KR101639428B1 - System for uni direction protocol control on board - Google Patents

System for uni direction protocol control on board Download PDF

Info

Publication number
KR101639428B1
KR101639428B1 KR1020150060847A KR20150060847A KR101639428B1 KR 101639428 B1 KR101639428 B1 KR 101639428B1 KR 1020150060847 A KR1020150060847 A KR 1020150060847A KR 20150060847 A KR20150060847 A KR 20150060847A KR 101639428 B1 KR101639428 B1 KR 101639428B1
Authority
KR
South Korea
Prior art keywords
packet
control module
hacked
data
receiving
Prior art date
Application number
KR1020150060847A
Other languages
Korean (ko)
Inventor
김명의
김병철
Original Assignee
한전케이디엔 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한전케이디엔 주식회사 filed Critical 한전케이디엔 주식회사
Priority to KR1020150060847A priority Critical patent/KR101639428B1/en
Application granted granted Critical
Publication of KR101639428B1 publication Critical patent/KR101639428B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

According to the present invention, a board based unidirectional communication control system has a unidirectional communication control module installed between a server and a client, configured to receive a packet transmitted from the server and the client, configured to determine whether the packet is hacked through TCP/IP protocol analysis, and configured to distort a data block and a data size of the packet to block information inputted from the outside when it is determined that the packet is hacked.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to a board-based unidirectional communication control system,

The present invention relates to a board-based unidirectional communication control system, and more particularly, to a board-based unidirectional communication control system which is installed between a server and a client, receives packets transmitted from the server and the client, And a unidirectional communication control module for disturbing the data block and the data size of the packet when it is judged that there is a hack, thereby blocking information flowing from the outside. Therefore, it is possible to prevent malicious Based unidirectional communication control system capable of blocking access and preventing internal data deception.

In the past, attack techniques such as worms and viruses were aimed at infringing the system, but recently attacks are mainly aimed at the use and leakage of system information.

A backdoor is a typical tool to infiltrate a target host and leak system information out of the administrator's surveillance.

BACKGROUND OF THE INVENTION A backdoor of a computer system refers to a method of passing general authentication, ensuring remote access, and gaining access to plain text and acquiring data without undetected behavior.

The types of back doors include logic bombs, worms, and trojan horses, but in addition to being maliciously constructed as such, there are a number of backdoor A backdoor can also exist.

The backdoor may take the form of an installed program, or it may be a variation of an existing program or hardware.

Backdoor threats surfaced as multi-user and network operating systems became widely accepted. Systems using proprietary software without source code are also exposed to backdoors frequently. It is also possible to create a back door without modifying the source code, or even to modify it after compilation, mainly by rewriting the compiler and inserting a back door into a specific part when compiling the source code.

In order to leak system information through such a back door, a communication channel must exist between the attacker and the target host. This characteristic is used as an important element for detecting the back door.

On the other hand, OSI (Open System Interconnection) 7Layer standard classifies layers by physical, data link, IP, TCP, etc., and constructs an information delivery system. In order to transmit and receive data, a forwarder and a receiver always transmit a message Exchange.

However, the media removal method which restricts the transmission / reception channel for the purpose of protecting information in the past is to remove any one of the transmission media (TX) / reception (RX) communication media according to the communication direction purpose and transmit / The agent has provided a response signal in place of the receiving-side message. In this case, although the physical connection of the communication is disconnected, there is a problem that the transmission / reception is recognized as normal from the protocol viewpoint.

Korean Patent Publication No. 10-1463873

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems occurring in the prior art, and it is an object of the present invention to provide a method and apparatus for receiving a packet transmitted from a server and a client, determining whether the packet is hacked through TCP / IP protocol analysis, And a unidirectional communication control module for interrupting information incoming from the outside by distorting the data block and the data size of the packet when judged, thereby blocking malicious access for the purpose of virus installation or information hacking from the outside, Based one-way communication control system capable of preventing unauthorized use of the board-based one-way communication control system.

According to an aspect of the present invention, there is provided a board-based unidirectional communication control system, which is installed between a server and a client, receives a packet transmitted from the server and the client, And a unidirectional communication control module for judging whether or not there is a hack, and for disturbing a data block and a data size of the packet to block information flowing from the outside.

The present invention has a technical effect of preventing malicious access for the purpose of virus installation or information hacking from the outside and preventing internal data deception.

FIG. 1 schematically shows a main configuration of a board-based unidirectional communication control system according to the present invention installed between a server and a client.
2A is a detailed block diagram of a transmission module in a configuration of a board-based unidirectional communication control system according to the present invention.
FIG. 2B is a detailed block diagram of a receiving module in the configuration of a board-based unidirectional communication control system according to the present invention.
FIG. 2C is a detailed block diagram of the control module of the board-based unidirectional communication control system according to the present invention.
3A shows a packet structure of an Ethernet frame according to the present invention.
3B shows an IP packet structure according to the present invention.
3C shows a TCP packet structure according to the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 schematically shows a main configuration of a board-based unidirectional communication control system according to the present invention installed between a server and a client. FIGS. 2A to 2C show configurations of a transmission module, a reception module and a control module, 3A to 3C show a packet structure, an IP packet structure, and a TCP packet structure of an Ethernet frame according to the present invention.

1, a board-based unidirectional communication control system 100 according to the present invention is installed between a server 200 and a client 300 and includes a transmission module 110, a reception module 120, and a control module 130 ).

2A, the transmission module 110 includes a MAC (Media Access Control) 111, an interface card (I / F card) 112, and a DMA (Direct Memory Access) 113, Receives the first packet transmitted from the control module 130, and transmits the first packet to the control module 130 by changing the destination MAC and IP address to a source address.

2B, the receiving module 120 includes a Media Access Control (MAC) 121, an interface card 122, and a DMA (Direct Memory Access) The control module 130 generates a data block to be deleted and modified by the control module, and transmits the data block to the control module 130 when the information requested in the IP corresponding to the control list is transmitted to the outside.

2C, the control module 130 includes a cache memory 131, a storage unit 132, a protocol analysis unit 133, a packet manipulation unit 134, a security policy unit 135, and a control unit 136, .

Since the cache memory unit 131 uses a cache memory, the cache memory unit 131 can perform data decomposition and reassembly operations of packets at high speed.

The storage unit 132 stores and activates a protocol analysis program for decomposing a data stream of a packet, and may use a synchronous dynamic RAM (SDRAM) or the like for implementing the protocol analysis program.

The protocol analyzing unit 133 receives the first packet transmitted by the transmitting module 110 and the second packet transmitted by the receiving module 120 and transmits the IP packet to the IP in the black list on the TCP / And if so, causes the packet manipulation unit 134 to modify the packet by adding information distortion to both the transmission and reception protocols.

In addition, when a virus check program for preventing hacking is interlocked, the protocol analyzing unit 133 determines whether or not a hacking is performed by using an anti-virus linkage and the result.

The packet manipulation unit 134 determines whether the IP address described on the TCP / IP protocol is an address in the black list or the front-side flow-out prohibited item in the protocol analyzing unit 133, or whether the first packet or the second packet is hacked The TCP / IP protocol is decomposed into a header area and a data area to reconstruct a new data stream by distorting a data block and a data size, Block all incoming information.

In more detail, the packet manipulation unit 134 analyzes the first packet transmitted from the server 200 and stores the packet as a Destination IP address of a destination IP packet as shown in FIG. 3B .

Next, the packet ID is analyzed by analyzing the second packet transmitted from the client 300 side, but the length of the IP payload data is set to '0' After deleting the data block, a response signal including the processing result information is sent to the receiving module 120 to block the entry of external data received through the client 300 side.

In addition, the access control list (ACL) can be excluded only for a specific IP address. For example, if an access control list (ACL) is set to a high-risk IP or a designated IP only, A source block or a method of removing a data block for an arbitrary IP can be used.

As a result, the server 200 can not receive data transmitted from the client 300, and consequently, all information coming from the outside of a predetermined size or more is blocked, thereby making it possible to secure the server 200 from hacking.

The security policy unit 135 checks whether a packet is hacked and performs countermeasures against hacking (for example, forcibly terminating a session, notifying an administrator, etc.) according to a previously defined security standard.

The control unit 136 controls the cache memory 131, the storage unit 132, the protocol analysis unit 133, the packet operation unit 134, and the security policy unit 135, ) Can be used.

While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments. It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit of the invention.

100: Board-based unidirectional communication control system
110: Transmission module
120: receiving module
130: control module
131: cache memory unit
132:
133: Protocol Analysis Section
134:
135: Security Policy Department
136:

Claims (5)

And a controller for receiving a packet transmitted from the server and the client, determining whether the packet is hacked through a TCP / IP protocol analysis, and if it is determined that there is a hacking, And a unidirectional communication control module for interrupting information incoming from the outside by distorting the information,
Wherein the unidirectional communication control module comprises:
A transmission module for receiving a first packet transmitted from the server and transmitting the first packet to the control module;
A receiving module for receiving a second packet transmitted from the client and transmitting the second packet to the control module; And
The first packet and the second packet, and determines whether the first packet or the second packet is hacked through the TCP / IP protocol analysis. If the first packet or the second packet is determined to be hacked, And a control module for interrupting information input from the outside by distorting a data block and a data size of the data block,
The control module includes:
Receiving the first packet and the second packet to determine whether an IP listed on the TCP / IP protocol corresponds to an IP in a black list or a front flooding prohibited matter, and whether the first packet or the second A protocol analyzer for determining whether a packet is hacked;
When the protocol analyzing unit determines that the IP is an address in a black list, a front flow-out prohibited item, or that there is a hack in the first packet or the second packet, the data of the first packet or the second packet A packet manipulation unit for distorting blocks and data sizes to block information flowing from the outside; And a control unit for controlling the protocol analyzing unit and the packet manipulating unit,
The packet manipulation unit,
Sets the length of the IP payload data to '0', holds the packet ID, deletes the data block, and outputs a response signal including the processed result information To the receiving module, and transmits the received board-based unidirectional communication control signal to the receiving module.
delete delete delete The method according to claim 1,
Further comprising a security policy unit for checking whether a packet is hacked and performing a countermeasure against hacking according to a previously defined security criterion.
KR1020150060847A 2015-04-29 2015-04-29 System for uni direction protocol control on board KR101639428B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150060847A KR101639428B1 (en) 2015-04-29 2015-04-29 System for uni direction protocol control on board

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150060847A KR101639428B1 (en) 2015-04-29 2015-04-29 System for uni direction protocol control on board

Publications (1)

Publication Number Publication Date
KR101639428B1 true KR101639428B1 (en) 2016-07-13

Family

ID=56505800

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150060847A KR101639428B1 (en) 2015-04-29 2015-04-29 System for uni direction protocol control on board

Country Status (1)

Country Link
KR (1) KR101639428B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2559431A (en) * 2017-06-01 2018-08-08 Garrison Tech Ltd Web server security

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000054538A (en) * 2000-06-10 2000-09-05 김주영 System and method for intrusion detection in network and it's readable record medium by computer
KR20100073153A (en) * 2008-12-22 2010-07-01 한국전자통신연구원 Packet processing method and toe hardware using the same
KR101463873B1 (en) 2011-09-30 2014-11-20 주식회사 엔피코어 Method and apparatus for preventing data loss

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000054538A (en) * 2000-06-10 2000-09-05 김주영 System and method for intrusion detection in network and it's readable record medium by computer
KR20100073153A (en) * 2008-12-22 2010-07-01 한국전자통신연구원 Packet processing method and toe hardware using the same
KR101463873B1 (en) 2011-09-30 2014-11-20 주식회사 엔피코어 Method and apparatus for preventing data loss

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2559431A (en) * 2017-06-01 2018-08-08 Garrison Tech Ltd Web server security
GB2559431B (en) * 2017-06-01 2020-09-02 Garrison Tech Ltd Web server security
US11444958B2 (en) 2017-06-01 2022-09-13 Garrison Technology Ltd Web server security

Similar Documents

Publication Publication Date Title
US10757134B1 (en) System and method for detecting and remediating a cybersecurity attack
US7725936B2 (en) Host-based network intrusion detection systems
EP1895738B1 (en) Intelligent network interface controller
US9954873B2 (en) Mobile device-based intrusion prevention system
EP3014813B1 (en) Rootkit detection by using hardware resources to detect inconsistencies in network traffic
US9306974B1 (en) System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits
US11122061B2 (en) Method and server for determining malicious files in network traffic
US7137145B2 (en) System and method for detecting an infective element in a network environment
US20190281071A1 (en) Secure Notification on Networked Devices
US8079030B1 (en) Detecting stealth network communications
US20090241196A1 (en) Method and system for protection against information stealing software
US8533778B1 (en) System, method and computer program product for detecting unwanted effects utilizing a virtual machine
US8763121B2 (en) Mitigating multiple advanced evasion technique attacks
US20050086512A1 (en) Worm blocking system and method using hardware-based pattern matching
KR101639428B1 (en) System for uni direction protocol control on board
JP2005134972A (en) Firewall device
US20170346844A1 (en) Mitigating Multiple Advanced Evasion Technique Attacks
KR101663935B1 (en) System and method for protecting against phishing and pharming
Ponomarev Intrusion Detection System of industrial control networks using network telemetry
US11451584B2 (en) Detecting a remote exploitation attack
CN115208596B (en) Network intrusion prevention method, device and storage medium
KR101196366B1 (en) Security NIC system
Singh et al. COMPARATIVE ANALYSIS OF DATA SECURITY TECHNIQUES IN NETWORK ENVIRONMENT
REDDY et al. A Review on Security Issues Related to Computer Networks
Batra et al. Network and Information Security Issues

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20190709

Year of fee payment: 4