APPARATUS AND METHOD FOR ATTACK SOURCE TRACEBACK
First Claim
1. An apparatus for an attack source traceback, comprising:
- a server information extracting unit configured to detect an attack for a system, which is generated via a server to thereby extract information on the server;
a traceback agent installing unit configured to install a traceback agent in the server based on the information on the server; and
a traceback unit configured to find an attack source for the system by analyzing network information of the server obtained by the traceback agent.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and a method for an attack source traceback capable of tracing back an attacker, that is, an attack source present behind a command and control (C&C) server in a cyber target attack having non-connectivity over a transmission control protocol (TCP) connection are disclosed. The apparatus for the attack source traceback includes: a server information extracting unit detecting an attack for a system, which is generated via a server to thereby extract information on the server; a traceback agent installing unit installing a traceback agent in the server based on the information on the server; and a traceback unit finding an attack source for the system by analyzing network information of the server obtained by the traceback agent.
-
Citations
12 Claims
-
1. An apparatus for an attack source traceback, comprising:
-
a server information extracting unit configured to detect an attack for a system, which is generated via a server to thereby extract information on the server; a traceback agent installing unit configured to install a traceback agent in the server based on the information on the server; and a traceback unit configured to find an attack source for the system by analyzing network information of the server obtained by the traceback agent. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for an attack source traceback, comprising:
-
detecting, by a server information extracting unit, an attack for a system which is generated via a server to thereby extract information on the server; installing, by a traceback agent installing unit, a traceback agent in the server based on the information on the server; and finding, by a traceback unit, an attack source for the system by analyzing network information of the server obtained by the traceback agent. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification