Professional Documents
Culture Documents
WP 2003
WP 2003
,
. ,
.
,
. ,
125
.
.
,
.
, ,
2002
2003
.
,
.
,
.
2003 5
11
11
13
14
18
20
22
22
31
3 2002
42
2
1
55
55
61
65
68
i
72
72
89
95
99
99
2 102
3 106
4 109
1 109
2 116
3 120
4 129
3
1 139
2 148
1 149
2 158
3 162
1 163
2 170
3 173
4 176
1 176
2 183
ii
4
1 189
1 OECD 189
2 APEC 193
3
198
2 202
1
202
215
3 224
. 2002 249
. 251
. 2002 256
. 20 261
. OECD 272
. 277
. 281
. IETF 282
. 288
iii
[ 1-1-1]
[ 1-1-2]
[ 1-1-3]
[ 1-2-1]
14
[ 1-2-2]
15
[ 1-2-3]
19
[ 1-3-1]
23
[ 1-3-2]
24
[ 1-3-3]
27
[ 1-3-4] 2002
32
[ 1-3-5]
33
[ 1-3-6]
34
[ 1-3-7]
36
[ 1-3-8]
37
[ 1-3-9]
39
[ 1-3-10]
40
[ 1-3-11]
42
[ 2-1-1]
63
[ 2-1-2]
70
[ 2-2-1]
91
[ 2-2-2]
92
[ 2-2-3]
94
[ 2-3-1] 101
iv
[ 2-3-2] 103
[ 2-3-3] 105
[ 2-3-4] 107
[ 2-3-5] (ISAC) 108
[ 2-4-1] 110
[ 2-4-2] 111
[ 2-4-3] 3 112
[ 2-4-4] 114
[ 2-4-5] 117
[ 2-4-6] 2002 117
[ 2-4-7] (2001~2002) 118
[ 2-4-8] DB (2001~2002) 119
[ 2-4-9] (1 ) 121
[ 2-4-10] 121
[ 2-4-11] 122
[ 2-4-12] 123
[ 2-4-13] 124
[ 2-4-14] 125
[ 2-4-15] 2002 125
[ 2-4-16] 2002 125
[ 2-4-17] 131
[ 2-4-18] 2002 132
[ 2-4-19] 133
[ 3-1-1] () () 143
[ 3-1-2]
146
[ 3-2-1] 2002 TTA 159
[ 3-2-2] ISO/IEC JTC1/SC27 160
[ 3-2-3] IEFT 161
[ 3-3-1] 163
v
[ 3-3-2] 164
[ 3-3-3] 2003 167
[ 3-3-4]
( ) 169
[ 3-3-5] -2002 12 174
[ 3-3-6] -3 175
[ 3-3-7] 175
[ 3-4-1] IT (2001~2007) 177
[ 3-4-2] 2001~2007() 178
[ 3-4-3] 2001~2007 180
[ 3-4-4] - 184
[ 4-1-1] OECD 9 191
[ 4-1-2] UN 199
[ 4-2-1] 214
[ 1-1-1]
[ 1-1-2]
[ 1-2-1]
12
[ 1-2-2]
12
[ 1-2-3]
13
[ 1-2-4]
15
[ 1-2-5]
16
[ 1-2-6]
17
[ 1-2-7]
17
[ 1-2-8]
18
[ 1-2-9]
20
[ 1-3-1]
32
[ 1-3-2]
33
[ 1-3-3]
35
vi
[ 1-3-4]
35
[ 1-3-5] 3
37
[ 1-3-6]
38
[ 1-3-7]
39
[ 1-3-8]
40
[ 1-3-9]
41
[ 2-2-1]
84
[ 2-2-2]
85
[ 2-2-3]
90
[ 2-2-4]
91
[ 2-3-1] 107
[ 2-4-1] 114
[ 2-4-2] 131
[ 2-4-3] 2002 132
[ 3-4-1] 2001~2007() 178
[ 3-4-2] 185
[ 4-2-1] () 203
[ 4-2-2] ()) 205
[ 4-2-3] () 205
[ 4-2-4] () 206
vii
1
2
3
1
1.
. ,
, , , ,
.
100.0
30,000
22,230
24,380
19,040
16,400
44.7
50.0
9,430
51.6
56.6
25,650
58.0
26,270
59.4
15,000
38.5
22.4
0.0
0
1999.10
2000.8
2000.12
2001.6
2001.12
2002.6
2002.12
, 2002
. 1982
, 1994 . 1998
1999 .
4 1,000 2002
100 20 . 9
2002 12 59.4% .
. < 1-1-1> .
1-1-1
1998
1999
2000
2001
2002
()
3,103
10,860
19,040
24,380
26,270
()
160.0
276.0
407.1
513.41
563.0
1) , , 2002 12,
3,568(10,162) .
4
100
2001.12
2002.12
62.0
49.9
50
27.3 24.9
4.8 1.5
2.7 0.3
11.8
9.3
0.7
3.5 1.3
ISDN
xDSL
2001.12
27.3
4.8
2.7
49.9
11.8
3.5
2002.12
24.9
1.5
0.3
62.0
9.3
0.7
1.3
1-1-2 ( : )
1-1-2
xDSL
62.0% , 24.9%, 9.3%
.
2.
.
. , ,
.
, ,
, , ,
, , ,
.
5
, ,
. 2002 2001
3 16,507( 1,315, 15,192)
.2)
2002 6
,
.
3.
3
.
.
. ,
( 6)
.
.
PC 1 15
15 .
.
2) :2002
, .
6
4.
. 2003 1 25
.
,
. (Slammer Worm)
7 5
9 (Mi2g) .
<1-1-2> .
1-1-2
13,000
/
XP
MS
MS
911
1 27
, MS SQL
6, 1
1-1-3
2~5
300
PC
225
MS 2001. 7 SQL
MS SQL
80%
.
MS
. ,
.
, ,
.
,
8
,
,
, .
.
2
, ,
,
.
2003 2002 1 1 12 31
, 2002
5 .
1
. , 2002
.
2
. 1
,
.
. 2
2002 ,
. 3
2002
2002
(ISAC) . 4
9
2002 .
, .
3 , ,
. 1
2002
. 2
. 3
, .
4
.
4
, 5
.
2002 ,
, 2002 , 20 ,
OECD , , , IETF
,
.
10
.
.
2002 2004
.
.
1
.
.
.
2003
< 1-2-1> .
11
81%
3%
16%
1-2-1 ( : )
300
3% ,
16% .
81%
.
< 1-2-2> .
(50%)
3%
70%
5%
(30%)
(20%)
(20%)
22%
1-2-2 ( : )
12
2002 , 442,665
79% .
( )
.
, (Outsourcing)
.
2%
19%
79%
1-2-3 ( : )
2
,
.
.
13
1-2-1
( : )
2001
2002
2003
14,139
16,114
16,817
259
306
368
1.80%
2.0%
2.2%
< 1-2-1>
2001 14,139 259 2002
16,114 306 2.0% , 2003
16,817 368 2.2% .
3
PC 9 1 0.9, 1 21.9,
2,670 . PC
. PC
.
.
.
2003 ,
.
< 1-2-4> ,
, , .
14
61.8%
. , , ,
< 1-2-2> .
7.6
4.6
11
5.5
0.9
3.4
ESM
IC
0.9
0
2.9
PC
3.4
10.1
6.3
16.4
61.8
47.1
60.5
0
10
20
30
40
50
60
70
80
90
100
1-2-4 ( : )
1-2-2
( : , )
43
79.1%
79.1%
90.7%
16
43.8%
93.8%
100.0%
17
64.7%
82.4%
94.1%
175
57.0%
3.07%
47.1%
15
2002
84.9% , 1,000 98.7%,
72.2% .
, 5~9 ,
,
41.8% .
90
(%)
80
70
62.4
60
50
84.9
(%)
49.4
50.6
57.8
53.2
46.8
42.2
59.5
54.9
45.1
51.1 48.9
40.5
37.6
40
30
15.1
20
10
0
1-2-5 ( : )
2002.6.30, 5 <2001 ()
>
< 1-2-5>
.
, 59.1% .
, .
, ,
. ,
,
, .
16
< 1-2-6>
.
,
.
< 1-2-7> .
,
, .
100
80
70
60
50
98.7
87.4
(%)
(%)
90
77.7
62.7
51
49
37.3
40
22.3
30
12.6
20
1.3
10
0
5~9
10~49
50~299
300~999
1,000
1-2-6 ( : )
100
90
80
70
60
50
86.6
60.4
48.5
37.3
40
30
20 14.5
9.2 9.9
6.6
10
0
0
0
5~9
17.3
3.212.37.2
4.3
1.4
10~49
9.9
6.3 9.15.9 2.1
50~299
21.5
19.7
13.3
10.4
4.6
300~999
33.6
18.6
16
4.2
1,000
1-2-7 ( : )
17
4
,
.
.
.
2002 ,
2000 2,145,
2001 3,580, 2002 4,441
.
< 1-2-8>
.
, PKI &
.
90,000
PKI
ESM
PC
80,000
70,000
60,000
50,000
40,000
30,000
20,000
10,000
0
2000
2001
2002
1-2-8 ( : )
18
1-2-3
( : )
2000
2001
2002
PC
16,872
31,542
35,010
41,946
64,084
67,071
18,450
40,279
50,303
15,046
30,560
34,367
PKI
25,348
34,242
43,787
5,415
9,338
14,896
2,474
4,267
4,530
ESM
14,712
19,247
24,747
34,562
43,868
50,791
174,825
277,428
325,502
9,836
13,056
22,112
6,286
9,373
13,519
16,122
22,429
35,631
23,556
58,172
83,000
214,503
358,029
444,133
19
, < 1-2-9>
, .
50
47.3
45
39.9
40
35
25
32.2
31
30
23.1
1999
2001
2003
26.3
24.9
22.5
25.5
20
15
7.3
10
2.6
5
0
6.7
4.6
2.1 4.1
1-2-9 ( : )
5
, ,
,
.
, .
, ,
.
< 1-2-1>
.
,
,
, , .
20
, ,
.
2004
2002 , 2003
.
21
1
1.
.
, , ,
, , .
. ,
(Accidental threats) (Intentional
threats) .
(Malicious threats), (Unintentional threats), (Physical
threats) .
.
: (H/W , ),
( , , , , ,
, )
: , , ,
: , ,
: , , , H/W
22
1-3-1
, ,
, Chipping/
/
< 1-3-1> .
, , , , ,
.
, , ,
, , .
23
(1)
. (Intrusion)
.
< 1-3-2> .
1-3-2
Sendmail
.
.
.
.
.
Backdoor
.
TCP/IP IP Spoofing
.
,
ID Sniffing
.
24
(2)
.
(),
(),
()
.
, CMOS ,
, .
.
, PC, LAN,
. MS , MS ,
CIH()
.
, .
(3) (Denial of Service : DoS)
.
,
. E-mail
(, ) .
,
.
.
(Distributed Denial of Service)
25
, ,
.
(4)
(Worm)
. ,
.
,
, .
(exe ) ,
.
(5) (Trojan Horse)
.
. ,
.
(6)
,
.
(7) Spyware
. ,
.
(8)
< 1-3-3> .
1-3-3
Chipping
Nano Machine
, Chip
.
,
.
HERF Gun
(High Energy
Radio Frequency)
EMP Bomb
(Electro-Magnetic
Pulse)
Electronic Jamming
2.
. 2002 5
2002
5 . 5
. , 1,000 , ISAC
, , 1 5
, 300%, 10
, , 43 ,
.
27
2002 11 2
. 13
2 .
(G4C) (G2B)
4 , (HTS),
(PPSS) 15
.
.
(2) 1,000
9 2002 12 58%
4 1,000
. ,
,
.
(3) ISAC()
(ISAC)
( : ), (), ()
, . (Information
Sharing and Analysis Center)
,
.
(4)
2002 . 2002
12 .H
28
(26,015) 17%(4,445) .
.
(5) 1
2002 2 ,
1 .
(2003.2.6) 2002 12.8%
(35.4%) 2
1 23.7 1
.
,
468
. ,
2002 4,
, , 20
4,300 .
. 2002
, ,
, , ,
.
,
. ,
(Signature)
,
. , ,
. ,
29
. , ( )
.
, . ,
. , Active X, Java, JavaScript
(mobile code)
. , ,
.
(sophistication)
. ,
. , , DNS
, .
. 2002
,
,
.
2000 Ramen, Lion, Adore
, 2001 Codered, Nimda , 2002 Klez,
Spida, Opaserv
.
, Proxy
.
2003
,
30
DDoS .
,
,
,
.
.
2
1.
.
2002
, , ,
, .
.
2000
2000
.
, .
.
. ,
.
31
(1)
1999 18 <
1-3-1> . 2000 102, 2001 277, 2002 539
2 .
.
600
539
500
400
277
300
200
102
100
18
1999
2000
2001
2002
1-3-1 ( : )
1-3-4 2002
( : )
10
11
12
22
10
11
81
31
17
22
20
25
23
13
41
43
37
76
37
21
35
31
36
35
25
59
60
50
88
45
28 369
11
19
54 539
369(68%)
, 81(15%), 31(6%), 22
32
(4%) .
. < 1-3-4> 2002
.
< 1-3-5> .
446(83%)
,
36(7%) .
1-3-5
( : )
()
2001
174
67
18
14
277
2002
446
36
49
539
< 1-3-2>
229(43%) 109(20%)
.
.
89(16%)
229(43%)
7(1%)
105(20%)
109(20%)
1-3-2 ( : , )
33
2002
293
25
()
0
455
776
,
. ,
,
.
. ,
.
(2)
200~300%
, 2002 185%, 1
. ,
.
2002 < 1-3-3> .
34
16,000
15,192
14,000
12,000
10,000
8,000
6,000
5,333
4,000
2,000
1,943
64
158
572
97
98
99
0
00
01
02
1-3-3
< 1-3-4>
6,444 , PC
58% 3,740 .
1,812 28%, 716 11%,
176 3% .
1,812(28%)
3,740(58%)
716(11%)
/
176(3%)
1-3-4 ( : , )
< 1-3-7> ,
4,638 29.6% . 2002 4
35
.
26%
, 3,971 25%
.
1-3-7
( : , )
()
S/W
() 4,638
4,112
3,971
1,943
602
243
147
18
15,675
(%)
26.2
25.3
12.4
3.8
1.6
0.9
0.1
100
29.6
,
,
. ,
, PC
PC
.
(1)
70,000
65,033
60,000
50,124
50,000
38,677
40,000
30,000
20,000
10,000
0
2000
2001
2002
1-3-5 3 ( : )
1-3-8
( : , )
2001
2002
194
232
( )
165(85%)
208(89.7%)
( )
29(15%)
24(10.3%)
2002
, P2P ,
.
, .
PC DoS
.
, (MSN, ICQ ) P2P(KaZaA )
37
.
, ,
.
ID
Funlove .
, .H .B
.
< 1-3-6> .
700
572
600
500
400
379
300
200
256
232
276
194
100
0
1997
1998
1999
2000
2001
2002
1-3-6 ( : )
(2)
2002
2001
25
21
48
41
38
11
105
34
16
81
20
40
60
80
100
120
1-3-7 ( : )
1-3-9
( : )
01
10
11
12
81
16
34
10
10
15
15
21
105
11
38
41
48
21
25
194
16
15
15
17
17
25
14
30
36
37
232
1-3-10
( : , )
Klez.H
8,711
6,717
4,413
2,332
1,362
15,142
38,677
22.5
17.4
11.4
6.0
3.5
39.2
100
2.
CERT-CC , 2000
1999 121%, 2001 2000 142% , 2002
82,094 2001 52,658 56%
. , , 4 < 1-3-8>
.
1999
2000
2001
2002
50,000
100,000
2002
82,094
112,346
1,435
2001
52,658
40,274
2,853
2000
21,756
4,783
2,224
1999
9,859
1,712
788
1-3-8 ( : )
40
150,000
342
85
454
1,958
1-3-9 ( : )
JPCERT(Japan Computer-CERT)/CC
1999 788, 2000 2,224, 2001 2,853
2002 1,435 . ,
4)
3) www.ja.net/CERT/JANET-CERT/monthly_reports.html
4) ,
, , ,
() IPA().
41
IPA/ISEC( )
1999 55, 2000 143, 2001 550 2002 619
.
, < 1-3-11>
2002 329 924
.
(935) 2002
,
.
1-3-11
( : )
2000
2001
2002
25
448
13
73
258
286
547
30
106
1,253
329
3 2002
1.
.
(1) Codered
2002 7 Codered
.
42
.
(2) Nimda
2002 9 Nimda
B 60 . Nimda
.
(3) Opaserv5)
2002 10
. 10
,
C /
opaserv .
(4) Spida6)
2002 6 Spida
() .
MSSQL
MSSQL Spida
.
(1)
2002 1 1
.
ISP
.
(2) RPC7)
2002 5
. rpc.statd
t0rnkit
.
(3) Wu-ftp
2002 5
.
FTP(wu-ftpd)
.
(4) SSH8)
2002 9 SSH
. teso team SSH
.
50
.
(5)
2002 8 ,
2002
7 13 1 4,700
4 .
.
. 9)
2002 6 4
. PEREZ
, Infidelz .
.
.
(1)
9) 80
45
channel) . php
,
PC .
(2)
2002 12 ,
SLAYD php
, .
. PC
(1) PC
2002 9 .
2000
(winshell, ntshell, dwrcs) ,
.
(2)
2002 10
.
opaserv
.
(3) Warez Ftp
46
. DB
(spida) 2002
12 Oracle Password . Web
(DB ID, Password
)
.inc ,
Oracle DB
.
.
(1)
2002 11 .
.
(2)
2002 5 50 230
. , , , ,
,
.
(1) sendmail
2002 7
. Linux sendmail 8.9.3
47
relay .
(2) Emwacs
2002 7 SpamCop
. IP Web Cache
() Jaguar2000 , Proxy
open proxy( )
, .
2.
(1)
2002 10 13
9 .
(NIPC)
(DoS) 13 7
, 2 .
.
1 .
. 13
.
: , 2002.10.24
48
(2) ,
CNN
.
, . , FBI NIPC
,
.
: www.CNN.com, 2002.12.11
(3)
.
() ,
.
.
.
.
: , 2002.10.18
(4) , 6000
2002 10 1,167 , ,
564, 10 34
6,500 . Douglas Alexander
. ,
49
10
.
: www.gcn.com, 2002.11.29
(5) ,
haxOrs
2002 7
BBC mi2g . 2002
, (.it)
7 514 ,
1600 (.com) 2 .
(.br) 329 3 (.uk) 94 4
. ,
. 8 838
.
: , 2002.8.28
(6) ,
,
.
. 2002 6
.
,
.
: , 2002.8.8
50
(7) ,
(NASA)
6 . 15
(Hi-tech Hate)
G8(7+) ,
, , , , , , , , ,
.
: , 2002.1.17
(8) ,
.
G
. G
-
.
: , 2002.1.11
(9)
(6.13)
.
130
.
.
: www.fcw.com, 2002.12.14
51