1. Technical Field
The present invention relates generally to an apparatus and method for protecting a communication pattern of network traffic and, more particularly, to an apparatus and method that protect the change and communication pattern of traffic in the network of a control system using artificial communication.
2. Description of the Related Art
Generally, in a Supervisory Control And Data Acquisition (SCADA), Cyber Physical Systems (CPS), and national infrastructure systems in which the update of a security antivirus program is difficult, it is difficult to maintain an attack signature-based intrusion detection system. Further, since it is also difficult detect attacks on national infrastructures aiming at a specific organization in an attack signature manner, research into anomaly-based intrusion detection systems (A-IDS) has been actively conducted in national infrastructures.
However, when an attacker monitors the normal communication patterns of SCADA or national infrastructure systems and obtains a normal profile, a anomaly-based intrusion detection system (A-IDS) may be incapacitated.
In the past, pieces of research into techniques for preventing attacks to leak the personal information of users from traffic in an Information Technology (IT) network were conducted. Korean Patent Application Publication No. 10-2010-0078584 discloses technology relating to a multi-encryption apparatus and method for SCADA communication security. Further, the paper “Traffic morphing: An efficient defense against statistical traffic analysis” proposes a method of preventing information leakage attacks at low cost by utilizing a classifier, instead of a method of encrypting contents by applying a convex optimization technique to traffic that is transmitted using a Secure Sockets Layer (SSL) method or the like. However, there is a problem in that traffic is transmitted without being encrypted in a control system, so that, if an attacker directly monitors traffic, the attacker can view even the contents of traffic, thus making it difficult to apply this method.