IHarmful Traffic Detection by Web Traffic Analysis

신현준; 최일준; 추병균; Changsuk Oh

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2007, 12(2), pp.221-230
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

신현준 ¹, 최일준 ², 추병균 ³, Changsuk Oh ⁴

¹충북대학교
²충북대학교
³충북대학교
⁴충북대학교

ABSTRACT

Security of the port TCP/80 has been demanded by reason that the others besides web services have been rapidly increasing use of the port. Existing traffic analysis approaches can't distinguish web services traffic from application services when traffic passes though the port. monitoring method based on protocol and port analysis were weak in analyzing harmful traffic using the web port on account of being unable to distinguish payload. In this paper, we propose a method of detecting harmful traffic by web traffic analysis. To begin, traffic Capture by real time and classify by web traffic. Classed web traffic sorts each application service details and apply weight and detect harmful traffic. Finally, method propose and implement through coding. Therefore have a purpose of these paper to classify existing traffic analysis approaches was difficult web traffic classified normal traffic and harmful traffic and improved performance.
KEYWORDS

유해 트래픽(Harmful Traffic), 트래픽 분석(Traffic Analysis), 웹 트래픽(Web Traffic)
REFERENCES (15)

[book] 박광청 / 2006 / 트래픽 모니터링과 플로우 기반 분석 방법론 / 온더넷

[book] 신동윤 / 2007 / 웹 서비스시대의 보안 솔루션 / 온더넷

[book] 김한기 / 2006 / 네트워크 인텔리전스 측면의 보안 / 온더넷

[book] Brian Caswell / 2006 / Snort Intrusion Detection and Prevention Toolkit / SYNGRESS

[confproc] George J. Lee / 2006 / Diagnosis of TCP Overlay Connection Failures using Bayesian Networks / SIGCOMM Conference

[confproc] Changhee Joo / 2005 / Increasing TCP Capacity in Wireless Multihop Networks / HSI 2005, LNCS 3579 : 37~44

[confproc] Tilman Wolf / 2005 / Transparent TCP acceleration through network processing / in Proc. of IEEE Global Communications Conference (GLOBECOM) 2 : 750~754

[journal] 김기환 / 2007 / The Authentication Model which Utilized Tokenless OTP / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 12(1) : 109~118

[web] / 2006 / NTOP / http://www.ntop.org/download.html

[journal] Feng Qiu / 2005 / Analysis of User Web Traffic with a Focus on Search Activities / University of California

[thesis] 유대성 / 2005 / 트래픽 분석을 이용한 SNMP 기반의 공격 탐지 / 석사 / 충북대학교 대학원

[journal] 박주기 / 2007 / A Fuzzy-based Network Intrusion Detection System Through sessionization / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 12(1) : 129~138

[book] 이종일 / 2006 / 웹 애플리케이션 공격의 이해 / 온더넷

[book] Kevin Borders / 2004 / Detecting Covert Web Traffic / University of Michigan

[confproc] Jeffry R. Williams / 2004 / The Ten Most Critical Web Application Security Vulnerabilities / OWASP
KCI Citation (3)

KJC Korea
Journal Central

Statistics

Tools