1. Technical Field
The present invention relates to an apparatus and a method for an attack source traceback. More particularly, the present invention relates to an apparatus and a method for an attack source traceback capable of tracing back an attacker, that is, an attack source which is present behind a command and control (C&C) server in a cyber target attack having non-connectivity over a transmission control protocol (TCP) connection.
2. Description of the Related Art
There are currently positive aspects that an industry structure is reorganized and task efficiency is improved due to quantum leap of Internet technology while there are also negative aspects that cyber terrors such as various crimes, personal attacks, and personal information leakages by abusing anonymity of Internet have occurred.
Of course, in order to solve the problems, various traceback technologies have been discussed. Under an extremely limited environment, it is possible to track a location of a criminal or cracker who is connected using a web of Internet in real time and there was an attempt to trace back a suspect of a web hacking attack in a corresponding construction system.
Further, an attacker (hacker) attempts to attack via a plurality of routes, that is, servers present on a network in order to conceal his/hers location, and various researches that intend to trace back and find an attack source for an attack in the above-mentioned form, that is, the hacker have been currently progressed. However, existing researches may track the attack source only in the case in which connectivity over a TCP connection from the attack source to a damaged system via the route will be maintained, and may not track the attack source any longer in the case in which the attack is performed via a network equipment (e.g., a server, a router, and other security equipment) or an internet service provider (ISP) that does not provide a tracking function.
Therefore, there is a need for an apparatus and a method for an attack source traceback capable of tracing back the attacker, that is, the attack source which is present behind the C&C server in the cyber target attack having non-connectivity over the TCP connection. As the related art, Korean Patent Application Publication No. 10-2003-0021338 has been disclosed.