A Study on Collection and Analysis Method of Malicious URLs Based on Darknet Traffic for Advanced Security Monitoring and Response

ABSTRACT Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the or ganizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect u nknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique i n order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. 1) The proposed method prepared 8,192 darknet space and extracted 접수일(2014년 9월 11일), 수정일(2014년 10월 13일), 게재확정일(2014년 10월 24일)* 본 연구는 2014년도 미래창조과학부의 수탁사업 ｢과학기술사이버안전센터 구축 및 운영사업｣의 지원을 받아 수행된 연구임 (G-14-GM-IR02)†주저자, kisados@kisti.re.kr‡교신저자, song@kisti.re.kr(Corresponding author)