DNS ORIGIN TRACKING METHOD AND SYSTEM USING DNS SERVER FOR INFECTED SYSTEM

DNS ORIGIN TRACKING METHOD AND SYSTEM USING DNS SERVER FOR INFECTED SYSTEM

Disclosed are a method and a system for tracking an origin of an infection system based on a DNS server that allows a user terminal that has been hacked by malicious code or the like to access a sinkhole that is not a malicious domain when requesting a malicious domain connection. The present invent...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: LEE DAE HO, CHOI SUNG SU, KIM KI HWAN, LEE DONG GEUN, KIM SUNG WOO
Format: Patent
Sprache:eng ; kor
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Disclosed are a method and a system for tracking an origin of an infection system based on a DNS server that allows a user terminal that has been hacked by malicious code or the like to access a sinkhole that is not a malicious domain when requesting a malicious domain connection. The present invention allows a user terminal that has been hacked by a malicious code or the like to access a sinkhole that is not a malicious domain when requesting a malicious domain connection and at the same time clearly identifies which user terminal is a hacked user terminal, thereby quickly performing post-processing for the user terminal. 악성 코드 등에 의하여 해킹당한 사용자 단말이 악성 도메인 접속을 요청한 경우에 악성 도메인이 아닌 싱크홀에 접속할 수 있도록 하는 DNS 서버에 기반한 감염 시스템의 원점 추적 방법 및 시스템이 개시된다. 본 발명은 악성 코드 등에 의하여 해킹당한 사용자 단말이 악성 도메인 접속을 요청한 경우에 악성 도메인이 아닌 싱크홀에 접속할 수 있도록 함과 동시에 해킹당한 사용자 단말이 어떤 사용자 단말인지 명확하게 특정하여 해당 사용자 단말에 대한 사후 조치를 빠르게 수행할 수 있는 효과가 있다.