WP 2003

2003
,
. ,

.
,

. ,
125

.

.
,
.
, ,
2002
2003
.

,
.

,
.
2003 5
11
11
13
14
18
20
22
22
31
3 2002
42
2
1
55
55
61
65
68
i
72
72
89
95
99
99
2 102
3 106
4 109
1 109
2 116
3 120
4 129
3
1 139
2 148
1 149
2 158
3 162
1 163
2 170
3 173
4 176
1 176
2 183
ii
4
1 189
1 OECD 189
2 APEC 193
3
198
2 202
1
202
215
3 224
. 2002 249
. 251
. 2002 256
. 20 261
. OECD 272
. 277
. 281
. IETF 282
. 288
iii

[ 1-1-1]
[ 1-1-2]
[ 1-1-3]
[ 1-2-1]
14
[ 1-2-2]
15
[ 1-2-3]
19
[ 1-3-1]
23
[ 1-3-2]
24
[ 1-3-3]
27
[ 1-3-4] 2002
32
[ 1-3-5]
33
[ 1-3-6]
34
[ 1-3-7]
36
[ 1-3-8]
37
[ 1-3-9]
39
[ 1-3-10]
40
[ 1-3-11]
42
[ 2-1-1]
63
[ 2-1-2]

70
[ 2-2-1]
91
[ 2-2-2]
92
[ 2-2-3]
94
[ 2-3-1] 101
iv
[ 2-3-2] 103
[ 2-3-3] 105
[ 2-3-4] 107
[ 2-3-5] (ISAC) 108
[ 2-4-1] 110
[ 2-4-2] 111
[ 2-4-3] 3 112
[ 2-4-4] 114
[ 2-4-5] 117
[ 2-4-6] 2002 117
[ 2-4-7] (2001~2002) 118
[ 2-4-8] DB (2001~2002) 119
[ 2-4-9] (1 ) 121
[ 2-4-10] 121
[ 2-4-11] 122
[ 2-4-12] 123
[ 2-4-13] 124
[ 2-4-14] 125
[ 2-4-15] 2002 125
[ 2-4-16] 2002 125
[ 2-4-17] 131
[ 2-4-18] 2002 132
[ 2-4-19] 133
[ 3-1-1] () () 143
[ 3-1-2]
146
[ 3-2-1] 2002 TTA 159
[ 3-2-2] ISO/IEC JTC1/SC27 160
[ 3-2-3] IEFT 161
[ 3-3-1] 163
v
[ 3-3-2] 164
[ 3-3-3] 2003 167
[ 3-3-4]
( ) 169
[ 3-3-5] -2002 12 174
[ 3-3-6] -3 175
[ 3-3-7] 175
[ 3-4-1] IT (2001~2007) 177
[ 3-4-2] 2001~2007() 178
[ 3-4-3] 2001~2007 180
[ 3-4-4] - 184
[ 4-1-1] OECD 9 191
[ 4-1-2] UN 199
[ 4-2-1] 214
[ 1-1-1]
[ 1-1-2]
[ 1-2-1]
12
[ 1-2-2]
12
[ 1-2-3]
13
[ 1-2-4]
15
[ 1-2-5]
16
[ 1-2-6]
17
[ 1-2-7]
17
[ 1-2-8]
18
[ 1-2-9]
20
[ 1-3-1]
32
[ 1-3-2]
33
[ 1-3-3]
35
vi
[ 1-3-4]
35
[ 1-3-5] 3
37
[ 1-3-6]
38
[ 1-3-7]
39
[ 1-3-8]
40
[ 1-3-9]
41
[ 2-2-1]
84
[ 2-2-2]
85
[ 2-2-3]
90
[ 2-2-4]
91
[ 2-3-1] 107
[ 2-4-1] 114
[ 2-4-2] 131
[ 2-4-3] 2002 132
[ 3-4-1] 2001~2007() 178
[ 3-4-2] 185
[ 4-2-1] () 203
[ 4-2-2] ()) 205
[ 4-2-3] () 205
[ 4-2-4] () 206
vii
1
2
3
1
1.

. ,

, , , ,
.

100.0
30,000
22,230
24,380
19,040
16,400
44.7
50.0
9,430
51.6
56.6
25,650
58.0
26,270
59.4
15,000
38.5
22.4
0.0
0
1999.10
2000.8
2000.12
2001.6
2001.12
2002.6
2002.12
1-1-1 ( : (%), ())

3
, 2002
. 1982
, 1994 . 1998
1999 .
4 1,000 2002
100 20 . 9
2002 12 59.4% .

. < 1-1-1> .
1-1-1
1998
1999
2000
2001
2002
()
3,103
10,860
19,040
24,380
26,270
()
160.0
276.0
407.1
513.41
563.0
< 1-1-1> 2002 12 2,627

59.4%( 6 1 ),
3 . 13.5, 2002
31.0%( 1.4 )
.
, ,
.1)
.
xDSL,
.
1) , , 2002 12,
3,568(10,162) .
4
100
2001.12
2002.12
62.0
49.9
50
27.3 24.9
4.8 1.5
2.7 0.3
11.8
9.3
0.7
3.5 1.3
ISDN
xDSL
2001.12
27.3
4.8
2.7
49.9
11.8
3.5
2002.12
24.9
1.5
0.3
62.0
9.3
0.7
1.3
1-1-2 ( : )
1-1-2
xDSL
62.0% , 24.9%, 9.3%
.
2.

.

. , ,
.

, ,
, , ,
, , ,
.

5
, ,
. 2002 2001
3 16,507( 1,315, 15,192)
.2)
2002 6
,
.
3.

3
.
.

. ,

( 6)
.

.
PC 1 15
15 .

.
2) :2002
, .
6
4.

. 2003 1 25

.
,
. (Slammer Worm)
7 5
9 (Mi2g) .
<1-1-2> .
1-1-2
13,000

/
XP
MS
MS
911
1 27

, MS SQL

6, 1
(Slammer Worm) 11.8%

8 8 . 7 2
. 7 .
< 1-1-3> .
1-1-3
2~5
300
PC
225

MS 2001. 7 SQL
MS SQL
80%
.
MS

. ,

.
, ,

.
,
8
,
,
, .

.
2
, ,
,
.
2003 2002 1 1 12 31
, 2002
5 .
1
. , 2002
.
2
. 1
,
.
. 2
2002 ,
. 3
2002
2002
(ISAC) . 4

9

2002 .

, .
3 , ,
. 1
2002
. 2

. 3

, .
4
.
4
, 5
.
2002 ,
, 2002 , 20 ,
OECD , , , IETF
,
.
10

.

.
2002 2004
.

.
1

.

.
.
2003
< 1-2-1> .
11
81%
3%
16%
1-2-1 ( : )
300
3% ,
16% .
81%
.

< 1-2-2> .
(50%)
3%
70%
5%
(30%)
(20%)
(20%)
22%
1-2-2 ( : )
12
< 1-2-2> 20%

70% ,
.
.
2002 , 442,665
79% .
( )
.
, (Outsourcing)
.
2%
19%
79%
1-2-3 ( : )
2
,
.
.
13
1-2-1
( : )
2001
2002
2003
14,139
16,114
16,817
259
306
368
1.80%
2.0%
2.2%
< 1-2-1>
2001 14,139 259 2002
16,114 306 2.0% , 2003
16,817 368 2.2% .
3
PC 9 1 0.9, 1 21.9,
2,670 . PC

. PC
.

.
.
2003 ,
.
< 1-2-4> ,
, , .
14
61.8%
. , , ,
< 1-2-2> .
7.6
4.6
11
5.5
0.9
3.4
ESM
IC
0.9
0
2.9
PC
3.4
10.1
6.3
16.4
61.8
47.1
60.5
0
10
20
30
40
50
60
70
80
90
100
1-2-4 ( : )
1-2-2
( : , )
43
79.1%
79.1%
90.7%
16
43.8%
93.8%
100.0%
17
64.7%
82.4%
94.1%
175
57.0%
3.07%
47.1%
15
2002
84.9% , 1,000 98.7%,
72.2% .
, 5~9 ,
,
41.8% .
90
(%)
80
70
62.4
60
50
84.9
(%)
49.4
50.6
57.8
53.2
46.8
42.2
59.5
54.9
45.1
51.1 48.9
40.5
37.6
40
30
15.1
20
10
0
1-2-5 ( : )
2002.6.30, 5 <2001 ()
>
< 1-2-5>
.
, 59.1% .
, .
, ,
. ,
,
, .
16
< 1-2-6>
.
,

.
< 1-2-7> .
,
, .
100
80
70
60
50
98.7
87.4
(%)
(%)
90
77.7
62.7
51
49
37.3
40
22.3
30
12.6
20
1.3
10
0
5~9
10~49
50~299
300~999
1,000
1-2-6 ( : )
100
90
80
70
60
50
86.6
60.4
48.5
37.3
40
30
20 14.5
9.2 9.9
6.6
10
0
0
0
5~9
17.3
3.212.37.2
4.3
1.4
10~49
9.9
6.3 9.15.9 2.1
50~299
21.5
19.7
13.3
10.4
4.6
300~999
33.6
18.6
16
4.2
1,000
1-2-7 ( : )
17
4
,
.

.
.
2002 ,
2000 2,145,
2001 3,580, 2002 4,441
.
< 1-2-8>
.
, PKI &
.
90,000
PKI
ESM
PC
80,000
70,000
60,000
50,000
40,000
30,000
20,000
10,000
0
2000
2001
2002
1-2-8 ( : )
18
< 1-2-3> 2002

3,255 2000 36% ,
356 3 49%
. 2002
670 PKI
. , 2000 2002
60%
PC 44% .
1-2-3
( : )
2000
2001
2002
PC
16,872
31,542
35,010
41,946
64,084
67,071
18,450
40,279
50,303
15,046
30,560
34,367
PKI
25,348
34,242
43,787
5,415
9,338
14,896
2,474
4,267
4,530
ESM
14,712
19,247
24,747
34,562
43,868
50,791
174,825
277,428
325,502
9,836
13,056
22,112
6,286
9,373
13,519
16,122
22,429
35,631
23,556
58,172
83,000
214,503
358,029
444,133
19
, < 1-2-9>
, .
50
47.3
45
39.9
40
35
25
32.2
31
30
23.1
1999
2001
2003
26.3
24.9
22.5
25.5
20
15
7.3
10
2.6
5
0
6.7
4.6
2.1 4.1

1-2-9 ( : )
5
, ,
,
.

, .
, ,
.
< 1-2-1>
.
,
,
, , .
20

, ,

.
2004
2002 , 2003
.
21
1
1.
.

, , ,
, , .
. ,

(Accidental threats) (Intentional
threats) .
(Malicious threats), (Unintentional threats), (Physical
threats) .
.
: (H/W , ),
( , , , , ,
, )
: , , ,
: , ,
: , , , H/W
22
1-3-1

, ,

, Chipping/
/
< 1-3-1> .
, , , , ,
.
, , ,
, , .
23
(1)

. (Intrusion)

.
< 1-3-2> .
1-3-2
Sendmail
.

.

.

.
.
Backdoor

.
TCP/IP IP Spoofing
.
,
ID Sniffing
.
24
(2)

.

(),
(),
()
.
, CMOS ,
, .

.
, PC, LAN,
. MS , MS ,
CIH()
.
, .
(3) (Denial of Service : DoS)

.
,
. E-mail
(, ) .
,
.

.
(Distributed Denial of Service)
25
, ,
.
(4)
(Worm)
. ,
.

,
, .
(exe ) ,
.
(5) (Trojan Horse)

.
. ,
.
(6)

,
.
(7) Spyware
. ,

.
(8)
Chipping, Nano Machine, HERF Gun, EMPBombs,

Electronic Jamming .
26
< 1-3-3> .
1-3-3
Chipping
Nano Machine
, Chip
.
,
.
HERF Gun
(High Energy
Radio Frequency)
EMP Bomb
(Electro-Magnetic
Pulse)
Electronic Jamming
2.
. 2002 5
2002
5 . 5

. , 1,000 , ISAC
, , 1 5
, 300%, 10
, , 43 ,
.
27
(1) (11 15)
2002 11 2

. 13
2 .
(G4C) (G2B)
4 , (HTS),
(PPSS) 15
.
.
(2) 1,000
9 2002 12 58%
4 1,000
. ,
,
.
(3) ISAC()
(ISAC)
( : ), (), ()
, . (Information
Sharing and Analysis Center)
,

.
(4)
2002 . 2002
12 .H
28
(26,015) 17%(4,445) .

.
(5) 1
2002 2 ,
1 .
(2003.2.6) 2002 12.8%
(35.4%) 2
1 23.7 1
.
,
468
. ,
2002 4,
, , 20
4,300 .
. 2002
, ,
, , ,
.
,

. ,

(Signature)
,
. , ,
. ,
29

. , ( )
.
, . ,

. , Active X, Java, JavaScript
(mobile code)
. , ,
.
(sophistication)
. ,
. , , DNS
, .
. 2002

,
,
.
2000 Ramen, Lion, Adore
, 2001 Codered, Nimda , 2002 Klez,
Spida, Opaserv
.
, Proxy

.
2003
,
30

DDoS .
,
,
,
.

.
2
1.
.
2002
, , ,
, .

.
2000

2000
.
, .

.
. ,
.
31
(1)
1999 18 <
1-3-1> . 2000 102, 2001 277, 2002 539
2 .
.
600
539
500
400
277
300
200
102
100
18
1999
2000
2001
2002
1-3-1 ( : )
1-3-4 2002
( : )

10
11
12
22
10
11
81
31
17
22
20
25
23
13
41
43
37
76
37
21
35
31
36
35
25
59
60
50
88
45
28 369
11
19
54 539
369(68%)
, 81(15%), 31(6%), 22
32
(4%) .

. < 1-3-4> 2002
.
< 1-3-5> .
446(83%)
,
36(7%) .
1-3-5
( : )
()
2001
174
67
18
14
277
2002
446
36
49
539
< 1-3-2>
229(43%) 109(20%)
.
.
89(16%)

229(43%)
7(1%)
105(20%)
109(20%)
1-3-2 ( : , )
33
, 2001 230 2002 776

3 . < 1-3-6>
293(38%) .

.
1-3-6
( : )
2002
293
25
()
0
455
776

,
. ,
,

.

. ,

.
(2)
200~300%
, 2002 185%, 1
. ,

.
2002 < 1-3-3> .
34
16,000
15,192
14,000
12,000
10,000
8,000
6,000
5,333
4,000
2,000
1,943
64
158
572
97
98
99
0
00
01
02
1-3-3
< 1-3-4>
6,444 , PC
58% 3,740 .
1,812 28%, 716 11%,
176 3% .
1,812(28%)

3,740(58%)
716(11%)
/
176(3%)
1-3-4 ( : , )
< 1-3-7> ,
4,638 29.6% . 2002 4
35
.
26%
, 3,971 25%
.
1-3-7
( : , )

()
S/W

() 4,638
4,112
3,971
1,943
602
243
147
18
15,675
(%)
26.2
25.3
12.4
3.8
1.6
0.9
0.1
100
29.6
,

,
. ,
, PC

PC
.
(1)
2002 2000 Funlove, 2001 Nimda, CodeRed

. Klez
.
3 < 1-3-5> .
36
70,000
65,033
60,000
50,124
50,000
38,677
40,000
30,000
20,000
10,000
0
2000
2001
2002
1-3-5 3 ( : )
< 1-3-8> 2002 232

, 89.7% 208
. , Linux DDoS
.
1-3-8
( : , )
2001
2002
194
232
( )
165(85%)
208(89.7%)
( )
29(15%)
24(10.3%)
2002
, P2P ,
.
, .
PC DoS
.
, (MSN, ICQ ) P2P(KaZaA )
37
.
, ,
.
ID
Funlove .
, .H .B
.
< 1-3-6> .
700
572
600
500
400
379
300
200
256
232
276
194
100
0
1997
1998
1999
2000
2001
2002
1-3-6 ( : )
(2)
< 1-3-7> . 2002

232 105
. 2001 81
2002 16 .
< 1-3-9> .
,
2002 .
, , ,
.
38
2002
2001
25
21
48
41
38
11
105
34
16
81
20
40
60
80
100
120
1-3-7 ( : )
1-3-9
( : )

01
10
11
12
81
16
34
10
10
15
15
21
105
11
38
41
48
21
25
194
16
15
15
17
17
25
14
30
36
37
232
< 1-3-10> 2002

8,711 . 6,717,
(Funlove) 4,413, 2,332 .
1

.
39
1-3-10
( : , )

Nimda.A Funlove Opaserve Nimda.D
Klez.H
8,711
6,717
4,413
2,332
1,362
15,142
38,677
22.5
17.4
11.4
6.0
3.5
39.2
100
2.
CERT-CC , 2000
1999 121%, 2001 2000 142% , 2002
82,094 2001 52,658 56%
. , , 4 < 1-3-8>
.
1999
2000
2001
2002
50,000
100,000
2002
82,094
112,346
1,435
2001
52,658
40,274
2,853
2000
21,756
4,783
2,224
1999
9,859
1,712
788
1-3-8 ( : )
40
150,000
JANET(United Kingdom Education &

Research Networking Association)CERT , 1999 1,712
2000 4,783 3 2001 40,274
8 . 2002
112,346 3 .3)
,
UNIRAS(Unified Incident Reporting and Alert Scheme)
2002 2,839 ,
1,958, 454, 85
.
342
85

454

1,958
1-3-9 ( : )
JPCERT(Japan Computer-CERT)/CC
1999 788, 2000 2,224, 2001 2,853
2002 1,435 . ,
4)
(IPA : Information Technology Protection Agency) ,
3) www.ja.net/CERT/JANET-CERT/monthly_reports.html
4) ,
, , ,
() IPA().
41
IPA/ISEC( )
1999 55, 2000 143, 2001 550 2002 619
.
, < 1-3-11>
2002 329 924
.
(935) 2002
,
.
1-3-11
( : )
2000
2001
2002
25
448
13
73
258
286
547
30
106
1,253
329
3 2002
1.
.
(1) Codered
2002 7 Codered
.

42

.
(2) Nimda
2002 9 Nimda
B 60 . Nimda

.
(3) Opaserv5)
2002 10
. 10
,
C /

opaserv .
(4) Spida6)
2002 6 Spida
() .
MSSQL
MSSQL Spida
.
5) Opaserv : C (TCP 137)

,

6) spida : MSSQL SA

43
(1)
2002 1 1

.
ISP
.
(2) RPC7)
2002 5
. rpc.statd
t0rnkit
.
(3) Wu-ftp
2002 5
.
FTP(wu-ftpd)

.
(4) SSH8)
2002 9 SSH
. teso team SSH
7) RPC(Remote Procedure Call) :

, NIS

8) SSH(Secure Shell) :

44

.
50
.
(5)
2002 8 ,
2002
7 13 1 4,700
4 .

.
. 9)
2002 6 4
. PEREZ
, Infidelz .

.
.
(1)
2002 9 php (covert
9) 80

45
channel) . php
,
PC .
(2)
2002 12 ,
SLAYD php
, .
. PC
(1) PC
2002 9 .
2000
(winshell, ntshell, dwrcs) ,
.
(2)
2002 10
.
opaserv
.
(3) Warez Ftp
2002 12 PC S/W Warez

Ftp . Serv-U Ftp
Mp3
Warez Ftp .
46
. DB

(spida) 2002
12 Oracle Password . Web
(DB ID, Password
)
.inc ,
Oracle DB
.
.
(1)
2002 11 .

.
(2)
2002 5 50 230
. , , , ,
,
.
(1) sendmail
2002 7
. Linux sendmail 8.9.3
47
relay .
(2) Emwacs
2002 7 Demon Internet Service

NT Emwacs
Emwacs relay .
(3) Proxy
2002 7 SpamCop
. IP Web Cache
() Jaguar2000 , Proxy
open proxy( )
, .
2.
(1)
2002 10 13
9 .
(NIPC)
(DoS) 13 7
, 2 .
.
1 .

. 13

.
: , 2002.10.24
48
(2) ,
CNN
.

, . , FBI NIPC

,
.
: www.CNN.com, 2002.12.11
(3)

.
() ,
.

.
.

.
: , 2002.10.18
(4) , 6000
2002 10 1,167 , ,
564, 10 34
6,500 . Douglas Alexander

. ,

49
10
.
: www.gcn.com, 2002.11.29
(5) ,
haxOrs

2002 7
BBC mi2g . 2002
, (.it)
7 514 ,
1600 (.com) 2 .
(.br) 329 3 (.uk) 94 4
. ,
. 8 838
.
: , 2002.8.28
(6) ,

,
.

. 2002 6

.

,

.
: , 2002.8.8
50
(7) ,
(NASA)
6 . 15
(Hi-tech Hate)

G8(7+) ,
, , , , , , , , ,
.
: , 2002.1.17
(8) ,

.
G
. G
-
.
: , 2002.1.11
(9)
(6.13)
.
130
.
.
: www.fcw.com, 2002.12.14
51

WP 2003

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WP 2003

Uploaded by

Copyright:

Available Formats

2003

1-1-1 ( : (%), ())

< 1-1-1> 2002 12 2,627

(Slammer Worm) 11.8%

< 1-2-2> 20%

< 1-2-3> 2002

Chipping, Nano Machine, HERF Gun, EMPBombs,

(1) (11 15)

, 2001 230 2002 776

2002 2000 Funlove, 2001 Nimda, CodeRed

< 1-3-8> 2002 232

< 1-3-7> . 2002

< 1-3-10> 2002

Nimda.A Funlove Opaserve Nimda.D

JANET(United Kingdom Education &

(IPA : Information Technology Protection Agency) ,

5) Opaserv : C (TCP 137)

7) RPC(Remote Procedure Call) :

2002 9 php (covert

2002 12 PC S/W Warez

2002 7 Demon Internet Service

You might also like