WO2014157745A1 - Method for detecting illicit mobile device by means of both wired and wireless scanning - Google Patents

Method for detecting illicit mobile device by means of both wired and wireless scanning Download PDF

Info

Publication number
WO2014157745A1
WO2014157745A1 PCT/KR2013/002517 KR2013002517W WO2014157745A1 WO 2014157745 A1 WO2014157745 A1 WO 2014157745A1 KR 2013002517 W KR2013002517 W KR 2013002517W WO 2014157745 A1 WO2014157745 A1 WO 2014157745A1
Authority
WO
WIPO (PCT)
Prior art keywords
wired
wireless
scanning
mac address
devices
Prior art date
Application number
PCT/KR2013/002517
Other languages
French (fr)
Korean (ko)
Inventor
김태범
김정식
Original Assignee
(주)노르마
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)노르마 filed Critical (주)노르마
Priority to PCT/KR2013/002517 priority Critical patent/WO2014157745A1/en
Publication of WO2014157745A1 publication Critical patent/WO2014157745A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Definitions

  • the present invention relates to a method for discriminating illegal mobile devices using wired scanning and wireless scanning.
  • Korean Patent Publication KR2002-0041004A discloses an internal network security system, but it is difficult to apply when a wired / wireless router is invaded. This is because wired / wireless routers may leak the company's confidential data by directly connecting to an external network without going through an authentication system.
  • WIPS perform the operation of detecting illegal or fake APs, but these devices are expensive and are not easy to introduce.
  • a method for determining an illegal mobile device invading a wired and wireless internal network comprising: a wireless scanning step of wirelessly scanning a wired / wireless router and devices connected to the wired / wireless router; A wired scanning step of scanning devices connected to a wired network; And comparing the result of the wireless scanning step with the wired scanning step, and determining illegal mobile device.
  • the wireless scanning step may be a step of collecting a wireless mac address and a wired mac address of devices connected to the device having the wireless mac address from at least one ARP frame received wirelessly.
  • the wired scanning may include collecting wired mac addresses of devices wired to the internal network.
  • the determining may include: excluding a wireless mac address that is not connected to at least one wired mac address scanned in the wired scanning step from a result scanned in the wireless scanning step; And determining a device having an illegally connected wireless MAC address by referring to a list of devices having a wireless MAC address that is legally registered in the result of the scanning in the wireless scanning step.
  • the collected wired MAC address may be directly connected to a device having the wireless MAC address.
  • FIG. 4 is a view for explaining a functional block diagram of the discriminating device S of an illegal mobile device according to an embodiment of the present invention.
  • FIG. 5 is a diagram illustrating a computer system in which an illegal mobile device is implemented according to an embodiment of the present invention.
  • first wired / wireless router 20 second wired / wireless router
  • wireless mac address refers to a mac address of a device that transmits and receives data wirelessly
  • wireless mac address refers to a mac address of a device that transmits and receives data by wire
  • FIG. 1 is a view for explaining the discriminating device (S) of the illegal mobile device according to an embodiment of the present invention
  • Figure 3 is a view for explaining the embodiment of Figs.
  • FIGS. 1 and 3 an apparatus for determining an illegal mobile device according to an embodiment of the present invention will be described.
  • the internal network N1 is composed of a wired and wireless network, and the illegal mobile device in which the second wired / wireless router 20 invades the internal network N1.
  • the discriminating device S hereinafter, referred to as 'identifying device S'
  • the determination device S performs an operation of scanning wirelessly and an operation of scanning by wire. Scanning by wireless may be performed first, or scanning by wire may be performed first.
  • the determination device S is illustrated as being positioned at two places by dotted lines, and the determination device S may be implemented as one device or two devices.
  • the wireless scanning operation may be performed first and then the wired scanning operation may be performed, or the wired scanning operation may be performed and then the wireless scanning operation may be performed.
  • a discriminating device S for performing a wireless scanning operation and a discriminating device S for performing a wired scanning operation are separately provided, and any one of them is provided.
  • the determination device S may be configured to provide the results of the scanning to the other determination device S or to provide each other.
  • the discriminating device S is physically implemented as two devices, a discriminating device S for wireless scanning operation and a discriminating device S for wired scanning operation are separately provided, and these discriminating devices are provided.
  • Each S transmits its scanning result to a server (not shown), and the server receiving the scanning result from both determination devices S determines which device is an illegal mobile device.
  • Scanning wirelessly is an operation of analyzing signals received wirelessly and finding a wired / wireless router and devices connected to the wired / wireless router.
  • a wireless scanning operation may collect beacons (such as signals originating from devices called wireless access point (AP)) and ARP requests that are received from the surroundings and collect the information on the router and the router. Find out which devices are connected.
  • beacons such as signals originating from devices called wireless access point (AP)
  • the determination device S can find out the MAC addresses for the wired / wireless routers in the surroundings by collecting beacons for reception in the surroundings. In addition, by collecting ARP requests, it is possible to determine the MAC address of devices directly connected to the router.
  • the determination device S includes a first group A ', A, F, G, B, a second group D', D, C, J, K, and a third group ( Wireless scanning results such as P ', P, Q, R, W) can be collected.
  • A, D, and P are wired MAC addresses of the wired / wireless router
  • the remaining F, G, B, H, I, D , J, K, C, P, Q, R, W are the devices (11, 13, 15, 17, 19, 20, 21, 23, 25, 30, 31, 33, 35) directly connected to the router. Indicates a Mac address.
  • the determination device (S) is to distinguish and collect which wired devices are directly connected to the wireless sharing router. That is, as shown in FIG. 3, the first group includes a wireless mac address A ′ of the first wired / wireless router 10, a wired mac address A of the first wired / wireless router 10, and a first wired / wireless router. It consists of wired Mac addresses F, G, B of devices directly connected to it.
  • the second group is directly connected to the wireless mac address D 'of the second wired / wireless router 20, the wired mac address D of the second wired / wireless router 20, and the second wired / wireless router 20.
  • the device consists of wired mac addresses C, J, and K, and the third group is a wireless mac address P 'of the third router 30, a wired mac address of the third router 30.
  • P the wired MAC addresses (Q, R, W) of the devices directly connected to the third wired / wireless router 30.
  • the reason why the discriminating device S performs wireless scanning to group and manage each wireless MAC address is to discriminate illegal mobile devices with reference to the wired scanning result to be described later.
  • the determination device (S) will be described by way of example.
  • the discriminating device S collects signals called ARP frames, which are signals broadcast from wired or wireless devices constituting the inner network N1 and the outer network N2.
  • the discriminating device S analyzes signals called ARP frames, and it is possible to know which device is directly connected to which wired / wireless router.
  • the SSID included in the ARP frame indicates which wired / wireless router and which MAC address is included therein to determine which wired device is connected.
  • the wired scanning operation (hereinafter, referred to as a “wired scanning operation”) is an operation of analyzing signals received by the wire and finding devices connected to each other by wire in the internal network N1.
  • the determination device S directly connects to the internal network N1 to collect wired mac addresses of devices connected by wire.
  • the portion labeled 'wired group' shows the wired mac addresses collected by the determination device S by wire.
  • the wired group may be A, F, G, B, D, C, J, K, H, or I.
  • the determination device S is naturally included in the wired scanning result. Not.
  • the determination device S may determine the illegal mobile device by referring to both the wireless scanning result and the wired scanning result. Determining the illegal mobile device includes i) excluding the group for the external network and ii) selecting the illegal mobile device in comparison with the registered group list.
  • the discrimination apparatus S selects groups which do not have a wired mac address belonging to a wired group from the groups wirelessly scanned. That is, the wired mac address belonging to the wired group is A, F, G, B, D, C, J, K, H, I, and the wireless scanning group that does not contain any of these wired mac addresses is the third group.
  • the third group consists of P ', P, Q, R, and W, and does not have any of A, F, G, B, D, C, J, K, H, I. Therefore, the determination device S determines that the third group is the external network and excludes it from the determination object.
  • the registration group list means a MAC address list for wireless devices that are duly authorized to use.
  • the registered group list may be previously stored by the determination device S that performs the operation of selecting an illegal mobile device or may be transmitted from an external (server).
  • the discriminating device S can find out which device has an unregistered wireless MAC address by comparing the registered group list with the first group and the second group. In the case of the second wired / wireless router 20, since the device is not properly licensed, the second wired / wireless router 20 is not included in the registered group list. Accordingly, the discriminating device S can know that the device having the wireless MAC address D 'in the second group is illegal.
  • the determination device S determines the illegal mobile device.
  • the determination device S does not need to perform i) an operation of excluding a group for the external network described above and ii) selecting an illegal mobile device in comparison with a registered group list, ii).
  • the illegal mobile device can also be determined by performing the operation. This is because the registered group list of the internal network N1 does not include the wired / wireless router 30 belonging to the external network, i) without performing an operation, and ii) determining an illegal mobile device by performing the operation. Can be.
  • FIG. 2 is a view for explaining a method for determining an illegal mobile device according to an embodiment of the present invention.
  • the method for determining an illegal mobile device includes the steps of performing the wireless scanning (S101) and performing the wired scanning (S103) by the determination device S. And determining illegal mobile devices connected to the internal network N1 with reference to the wireless scanning result and the wired scanning result (S105).
  • the wireless scanning step S101 and the wired scanning step S103 may be performed simultaneously with each other or with each other.
  • the device performing the wireless scanning (S101) and the device performing the wired scanning (S103) may be physically the same as or different from each other.
  • the device provides the result of scanning from one side to the other, and the device provided with the scanning result performs the step of determining illegal mobile devices connected to the internal network (S105).
  • the device performing the step of determining (S105) is any one of the device performing the step of performing a wireless scanning (S101) and the device performing a step of performing a wired scanning (S103), or another device (for example Server).
  • the server performs the step of determining (S105)
  • Performing wireless scanning includes collecting a wireless mac address and a wired mac address of devices connected to the device having the wireless mac address from at least one ARP frame received wirelessly.
  • FIG. 4 is a view for explaining a functional block diagram of the discriminating device S of the illegal mobile device according to an embodiment of the present invention.
  • an apparatus 100 for determining an illegal mobile device may include a wireless scan unit 102, a wired scan unit 104, and an illegal device selection unit 106.
  • the wireless scan unit 102, the wired scan unit 104, and the illegal device selection unit 106 may be implemented in hardware and / or software.
  • the discriminating device 100 of the illegal mobile device may correspond to the discriminating device S of FIG. 1, and may be implemented in the form of devices such as a notebook computer, a smartphone, a PDA, a tablet PC, and the like.
  • the wireless scan unit 102 performs the wireless scanning operation described with reference to FIGS. 1 and 3, and the wired scan unit 104 performs the wired scanning operation described with reference to FIGS. 1 and 3.
  • the illegal device selection unit 106 performs the illegal mobile device determination operation described with reference to FIGS. 1 and 3.
  • the apparatus 100 for determining an illegal mobile device may be located at a position capable of receiving all radio signals propagated in the internal network N1. Perform a wireless scanning operation.
  • the apparatus 100 for determining an illegal mobile device collects wired mac addresses of devices connected to the internal network N1 by wire by connecting to the internal network N1 by wire.
  • FIG. 5 is a diagram illustrating a computer system in which an illegal mobile device is implemented according to an embodiment of the present invention.
  • a computer system in which an illegal mobile device is implemented may include a program logic 101, a computer processor 103, a storage unit 105, and a memory 107. have.
  • the program logic 101 may be implemented in the form of code executable in a computer, stored in the storage unit 105, and loaded and operated in the memory 107 under the control of the computer processor 103. Can be.
  • the program logic 101 may include code for performing operations of the wireless scan unit 102, the wired scan unit 104, and the illegal device selection unit 106 described with reference to FIG. 4. can do.
  • the code for performing the operation of the wireless scanning unit 102, the code for performing the operation of the wired scanning unit 104, and the code for performing the operation of the illegal device selection unit 106 Figures 1 and 3
  • the wireless scanning operation, the wired scanning operation, and the illegal device selection operation described with reference to the present invention may be performed.
  • At least one of the wireless scan unit 102, the wired scan unit 104, and the illegal device selection unit 106 may be implemented in hardware.
  • components that are implemented in code of a program executable in a computer may be implemented in hardware logic.
  • hardware logic it may be implemented in a form embedded in the computer processor 103, or may be implemented in a separate hardware from the computer processor 103.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed is a method for detecting an illicit mobile device invading an intranet consisting of wired and wireless communications, which includes the steps of: scanning wirelessly a wired and wireless network sharing device and the devices connected thereto; scanning the devices connected to a wired network; and comparing the result of the wireless scanning with the result of the wired scanning so as to detect the illicit mobile device.

Description

유선 스캐닝 및 무선 스캐닝을 이용한 불법 모바일 장비의 판별 방법Discrimination of illegal mobile devices using wired and wireless scanning
본 발명은 유선 스캐닝 및 무선 스캐닝을 이용한 불법 모바일 장비의 판별 방법에 관한 것이다. The present invention relates to a method for discriminating illegal mobile devices using wired scanning and wireless scanning.
회사의 내부망에 단말기를 가장하여 유무선 공유기가 침입하였을 때 이를 탐지할 필요가 있다.It is necessary to detect when a wired / wireless router breaks in by impersonating a terminal in the company's internal network.
종래 한국공개특허 KR2002-0041004A에는 사내망 보안 시스템이 개시되어 있지만, 유무선 공유기가 침입한 경우에는 적용되기 어렵다. 이는, 유무선 공유기의 경우 인증 시스템을 거치지 않고 바로 외부망과 연결하여 회사의 기밀 데이터를 유출할 가능성이 있기 때문이다. Conventionally, Korean Patent Publication KR2002-0041004A discloses an internal network security system, but it is difficult to apply when a wired / wireless router is invaded. This is because wired / wireless routers may leak the company's confidential data by directly connecting to an external network without going through an authentication system.
한편, WIPS라고 불리우는 장비들이 불법 또는 페이크 AP들을 탐지하는 동작을 수행하지만 이러한 장비들은 비싸서 도입하기가 쉽지 않다. On the other hand, devices called WIPS perform the operation of detecting illegal or fake APs, but these devices are expensive and are not easy to introduce.
내부망에 불법으로 침입한 모바일 장치를 판별할 수 있는 유선 스캐닝 및 무선 스캐닝을 이용한 불법 모바일 장비의 판별 방법이 제공될 수 있다. There may be provided a method for discriminating illegal mobile devices using wired and wireless scanning that can identify a mobile device illegally invading an internal network.
본 발명의 일 실시예에 따르면, 유선 및 무선으로 이루어진 내부망에 침입한 불법 모바일 장치의 판별 방법에 있어서, 유무선 공유기 및 이 유무선 공유기에 연결된 장치들을 무선으로 스캔하는 무선 스캐닝 단계; 유선망에 연결된 장치들을 스캐닝하는 유선 스캐닝 단계; 및 상기 무선 스캐닝 단계의 결과 및 유선 스캐닝 단계를 비교하여, 불법 모바일 장비를 판별하는 단계;를 포함하는 것을 특징으로 하는 불법 모바일 장치의 판별 방법이 제공된다. According to an embodiment of the present invention, there is provided a method for determining an illegal mobile device invading a wired and wireless internal network, comprising: a wireless scanning step of wirelessly scanning a wired / wireless router and devices connected to the wired / wireless router; A wired scanning step of scanning devices connected to a wired network; And comparing the result of the wireless scanning step with the wired scanning step, and determining illegal mobile device.
상기 무선 스캐닝 단계는, 무선으로 수신되는 적어도 하나의 ARP 프레임으로부터 무선 맥어드레스 및 이 무선 맥어드레스를 가진 장치에 연결된 장치들의 유선 맥어드레스를 수집하는 단계일 수 있다.The wireless scanning step may be a step of collecting a wireless mac address and a wired mac address of devices connected to the device having the wireless mac address from at least one ARP frame received wirelessly.
상기 유선 스캐닝 단계는, 상기 내부망에 유선으로 연결된 장치들의 유선 맥어드레스를 수집하는 단계일 수 있다.The wired scanning may include collecting wired mac addresses of devices wired to the internal network.
상기 판별하는 단계는, 상기 무선 스캐닝 단계에서 스캐닝된 결과에서, 상기 유선 스캐닝 단계에서 스캐닝된 적어도 하나의 유선 맥어드레스와 연결되어 있지 않은 무선 맥어드레스는 제외시키는 단계; 및 상기 무선 스캐닝 단계에서 스캐닝된 결과에서, 미리 적법하게 등록된 무선 맥어드레스를 가진 장치들의 리스트를 참조하여, 불법으로 연결된 무선 맥어드레스를 가진 장치를 판별하는 단계;를 포함할 수 있다.The determining may include: excluding a wireless mac address that is not connected to at least one wired mac address scanned in the wired scanning step from a result scanned in the wireless scanning step; And determining a device having an illegally connected wireless MAC address by referring to a list of devices having a wireless MAC address that is legally registered in the result of the scanning in the wireless scanning step.
수집된 상기 유선 맥어드레스는 상기 무선 맥어드레스를 가진 장치에 직접 연결된 것일 수 있다.The collected wired MAC address may be directly connected to a device having the wireless MAC address.
본 발명의 하나 이상의 실시예에 따르면, 내부망에 불법으로 침입한 모바일 장치를 판별할 수 있다. According to one or more embodiments of the present invention, it is possible to determine a mobile device illegally invading an internal network.
도 1은, 본 발명의 일 실시예에 따른 불법 모바일 장치의 판별장치(S)를 설명하기 위한 도면이고, 1 is a view for explaining the discriminating device S of the illegal mobile device according to an embodiment of the present invention,
도 2는, 본 발명의 일 실시예에 따른 불법 모바일 방법을 설명하기 위한 도면이고,2 is a view for explaining the illegal mobile method according to an embodiment of the present invention,
도 3은 도 1과 도 2의 실시예를 설명하기 위한 도면이고, 3 is a view for explaining the embodiment of Figures 1 and 2,
도 4는 본 발명의 일 실시예에 따른 불법 모바일 장치의 판별장치(S)의 기능 블럭도를 설명하기 위한 도면이고, 그리고4 is a view for explaining a functional block diagram of the discriminating device S of an illegal mobile device according to an embodiment of the present invention; and
도 5는 본 발명의 일 실시예에 따른 불법 모바일 장치가 구현된 컴퓨터 시스템을 설명하기 위한 도면이다. 5 is a diagram illustrating a computer system in which an illegal mobile device is implemented according to an embodiment of the present invention.
[부호의 설명][Description of the code]
10: 제1 유무선 공유기 20: 제2 유무선 공유기10: first wired / wireless router 20: second wired / wireless router
30: 제3 유무선 공유기30: third wired / wireless router
11, 13, 15, 17, 19, 20, 21, 23, 25, 30, 31, 33, 35: 단말 장치11, 13, 15, 17, 19, 20, 21, 23, 25, 30, 31, 33, 35: terminal device
101: 프로그램 로직 103: 프로세서101: program logic 103: processor
105: 저장부 107: 메모리105: storage unit 107: memory
102: 무선 스캔부 104: 유선 스캔부102: wireless scanning unit 104: wired scanning unit
106: 불법 장치 선별부106: illegal device selection unit
이상의 본 발명의 목적들, 다른 목적들, 특징들 및 이점들은 첨부된 도면과 관련된 이하의 바람직한 실시예들을 통해서 쉽게 이해될 것이다. 그러나 본 발명은 여기서 설명되는 실시예들에 한정되지 않고 다른 형태로 구체화될 수도 있다. 오히려, 여기서 소개되는 실시예들은 개시된 내용이 철저하고 완전해질 수 있도록 그리고 당업자에게 본 발명의 사상이 충분히 전달될 수 있도록 하기 위해 제공되는 것이다. 본 명세서에서, 어떤 구성요소가 다른 구성요소 상에 있다고 언급되는 경우에 그것은 다른 구성요소 상에 직접 형성될 수 있거나 또는 그들 사이에 제 3의 구성요소가 개재될 수도 있다는 것을 의미한다.Objects, other objects, features and advantages of the present invention will be readily understood through the following preferred embodiments associated with the accompanying drawings. However, the present invention is not limited to the embodiments described herein and may be embodied in other forms. Rather, the embodiments introduced herein are provided so that the disclosure may be made thorough and complete, and to fully convey the spirit of the present invention to those skilled in the art. In the present specification, when a component is mentioned to be on another component, it means that it may be formed directly on the other component or a third component may be interposed therebetween.
본 명세서에서 사용된 용어는 실시예들을 설명하기 위한 것이며 본 발명을 제한하고자 하는 것은 아니다. 본 명세서에서, 단수형은 문구에서 특별히 언급하지 않는 한 복수형도 포함한다. 명세서에서 사용되는 '포함한다(comprises)' 및/또는 '포함하는(comprising)'은 언급된 구성요소는 하나 이상의 다른 구성요소의 존재 또는 추가를 배제하지 않는다.The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. In this specification, the singular also includes the plural unless specifically stated otherwise in the phrase. As used herein, the words 'comprises' and / or 'comprising' do not exclude the presence or addition of one or more other components.
이하, 도면을 참조하여 본 발명을 상세히 설명하도록 한다. 아래의 특정 실시예들을 기술하는데 있어서, 여러 가지의 특정적인 내용들은 발명을 더 구체적으로 설명하고 이해를 돕기 위해 작성되었다. 하지만 본 발명을 이해할 수 있을 정도로 이 분야의 지식을 갖고 있는 독자는 이러한 여러 가지의 특정적인 내용들이 없어도 사용될 수 있다는 것을 인지할 수 있다. 어떤 경우에는, 발명을 기술하는 데 있어서 흔히 알려졌으면서 발명과 크게 관련 없는 부분들은 본 발명을 설명하는 데 있어 별 이유 없이 혼돈이 오는 것을 막기 위해 기술하지 않음을 미리 언급해 둔다. Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. In describing the specific embodiments below, various specific details are set forth in order to explain the invention more specifically and to help understand. However, those skilled in the art can understand that the present invention can be used without these various specific details. In some cases, it is mentioned in advance that parts of the invention which are commonly known in the description of the invention and which are not highly related to the invention are not described in order to prevent confusion in explaining the invention without cause.
용어의 정의Definition of Terms
본원 명세서에서, '무선 맥어드레스'라고 함은 무선으로 데이터를 송수신 한느 장치가 가진 맥어드레스를 의미하고, '유선 맥어드레스'라고 함은 유선으로 데이터를 송수신하는 장치가 가진 맥어드레스를 의미한다.In the present specification, the term "wireless mac address" refers to a mac address of a device that transmits and receives data wirelessly, and the term "wired mac address" refers to a mac address of a device that transmits and receives data by wire.
도 1은, 본 발명의 일 실시예에 따른 불법 모바일 장치의 판별장치(S)를 설명하기 위한 도면이고, 도 3은 도 1 및 도 2의 실시예를 설명하기 위한 도면이다. 1 is a view for explaining the discriminating device (S) of the illegal mobile device according to an embodiment of the present invention, Figure 3 is a view for explaining the embodiment of Figs.
이하에서는, 도 1 및 도 3을 참조하여, 본 발명의 일 실시예에 따른 본 발명의 일 실시예에 따른 불법 모바일 장치의 판별장치(S)를 설명하기로 한다 Hereinafter, referring to FIGS. 1 and 3, an apparatus for determining an illegal mobile device according to an embodiment of the present invention will be described.
본 발명의 설명의 목적을 위해서, 도 1의 실시예에서는 내부망(N1)이 유선 및 무선망으로 구성되어 있고, 이러한 내부망(N1)에 제2유무선 공유기(20)가 침입한 불법 모바일 장치라고 가정한 후, 불법 모바일 장치의 판별장치(S)(이하, '판별장치(S)'라고 함)를 설명하기로 한다.For the purpose of explanation of the present invention, in the embodiment of Fig. 1, the internal network N1 is composed of a wired and wireless network, and the illegal mobile device in which the second wired / wireless router 20 invades the internal network N1. After that, the discriminating device S (hereinafter, referred to as 'identifying device S') of the illegal mobile device will be described.
판별장치(S)는, 무선으로 스캐닝하는 동작과 유선으로 스캐닝하는 동작을 수행한다. 무선으로 스캐닝하는 동작을 먼저 하거나 또는 유선으로 스캐닝하는 동작을 먼저 수행할 수 있다. The determination device S performs an operation of scanning wirelessly and an operation of scanning by wire. Scanning by wireless may be performed first, or scanning by wire may be performed first.
도 1에서는 판별장치(S)가 점선으로 2곳에 위치되어 있는 것으로 도시하였으며, 이러한 판별장치(S)는 물리적으로 1개의 장치 또는 물리적으로 2개의 장치로도 구현이 가능한다. 판별장치(S)가 물리적으로 1개의 장치로 구현되는 경우는, 무선 스캐닝 동작을 먼저 한 후 유선 스캐닝 동작을 하거나, 또는 유선 스캐닝 동작을 한 후 무선 스캐닝 동작을 수행할 수 있다. In FIG. 1, the determination device S is illustrated as being positioned at two places by dotted lines, and the determination device S may be implemented as one device or two devices. When the determination device S is physically implemented as one device, the wireless scanning operation may be performed first and then the wired scanning operation may be performed, or the wired scanning operation may be performed and then the wireless scanning operation may be performed.
판별장치(S)가 물리적으로 2개의 장치로 구현이 되는 경우는, 무선 스캐닝 동작을 하는 판별장치(S)와 유선 스캐닝 동작을 하는 판별장치(S)를 각각 별도로 마련하고, 이들 중 어느 하나의 판별장치(S)에서 자신이 스캐닝한 결과를 다른 하나의 판별장치(S)에게 제공하거나 또는 서로 제공하도록 구성할 수 있다. When the discriminating device S is physically implemented as two devices, a discriminating device S for performing a wireless scanning operation and a discriminating device S for performing a wired scanning operation are separately provided, and any one of them is provided. The determination device S may be configured to provide the results of the scanning to the other determination device S or to provide each other.
판별장치(S)가 물리적으로 2개의 장치로 구현이 되는 또 다른 경우는, 무선 스캐닝 동작을 하는 판별장치(S)와 유선 스캐닝 동작을 하는 판별장치(S)를 각각 별도로 마련하고, 이들 판별장치(S)들이 각각 자신의 스캐닝한 결과를 서버(미 도시)로 전송하며, 양 판별장치(S)로부터 스캐닝 한 결과를 전송받은 서버는 어떤 장치가 불법 모바일 장치인지를 판별한다. In another case where the discriminating device S is physically implemented as two devices, a discriminating device S for wireless scanning operation and a discriminating device S for wired scanning operation are separately provided, and these discriminating devices are provided. Each S transmits its scanning result to a server (not shown), and the server receiving the scanning result from both determination devices S determines which device is an illegal mobile device.
무선 스캐닝 동작Wireless scanning operation
먼저 판별장치(S)가 무선으로 스캐닝하는 동작을 설명하기로 한다. First, an operation of scanning by the determination apparatus S wirelessly will be described.
무선으로 스캐닝하는 동작(이하, '무선 스캐닝 동작'이라고 함)은, 무선으로 수신되는 신호들을 분석하여, 유무선 공유기 및 유무선 공유기에 연결된 장치들을 알아내는 동작이다. 예를 들면, 무선 스캐닝 동작은, 주위에서 수신되는 비콘(이러한 신호는 주로 무선 액섹스 포인트(AP)라고 불리우는 장치들로부터 발생되는 신호임)들과 ARP 리퀘스트들을 수집하여, 유무선 공유기 및 유무선 공유기에 연결된 장치들을 알아낼 수 있다. Scanning wirelessly (hereinafter, referred to as a 'wireless scanning operation') is an operation of analyzing signals received wirelessly and finding a wired / wireless router and devices connected to the wired / wireless router. For example, a wireless scanning operation may collect beacons (such as signals originating from devices called wireless access point (AP)) and ARP requests that are received from the surroundings and collect the information on the router and the router. Find out which devices are connected.
구체적으로, 판별장치(S)는, 주위에서 수신에는 비콘들을 수집함으로써, 주위의 유무선 공유기들에 대한 맥 어드레스를 알아낼 수 있다. 또한, ARP 리퀘스트들을 수집함으로써, 유무선 공유기에 직접 연결된 장치들의 맥 어드레스를 알아낼 수 있다. Specifically, the determination device S can find out the MAC addresses for the wired / wireless routers in the surroundings by collecting beacons for reception in the surroundings. In addition, by collecting ARP requests, it is possible to determine the MAC address of devices directly connected to the router.
도 1과 같은 환경에서, 판별장치(S)가 무선 스캐닝한 결과를 도 3에 나타내었다. 도 3을 참조하면, 판별장치(S)는, 제1 그룹(A', A, F, G, B), 제2 그룹(D', D, C, J, K), 및 제3 그룹(P', P, Q, R, W)과 같은 무선 스캐닝 결과를 수집할 수 있다. In the environment as shown in FIG. 1, a result of wireless scanning performed by the determination device S is illustrated in FIG. 3. Referring to FIG. 3, the determination device S includes a first group A ', A, F, G, B, a second group D', D, C, J, K, and a third group ( Wireless scanning results such as P ', P, Q, R, W) can be collected.
여기서, A', D', 및 P' 는 유무선 공유기들의 무선 맥어드레스(MAC ADDRESS)이고, A, D, P는 유무선 공유기의 유선 맥어드레스이고, 나머지 F, G, B, H, I, D, J, K, C, P, Q, R, W들은 유무선 공유기에 직접 연결된 장치들(11, 13, 15, 17, 19, 20, 21, 23, 25, 30, 31, 33, 35)의 맥어드레스를 나타낸다. Here, A ', D', and P 'are MAC ADDRESS of the wired / wireless routers, A, D, and P are wired MAC addresses of the wired / wireless router, and the remaining F, G, B, H, I, D , J, K, C, P, Q, R, W are the devices (11, 13, 15, 17, 19, 20, 21, 23, 25, 30, 31, 33, 35) directly connected to the router. Indicates a Mac address.
한편, 판별장치(S)는 무선 스캐닝할 때, 무선 공유공유기에 어떠한 유선장치들이 직접 연결되어 있는지를 구별하여 수집하게 된다. 즉, 도 3에 도시된 바와 같이 제1 그룹은, 제1 유무선 공유기(10)의 무선 맥어드레스(A'), 이러한 제1 유무선 공유기(10)의 유선 맥어드레스(A), 제1 유무선 공유기에 직접 연결된 장치들의 유선 맥어드레스들(F, G, B)로 이루어진다. On the other hand, when the wireless scanning device, the determination device (S) is to distinguish and collect which wired devices are directly connected to the wireless sharing router. That is, as shown in FIG. 3, the first group includes a wireless mac address A ′ of the first wired / wireless router 10, a wired mac address A of the first wired / wireless router 10, and a first wired / wireless router. It consists of wired Mac addresses F, G, B of devices directly connected to it.
유사한 방식으로, 제2 그룹은 제2 유무선 공유기(20)의 무선 맥어드레스(D'), 이러한 제2 유무선 공유기(20)의 유선 맥어드레스(D), 제2 유무선 공유기(20)에 직접 연결된 장치들의 유선 맥어드레스들(C, J, K)로 이루어지고, 제3 그룹은 제3 유무선 공유기(30)의 무선 맥어드레스(P'), 이러한 제3 유무선 공유기(30)의 유선 맥어드레스(P), 제3 유무선 공유기(30)에 직접 연결된 장치들의 유선 맥어드레스들(Q, R, W)로 이루어진다. In a similar manner, the second group is directly connected to the wireless mac address D 'of the second wired / wireless router 20, the wired mac address D of the second wired / wireless router 20, and the second wired / wireless router 20. The device consists of wired mac addresses C, J, and K, and the third group is a wireless mac address P 'of the third router 30, a wired mac address of the third router 30. P), the wired MAC addresses (Q, R, W) of the devices directly connected to the third wired / wireless router 30.
한편, 판별장치(S)가 수행한 무선 스캐닝의 결과는, 내부망(N1) 뿐만 아니라 주위의 외부망(N2)으로부터의 신호도 같이 수집하므로, 도 3과 같이 제3 그룹과 같은 정보도 같이 포함하게 된다. On the other hand, the result of the wireless scanning performed by the determination device (S), because not only the internal network (N1) but also collects the signals from the surrounding external network (N2) together, as shown in Figure 3 also the same information as the third group It will be included.
판별장치(S)가, 무선 스캐닝을 하여 무선 맥 어드레스별로 그룹지어 관리하는 이유는 후술할 유선 스캐닝 결과를 같이 참조하여, 불법 모바일 장치를 판별하기 위함이다. The reason why the discriminating device S performs wireless scanning to group and manage each wireless MAC address is to discriminate illegal mobile devices with reference to the wired scanning result to be described later.
한편, 판별장치(S)가 유무선 공유기에 직접 연결된 장치들의 유선 맥어드레스를 어떠한 방식으로 알아내는지에 대하여, 예시적으로 설명하기로 한다.  On the other hand, how to determine the wired MAC address of the devices directly connected to the wired / wireless router, the determination device (S) will be described by way of example.
판별장치(S)는 ARP 프레임이라고 불리우는 신호들을 수집하며, 이러한 신호는 내부망(N1)과 외부망(N2)을 구성하는 유선 또는 무선 장치들로부터 브로드캐스팅되는 신호이다. 판별장치(S)는 ARP 프레임이라고 불리우는 신호들을 분석하면, 어떠한 유무 장치가 어떠한 유무선 공유기에 직접 연결되어 있는지를 알 수 있다. 즉, ARP 프레임에 포함된 SSID를 보면 어떠한 유무선 공유기인지 알 수 있고 그 안에 어떠한 MAC 어드레스가 포함되어 있는지를 보면 어떠한 유선 장치가 연결되어 있는지를 알 수 있다.The discriminating device S collects signals called ARP frames, which are signals broadcast from wired or wireless devices constituting the inner network N1 and the outer network N2. The discriminating device S analyzes signals called ARP frames, and it is possible to know which device is directly connected to which wired / wireless router. In other words, the SSID included in the ARP frame indicates which wired / wireless router and which MAC address is included therein to determine which wired device is connected.
유선 스캐닝 동작Wired Scanning Action
이제 판별장치(S)가 유선으로 스캐닝하는 동작을 설명하기로 한다. Now, the operation of scanning by the determination device S by wire will be described.
유선으로 스캐닝하는 동작(이하, '유선 스캐닝 동작'이라고 함)은, 유선으로 수신되는 신호들을 분석하여, 내부망(N1)에서 유선으로 서로 연결된 장치들을 알아내는 동작이다. 예를 들면, 유선 스캐닝 동작은, 도 1에 도시된 바와 같이 판별장치(S)가 내부망(N1)에 직접 접속하여 유선으로 연결된 장치들의 유선 맥어드레스를 수집하게 된다. The wired scanning operation (hereinafter, referred to as a “wired scanning operation”) is an operation of analyzing signals received by the wire and finding devices connected to each other by wire in the internal network N1. For example, in the wired scanning operation, as shown in FIG. 1, the determination device S directly connects to the internal network N1 to collect wired mac addresses of devices connected by wire.
도 3을 다시 참조하면, '유선 group'라고 표시한 부분이, 판별장치(S)가 유선으로 수집한 유선 맥어드레스들을 나타낸 것이다. 도 1의 실시예에서 유선 스캐닝한 결과, 유선 group은, A, F, G, B, D, C, J, K, H, I가 될 수 있다. Referring to FIG. 3 again, the portion labeled 'wired group' shows the wired mac addresses collected by the determination device S by wire. As a result of the wired scanning in the embodiment of FIG. 1, the wired group may be A, F, G, B, D, C, J, K, H, or I.
외부망(N2)에 포함된 유선 맥어드레스들(P, Q, R, W)은, 내부망(N1)에는 유선으로 연결되어 있지 않으므로, 판별장치(S)가 유선 스캐닝한 결과에는 당연히 포함되어 있지 않다. Since the wired mac addresses P, Q, R, and W included in the external network N2 are not connected to the internal network N1 by wire, the determination device S is naturally included in the wired scanning result. Not.
불법 모바일 장치 판별 동작Illegal Mobile Device Discrimination Behavior
도 3을 참조하며, 판별장치(S)가 내부망에 침입한 불법 모바일 장치인 제2 유무선 공유기(20)를 판별하는 동작을 설명하기로 한다. Referring to FIG. 3, an operation of determining the second wired / wireless router 20 which is an illegal mobile device invading the internal network will be described.
판별장치(S)는 무선 스캐닝 결과와 유선 스캐닝 결과를 모두 참조하여 불법 모바일 장치를 판별할 수 있다. 불법 모바일 장치를 판별하는 동작은 i) 외부망에 대한 그룹을 제외시키는 동작과 ii) 등록 그룹 리스트와 비교하여 불법 모바일 장치를 선별하는 동작을 포함한다. The determination device S may determine the illegal mobile device by referring to both the wireless scanning result and the wired scanning result. Determining the illegal mobile device includes i) excluding the group for the external network and ii) selecting the illegal mobile device in comparison with the registered group list.
외부망에 대한 그룹을 제외시키는 동작을 먼저 설명한다. The operation of excluding groups for external networks will be described first.
예를 들면, 판별장치(S)는, 무선 스캐닝한 그룹들에서, 유선 group에 속한 유선 맥어드레스를 가지지 않은 그룹들을 선별한다. 즉, 유선 group에 속한 유선 맥어드레스는 A, F, G, B, D, C, J, K, H, I 이며, 이러한 유선 맥어드레스 어떠한 것도 포함하고 있지 않은 무선 스캐닝 그룹은 제3 그룹이다. 제3 그룹은 P', P, Q, R, W로 이루어져 있으며, A, F, G, B, D, C, J, K, H, I 중 어떠한 것도 가지고 있지 않다. 따라서, 판별장치(S)는 제3 그룹은 외부망이라고 판단하고, 판단 대상에서 제외한다. For example, the discrimination apparatus S selects groups which do not have a wired mac address belonging to a wired group from the groups wirelessly scanned. That is, the wired mac address belonging to the wired group is A, F, G, B, D, C, J, K, H, I, and the wireless scanning group that does not contain any of these wired mac addresses is the third group. The third group consists of P ', P, Q, R, and W, and does not have any of A, F, G, B, D, C, J, K, H, I. Therefore, the determination device S determines that the third group is the external network and excludes it from the determination object.
이제, 등록 그룹 리스트와 비교하여 불법 모바일 장치를 선별하는 동작을 설명한다. 여기서, 등록 그룹 리스트는, 정당하게 사용인가를 받은 무선 장치들에 대한 맥어드레스 리스트를 의미한다. 등록 그룹 리스트는 '불법 모바일 장치를 선별하는 동작'을 수행하는 판별 장치(S)가 미리 저장하고 있거나, 외부(서버)로부터 전송받는 것일 수 있다.  Now, an operation of selecting an illegal mobile device in comparison with the registered group list will be described. Here, the registration group list means a MAC address list for wireless devices that are duly authorized to use. The registered group list may be previously stored by the determination device S that performs the operation of selecting an illegal mobile device or may be transmitted from an external (server).
판별장치(S)는 등록 그룹 리스트와, 제1 그룹과 제2 그룹을 비교함으로써 등록되지 않은 무선 맥 어드레스를 가진 장치가 어떤 것인지 알아낼 수 있다. 제2 유무선 공유기(20)의 경우 정당하게 사용허가를 받지 않은 장치이므로, 등록 그룹 리스트에 포함되어 있지 않다. 따라서, 판별장치(S)는 제2 그룹에서 D'라는 무선 맥어드레스를 가진 장치는 불법이라는 것을 알 수 있다. The discriminating device S can find out which device has an unregistered wireless MAC address by comparing the registered group list with the first group and the second group. In the case of the second wired / wireless router 20, since the device is not properly licensed, the second wired / wireless router 20 is not included in the registered group list. Accordingly, the discriminating device S can know that the device having the wireless MAC address D 'in the second group is illegal.
이상과 같은 2가지 동작을 수행함으로써, 판별장치(S)는 불법 모바일 장치를 판별하게 된다. By performing the above two operations, the determination device S determines the illegal mobile device.
다른 예로서, 판별장치(S)는 상술한 i) 외부망에 대한 그룹을 제외시키는 동작과 ii) 등록 그룹 리스트와 비교하여 불법 모바일 장치를 선별하는 동작 중 i)동작을 수행할 필요 없이, ii)동작을 수행하는 것으로도 불법 모바일 장치를 판별할 수 있다. 내부망(N1)의 등록 그룹 리스트에는 외부망에 속해 있는 유무선 공유기(30)가 포함되어 있지 않기 때문이며, i) 동작을 수행하지 않고, ii) 동작을 수행하는 것로도 불법 모바일 장치를 판별할 수 있다. As another example, the determination device S does not need to perform i) an operation of excluding a group for the external network described above and ii) selecting an illegal mobile device in comparison with a registered group list, ii). The illegal mobile device can also be determined by performing the operation. This is because the registered group list of the internal network N1 does not include the wired / wireless router 30 belonging to the external network, i) without performing an operation, and ii) determining an illegal mobile device by performing the operation. Can be.
도 2는, 본 발명의 일 실시예에 따른 불법 모바일 장치를 판별하는 방법을 설명하기 위한 도면이다. 2 is a view for explaining a method for determining an illegal mobile device according to an embodiment of the present invention.
도 2를 참조하면, 본 발명의 일 실시예에 따른 불법 모바일 장치를 판별하는 방법은, 판별장치(S)가 무선 스캐닝을 하는 단계(S101)와, 유선 스캐닝을 하는 단계(S103)을 하는 단계, 및 무선 스캐닝 결과와 유선 스캐닝 결과를 참조하여 내부망(N1)에 연결된 불법 모바일 장치들을 판별하는 단계(S105)를 포함한다.Referring to FIG. 2, the method for determining an illegal mobile device according to an embodiment of the present invention includes the steps of performing the wireless scanning (S101) and performing the wired scanning (S103) by the determination device S. And determining illegal mobile devices connected to the internal network N1 with reference to the wireless scanning result and the wired scanning result (S105).
여기서, 무선 스캐닝을 하는 단계(S101)와 유선 스캐닝을 하는 단계(S103)은 서로 동시 또는 서로 어느쪽이 먼저 수행될 수도 있다. Here, the wireless scanning step S101 and the wired scanning step S103 may be performed simultaneously with each other or with each other.
무선 스캐닝을 하는 단계(S101)를 수행하는 장치와 유선 스캐닝을 하는 단계(S103)를 수행하는 장치는 물리적으로 서로 동일하거나 또는 서로 별개의 장치일 수 있다. 서로 별개의 장치인 경우에는, 어느 한쪽에서 다른쪽으로 스캐닝을 한 결과를 제공하며, 스캐닝을 한 결과를 제공받은 장치가, 내부망에 연결된 불법 모바일 장치들을 판별하는 단계(S105)를 수행하게 된다.  The device performing the wireless scanning (S101) and the device performing the wired scanning (S103) may be physically the same as or different from each other. In the case of separate devices, the device provides the result of scanning from one side to the other, and the device provided with the scanning result performs the step of determining illegal mobile devices connected to the internal network (S105).
한편, 판별하는 단계(S105)를 수행하는 장치는, 무선 스캐닝을 하는 단계(S101)를 수행하는 장치와 유선 스캐닝을 하는 단계(S103)를 수행하는 장치 중 어느 하나이거나, 또는 다른 장치(예를 들면 서버)일 수 있다. 서버가 판별하는 단계(S105)를 수행하는 경우에는, 무선 스캐닝을 하는 단계(S101)를 수행하는 장치와 유선 스캐닝을 하는 단계(S103)를 수행하는 장치는 각각 자신이 스캐닝한 결과를 상기 서버에게 제공하게 된다.On the other hand, the device performing the step of determining (S105) is any one of the device performing the step of performing a wireless scanning (S101) and the device performing a step of performing a wired scanning (S103), or another device (for example Server). When the server performs the step of determining (S105), the device performing the wireless scanning step (S101) and the device performing the wire scanning step (S103), respectively, to the server the results of their scanning to the server. Will be provided.
무선 스캐닝을 하는 단계(S101)는, 무선으로 수신되는 적어도 하나의 ARP 프레임으로부터 무선 맥어드레스 및 이 무선 맥어드레스를 가진 장치에 연결된 장치들의 유선 맥어드레스를 수집하는 동작을 포함한다. Performing wireless scanning (S101) includes collecting a wireless mac address and a wired mac address of devices connected to the device having the wireless mac address from at least one ARP frame received wirelessly.
도 2에서의 무선 스캐닝과 유선 스캐닝 의미는 도 1을 참조하여 이미 설명한바가 있으므로 여기서는 생략하기로 한다. The meanings of wireless scanning and wired scanning in FIG. 2 have already been described with reference to FIG. 1 and will be omitted herein.
도 4는 본 발명의 일 실시예에 따른 불법 모바일 장치의 판별장치(S)의 기능 블럭도를 설명하기 위한 도면이다. 4 is a view for explaining a functional block diagram of the discriminating device S of the illegal mobile device according to an embodiment of the present invention.
도 4를 참조하면, 본 발명의 일 실시예에 따른 불법 모바일 장치의 판별장치(100)는 무선 스캔부(102), 유선 스캔부(104), 및 불법 장치 선별부(106)를 포함할 수 있다. 여기서, 무선 스캔부(102), 유선 스캔부(104), 및 불법 장치 선별부(106)는 하드웨어 및/또는 소프트웨어로 구현될 수 있다. Referring to FIG. 4, an apparatus 100 for determining an illegal mobile device according to an embodiment of the present invention may include a wireless scan unit 102, a wired scan unit 104, and an illegal device selection unit 106. have. Here, the wireless scan unit 102, the wired scan unit 104, and the illegal device selection unit 106 may be implemented in hardware and / or software.
불법 모바일 장치의 판별장치(100)는, 도 1에서의 판별장치(S)에 대응될 수 있으며, 예를 들면 노트북, 스마트폰, PDA, 태블릿 PC 등과 같이 장치들의 형태로 구현될 수 있다.The discriminating device 100 of the illegal mobile device may correspond to the discriminating device S of FIG. 1, and may be implemented in the form of devices such as a notebook computer, a smartphone, a PDA, a tablet PC, and the like.
무선 스캔부(102)는 도 1 및 도 3을 참조하여 설명한 무선 스캐닝 동작을 수행하고, 유선 스캔부(104)는 도 1 및 도 3을 참조하여 설명한 유선 스캐닝 동작을 수행한다. The wireless scan unit 102 performs the wireless scanning operation described with reference to FIGS. 1 and 3, and the wired scan unit 104 performs the wired scanning operation described with reference to FIGS. 1 and 3.
불법 장치 선별부(106)는 도 1 및 도 3을 참조하여 설명한 불법 모바일 장치 판별 동작을 수행한다. The illegal device selection unit 106 performs the illegal mobile device determination operation described with reference to FIGS. 1 and 3.
도 1과 도 3을 참조하여, 불법 모바일 장치의 판별장치(100)를 설명하면, 불법 모바일 장치의 판별장치(100)는 내부망(N1)에서 전파되는 모든 무선 신호들을 수신할 수 있는 위치에서 무선 스캐닝 동작을 수행한다. 그리고, 불법 모바일 장치의 판별장치(100)는, 내부망(N1)에 유선으로 접속하여 유선으로 내부망(N1)에 연결된 장치들의 유선 맥어드레스를 수집한다. Referring to FIGS. 1 and 3, the apparatus 100 for determining an illegal mobile device is described. The apparatus 100 for determining an illegal mobile device may be located at a position capable of receiving all radio signals propagated in the internal network N1. Perform a wireless scanning operation. In addition, the apparatus 100 for determining an illegal mobile device collects wired mac addresses of devices connected to the internal network N1 by wire by connecting to the internal network N1 by wire.
도 5는 본 발명의 일 실시예에 따른 불법 모바일 장치가 구현된 컴퓨터 시스템을 설명하기 위한 도면이다. 5 is a diagram illustrating a computer system in which an illegal mobile device is implemented according to an embodiment of the present invention.
도 5를 참조하면, 본 발명의 일 실시예에 따른 불법 모바일 장치가 구현된 컴퓨터 시스템은 프로그램 로직(101), 컴퓨터 프로세서(103), 저장부(105), 및 메모리(107)를 포함할 수 있다. Referring to FIG. 5, a computer system in which an illegal mobile device is implemented according to an embodiment of the present invention may include a program logic 101, a computer processor 103, a storage unit 105, and a memory 107. have.
프로그램 로직(101)은, 컴퓨터에서 실행가능한 코드(Code)의 형태로 구현될 수 있으며 , 저장부(105)에 저장되어 있다가 컴퓨터 프로세서(103)의 제어하에 메모리(107)에 로딩되어 동작할 수 있다 . The program logic 101 may be implemented in the form of code executable in a computer, stored in the storage unit 105, and loaded and operated in the memory 107 under the control of the computer processor 103. Can be.
예를 들면, 프로그램 로직(101)은, 도 4를 참조하여 설명한 무선 스캔부(102), 유선 스캔부(104), 및 불법 장치 선별부(106)의 동작을 수행하는 코드(code)를 포함할 수 있다. 여기서, 무선 스캔부(102)의 동작을 수행하는 코드와,유선 스캔부(104)의 동작을 수행하는 코드와, 불법 장치 선별부(106)의 동작을 수행하는 코드는, 도 1 및 도 3을 참조하여 설명한 무선 스캐닝 동작, 유선 스캐닝 동작, 불법 장치 선별동작을 수행하기 위한 것일 수 있다. For example, the program logic 101 may include code for performing operations of the wireless scan unit 102, the wired scan unit 104, and the illegal device selection unit 106 described with reference to FIG. 4. can do. Here, the code for performing the operation of the wireless scanning unit 102, the code for performing the operation of the wired scanning unit 104, and the code for performing the operation of the illegal device selection unit 106, Figures 1 and 3 The wireless scanning operation, the wired scanning operation, and the illegal device selection operation described with reference to the present invention may be performed.
대안으로, 무선 스캔부(102), 유선 스캔부(104), 및 불법 장치 선별부(106) 중 적어도 하나는 하드 웨어로 구현될 수 있다.Alternatively, at least one of the wireless scan unit 102, the wired scan unit 104, and the illegal device selection unit 106 may be implemented in hardware.
이상 설명한 실시예에서, 컴퓨터에서 실행가능한 프로그램의 코드로 구현되는 구성요소들은, 하드웨어 로직으로도 구현이 가능할 것이다. 하드웨어 로직으로 구현되는 경우에는 컴퓨터 프로세서(103)에 내장된 형태로 구현되거나, 또는 컴퓨터 프로세서(103)와는 별도의 하드웨어로 구현이 될 수 있다.In the above-described embodiments, components that are implemented in code of a program executable in a computer may be implemented in hardware logic. When implemented in hardware logic, it may be implemented in a form embedded in the computer processor 103, or may be implemented in a separate hardware from the computer processor 103.
상기와 같이 본 발명은 비록 한정된 실시예와 도면에 의해 설명되었으나, 본 발명은 상기의 실시예에 한정되는 것은 아니며, 본 발명이 속하는 분야에서 통상의 지식을 가진 자라면 이러한 기재로부터 다양한 수정 및 변형이 가능하다. 그러므로, 본 발명의 범위는 설명된 실시예에 국한되어 정해져서는 아니 되며, 후술하는 특허청구범위뿐 아니라 이 특허청구범위와 균등한 것들에 의해 정해져야 한다.As described above, the present invention has been described by way of limited embodiments and drawings, but the present invention is not limited to the above embodiments, and those skilled in the art to which the present invention pertains various modifications and variations from such descriptions. This is possible. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined not only by the claims below but also by the equivalents of the claims.

Claims (5)

  1. 유선 및 무선으로 이루어진 내부망에 침입한 불법 모바일 장치의 판별 방법에 있어서, In the method of discriminating illegal mobile devices invading the internal network of wired and wireless,
    유무선 공유기 및 이 유무선 공유기에 연결된 장치들을 무선으로 스캔하는 무선 스캐닝 단계; A wireless scanning step of wirelessly scanning the router and the devices connected to the router;
    유선망에 연결된 장치들을 스캐닝하는 유선 스캐닝 단계; 및A wired scanning step of scanning devices connected to a wired network; And
    상기 무선 스캐닝 단계의 결과 및 유선 스캐닝 단계를 비교하여, 불법 모바일 장비를 판별하는 단계;를 포함하는 것을 특징으로 하는 불법 모바일 장치의 판별 방법. And comparing the result of the wireless scanning step and the wired scanning step to determine an illegal mobile device.
  2. 제1항에 있어서,The method of claim 1,
    상기 무선 스캐닝 단계는,The wireless scanning step,
    무선으로 수신되는 적어도 하나의 ARP 프레임으로부터 무선 맥어드레스 및 이 무선 맥어드레스를 가진 장치에 연결된 장치들의 유선 맥어드레스를 수집하는 단계인 것을 특징으로 하는 불법 모바일 장치의 판별 방법. And collecting the wired MAC address of the wireless MAC address and the devices connected to the device having the wireless MAC address from at least one ARP frame received wirelessly.
  3. 제2항에 있어서,The method of claim 2,
    상기 유선 스캐닝 단계는,The wired scanning step,
    상기 내부망에 유선으로 연결된 장치들의 유선 맥어드레스를 수집하는 단계인 것을 특징으로 하는 불법 모바일 장치의 판별 방법.And collecting wired mac addresses of devices wired to the internal network.
  4. 제3항에 있어서,The method of claim 3,
    상기 판별하는 단계는,The determining step,
    상기 무선 스캐닝 단계에서 스캐닝된 결과에서, 상기 유선 스캐닝 단계에서 스캐닝된 적어도 하나의 유선 맥어드레스와 연결되어 있지 않은 무선 맥어드레스는 제외시키는 단계; 및Excluding a wireless mac address that is not connected to at least one wired mac address scanned in the wired scanning step from the result scanned in the wireless scanning step; And
    상기 무선 스캐닝 단계에서 스캐닝된 결과에서, 미리 적법하게 등록된 무선 맥어드레스를 가진 장치들의 리스트를 참조하여, 불법으로 연결된 무선 맥어드레스를 가진 장치를 판별하는 단계;를 포함하는 것을 특징으로 하는 불법 모바일 장치의 판별 방법. And determining, from the results scanned in the wireless scanning step, a device having an illegally connected wireless mac address, by referring to a list of devices having a wireless MAC address legally registered in advance. How to determine the device.
  5. 제2항에 있어서,The method of claim 2,
    수집된 상기 유선 맥어드레스는 상기 무선 맥어드레스를 가진 장치에 직접 연결된 것을 특징으로 하는 불법 모바일 장치의 판별 방법.The collected wired mac address is directly connected to the device having the wireless mac address.
PCT/KR2013/002517 2013-03-27 2013-03-27 Method for detecting illicit mobile device by means of both wired and wireless scanning WO2014157745A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/KR2013/002517 WO2014157745A1 (en) 2013-03-27 2013-03-27 Method for detecting illicit mobile device by means of both wired and wireless scanning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2013/002517 WO2014157745A1 (en) 2013-03-27 2013-03-27 Method for detecting illicit mobile device by means of both wired and wireless scanning

Publications (1)

Publication Number Publication Date
WO2014157745A1 true WO2014157745A1 (en) 2014-10-02

Family

ID=51624698

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/002517 WO2014157745A1 (en) 2013-03-27 2013-03-27 Method for detecting illicit mobile device by means of both wired and wireless scanning

Country Status (1)

Country Link
WO (1) WO2014157745A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040027988A1 (en) * 2002-08-12 2004-02-12 Harris Corporation Wireless local or metropolitan area network with intrusion detection features and related methods
KR20090003134A (en) * 2008-12-15 2009-01-09 김동규 Illegal login protection system and method based on pc registratrion
KR20110087594A (en) * 2010-01-26 2011-08-03 삼성전자주식회사 Method and apparatus for preventing illegal access to network
KR101186874B1 (en) * 2011-12-30 2012-10-02 주식회사 정보보호기술 Method for operating intrusion protecting system for network system connected to wire and wireless integrated environment
KR101186876B1 (en) * 2011-12-16 2012-10-02 주식회사 정보보호기술 Realtime intrusion protecting method for network system connected to wire and wireless integrated environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040027988A1 (en) * 2002-08-12 2004-02-12 Harris Corporation Wireless local or metropolitan area network with intrusion detection features and related methods
KR20090003134A (en) * 2008-12-15 2009-01-09 김동규 Illegal login protection system and method based on pc registratrion
KR20110087594A (en) * 2010-01-26 2011-08-03 삼성전자주식회사 Method and apparatus for preventing illegal access to network
KR101186876B1 (en) * 2011-12-16 2012-10-02 주식회사 정보보호기술 Realtime intrusion protecting method for network system connected to wire and wireless integrated environment
KR101186874B1 (en) * 2011-12-30 2012-10-02 주식회사 정보보호기술 Method for operating intrusion protecting system for network system connected to wire and wireless integrated environment

Similar Documents

Publication Publication Date Title
WO2014081205A1 (en) Illegal ap detection system and detection method therefor
US20110055928A1 (en) Method and system for detecting unauthorized wireless devices
WO2019146956A1 (en) Apparatus and method for acquiring information of device
WO2012108687A2 (en) Method of detecting arp spoofing attacks using arp locking and computer-readable recording medium storing program for executing the method
WO2014133357A1 (en) Method and apparatus for monitoring internet connection status in wireless communication system
WO2012108613A1 (en) Method and apparatus for controlling connection between devices
WO2015194829A2 (en) Method for detecting number of selected devices among plurality of client terminals on private network using same public ip by web server provided with additional non-specified domain name from internet access request traffic of client terminal making request for internet access, and selective detection system for device in state in which public ip is shared
WO2021261883A1 (en) Method for detecting hidden camera using wireless router and system thereof
WO2017026840A1 (en) Internet connection device, central management server, and internet connection method
WO2022255619A1 (en) Wireless intrusion prevention system and operating method therefor
WO2016076574A1 (en) Apparatus and method for identifying terminal information
WO2019231215A1 (en) Terminal device and method for identifying malicious ap by using same
WO2013022213A1 (en) Terminal device and access point access method of the terminal device
WO2012057533A2 (en) System and method for dynamic channel allocation for avoiding frequency interference
EP3205168A1 (en) System and methods for detection of hidden nodes in cellular systems on unlicensed bands
WO2019135543A1 (en) Electronic device and method for controlling same
WO2014157745A1 (en) Method for detecting illicit mobile device by means of both wired and wireless scanning
WO2017126754A1 (en) Method for location based radio interference detection and user terminal device using same
WO2013172587A1 (en) Intelligent wireless intrusion prevention system and sensor using cloud sensor network
WO2013100646A1 (en) Apparatus and method for controlling local area communication connection by means of wireless terminal device
WO2021225329A1 (en) Method and system for detecting forgery of mobile application by using user identifier and signature collection
WO2018088680A1 (en) Security system and method for processing request for access to blocked site
WO2013089395A1 (en) Signature-based wireless intrusion prevention system
KR101360348B1 (en) Method for detecting wireless access point
KR101477760B1 (en) Detection Method for Infringement of Illegal Mobile device using wire and wireless scanning

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13879905

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 18.01.2016)

122 Ep: pct application non-entry in european phase

Ref document number: 13879905

Country of ref document: EP

Kind code of ref document: A1