÄ ´ÙÀ½ ´Ü°è¿¡¼´Â k°³¸¦ ´õ ÀûÀº ¼ö·Î ºÐÇÒ(±×·ìÈ)ÇÏ¿© Àç¹æ¹®ÇÏ´Â ¾Ë°í¸®ÁòÀÌ »ç¿ëµÈ´Ù. ÀÌ·¯ÇÑ ºÐÇÒÁ¤º¹ ¹æ¹® ¾Ë°í¸®ÁòÀ¸·Î´Â k °³ÀÇ À¥ÆäÀÌÁö¸¦ k/2·Î ³ª´©¾î Àç¹æ¹®ÇÏ´Â ÀÌÁø ºÐÇÒÁ¤º¹(binary divide-and-conquer, BDAC)°ú ⌊log_2 k⌋°³ÀÇ ±×·ìÀ¸·Î ³ª´©¾î Àç¹æ¹®ÇÏ´Â ·Î±× ºÐÇÒÁ¤º¹(logarithmic divide-and-conquer, LDAC)°¡ ÀÖ´Ù. ÀÌµé ¾Ë°í¸®ÁòÀº ¾Ç¼º À¥¼¹ö°¡ Æ÷ÇÔµÈ ÀûÀº ¼öÀÇ À¥¼¹öµé·Î ±¸¼ºµÈ ºÐÇÒ¿¡¼´Â ºÒÇÊ¿äÇÑ ¸®¹öÆðú Àç¹æ¹®À» À¯¹ß½ÃŲ´Ù. º» ³í¹®¿¡¼´Â ºÐÇÒÁ¤º¹ ¹æ¹® ¾Ë°í¸®ÁòÀÇ ¼º´ÉÀ» °³¼±Çϱâ À§ÇØ, ºÐÇÒÀÇ Å©±â°¡ ƯÁ¤ Å©±â(¼øÂ÷ ÀÓ°è°ª)º¸´Ù Àû°Ô µÇ´Â ½ÃÁ¡ºÎÅÍ´Â ¼øÂ÷ ¾Ë°í¸®ÁòÀ» Àû¿ëÇÏ´Â ºÐÇÒÁ¤º¹-¼øÂ÷(Divide-and-Conquer &Sequential, DAC-S) ¹æ¹® ¹æ½ÄÀ» Á¦¾ÈÇÑ´Ù. ¾Ç¼º À¥¼¹öÀÇ ºñÀ²À» ½ÇÁ¦ ȯ°æ°ú À¯»çÇÏ°Ô Àû¿ëÇÏ°í ½ÇÇèÇÏ¿©, Á¦¾ÈÇÑ ¹æ½ÄÀÌ ±âÁ¸ ¹æ¹® ¾Ë°í¸®Áò¿¡ ºñÇØ ¼º´ÉÀÌ ¿ì¼öÇÔÀ» º¸¿´´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
A high interaction client honeypot actually visits suspicious web servers and detects malicious web servers by monitoring changes in the client state. We need an algorithm that efficiently visits suspicious web servers in order that this work is useful. When many servers are to be analyzed and a percentage of malicious webpages are very low, we usually use a divide and conquer visitation algorithm. This algorithm concurrently visits suspicious k webpages and then divides k webpages into groups of a fewer number of webpages and revisits these groups recursively. Binary Divide-And-Conquer (BDAC) divides k webpages into two (k / 2)-pages groups; Logarithmic Divide-And-Conquer (LDAC) divides webpages into a number of ⌊log_2 k⌋-pages groups. These algorithms incur unnecessary reverts and revisits when a size of the group is small. We propose a new scheme that enhances the performance of divide-and-conquer algorithms. This scheme stops dividing webpages when the size of groups are less than or equal to a certain size (sequential threshold) and visits the rest of them sequentially. We call it Divide-and-Conquer & Sequential (DAC-S) approach. We show that under a simulation configuration similar to the real-world, the proposed approach performs better than existing algorithms.
|
| Å°¿öµå(Keyword) |
¾Ç¼º À¥ ÆäÀÌÁö
¹æ¹® ¾Ë°í¸®Áò
ºÐÇÒÁ¤º¹-¼øÂ÷ ¾Ë°í¸®Áò (DAC-S)
¼øÂ÷ ÀÓ°è°ª
Malicious web page
Visitation algorithm
Divide-and-Conquer & Sequential algorithm (DAC-S)
Sequential threshold
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
