-
公开(公告)号:KR1020140035655A
公开(公告)日:2014-03-24
申请号:KR1020120102177
申请日:2012-09-14
Applicant: 한국전자통신연구원
IPC: G06F21/00
Abstract: The present invention relates to an apparatus and method for the multi-analysis of a file for tracking an attack source and a spread site in real time. The present invention is technology to analyze a corresponding file by selectively applying a real-time analysis method or a cooperation analysis method for tracking the attack source and the spread site with regard to a harmful file among files loaded on a file sharing site. [Reference numerals] (100) File uploader; (200) File sharing server; (300) Attack tracking unit; (400) File posting unit; (500) Reputation analysis unit
Abstract translation: 本发明涉及用于实时跟踪攻击源和扩散站点的文件的多重分析的装置和方法。 本发明是通过选择性地应用用于跟踪文件共享站点上的文件中的有害文件的跟踪攻击源和扩散站点的实时分析方法或协作分析方法来分析对应文件的技术。 (附图标记)(100)文件上传器; (200)文件共享服务器; (300)攻击跟踪单位; (400)文件发布单元; (500)声望分析单位
-
公开(公告)号:KR1020130058813A
公开(公告)日:2013-06-05
申请号:KR1020110124760
申请日:2011-11-28
Applicant: 한국전자통신연구원
IPC: G06F21/00
CPC classification number: H04L63/0407 , G06F21/6245 , G06F21/6254 , G06F21/6263 , H04L63/1441 , G06F21/00
Abstract: PURPOSE: An agent device for sharing security information based an anonymous identifier among security management domains and a method thereof are provided to share security information based on an identifier based on hash, thereby preventing leakage of personal information included in the security information. CONSTITUTION: An identifier conversion unit(220) converts a real name identifier included in security information into an anonymous identifier and converts security information based on the real name identifier into security information based on the anonymous identifier. A security information communication unit(240) transmits the security information based on the anonymous identifier to the outside of a security management domain in order that security management domains share the security information. The identifier conversion unit converts the real name identifier included in the security information into a hash identifier which is the anonymous identifier by using a one-way hash function. [Reference numerals] (210) Security information providing unit; (220) Identifier conversion unit; (230) Identifier mapping information storage unit; (242) Security information transmitting unit; (244) Security analyzing information receiving unit; (250) Security analyzing information processing unit; (312) Security information receiving unit; (314) Security analyzing information transmitting unit; (320) Identifier reference storage unit; (330) Security information analyzing unit; (340) Reception agent device determination unit; (AA) Anonymous based security information; (BB) Anonymous based security information analyzing result
Abstract translation: 目的:提供一种用于在安全管理域之间基于匿名标识符共享安全信息的代理装置及其方法,用于基于散列来分配基于标识符的安全信息,从而防止安全信息中包含的个人信息的泄漏。 构成:标识符转换单元(220)将安全信息中包含的真实姓名标识符转换为匿名标识符,并且基于匿名标识符将基于真实姓名标识符的安全信息转换成安全信息。 安全信息通信单元(240)将安全信息基于匿名标识符发送到安全管理域的外部,以便安全管理域共享安全信息。 标识符转换单元通过使用单向散列函数将包括在安全信息中的实名标识符转换为匿名标识符的散列标识符。 (附图标记)(210)安全信息提供单元; (220)标识符转换单元; (230)标识符映射信息存储单元; (242)安全信息发送单元; (244)安全分析信息接收单元; (250)安全分析信息处理单元; (312)安全信息接收单元; (314)安全分析信息发送单元; (320)标识符参考存储单元; (330)安全信息分析单元; (340)接收代理设备确定单元; (AA)基于匿名的安全信息; (BB)基于匿名的安全信息分析结果
-
公开(公告)号:KR1020120070771A
公开(公告)日:2012-07-02
申请号:KR1020100132217
申请日:2010-12-22
Applicant: 한국전자통신연구원
CPC classification number: G06F21/577
Abstract: PURPOSE: An apparatus and a method for quantitative security policy evaluation are provided to quantitatively evaluate a security polity on a heterogeneous network through a quantitative evaluation model. CONSTITUTION: A security policy analyzing unit(102) analyzes a security policy of a network. An estimation reference defining unit(104) defines an evaluation standard. An estimation result calculating unit(106) calculates an evaluation result of each security component. A weight calculating unit(108) groups the security components according to a security function. A quantitative estimating unit(110) estimates a security polity of each group.
Abstract translation: 目的:提供定量安全策略评估的设备和方法,通过定量评估模型定量评估异构网络上的安全策略。 构成:安全策略分析单元(102)分析网络的安全策略。 估计参考定义单元(104)定义评估标准。 估计结果计算单元(106)计算每个安全组件的评估结果。 权重计算单元(108)根据安全功能对安全组件进行分组。 定量估计单元(110)估计每个组的安全性。
-
公开(公告)号:KR1020090034549A
公开(公告)日:2009-04-08
申请号:KR1020070099831
申请日:2007-10-04
Applicant: 한국전자통신연구원
CPC classification number: G06F21/577
Abstract: A security device and a method of a compound terminal using a security profile corresponding to an environmental parameter are provided to define a security functional profile according to the kind of the terminals and reconstruct the security function of the terminal. A security profile is set up in a manual or an automatic mode according as a security function configuration part(111) is the security level of a terminal user. A security profile storage part(113) stores the set up security profile. A terminal status monitoring part(114) reports the environmental parameter to the security function configuration part. The environmental parameter includes the change of the terminal power source, the abnormal intrusion attempt and a virus detection.
Abstract translation: 提供使用与环境参数对应的安全简档的复合终端的安全装置和方法,以根据终端的种类定义安全功能简档,并重建终端的安全功能。 根据安全功能配置部分(111)是终端用户的安全级别,以手动或自动模式设置安全简档。 安全简档存储部分(113)存储建立的安全简档。 终端状态监视部(114)向安全功能配置部报告环境参数。 环境参数包括终端电源的变化,异常入侵企图和病毒检测。
-
公开(公告)号:KR100832539B1
公开(公告)日:2008-05-27
申请号:KR1020060123197
申请日:2006-12-06
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1425 , H04L63/0263
Abstract: A multi-pattern search method using a pattern board which doesn't support a multi-pattern and an apparatus for the same are provided to implement multi-pattern searching through a pattern board supporting only single-pattern searching by configuring a bitmap table for search rules and creating a pattern index table containing the input pattern information of each pattern board. A multi-pattern search apparatus comprises a search rule setup part(410), an information storage part(420), and a multi-pattern judgement part(430). The search rule setup part creates a bitmap table, which contains rule indexes, pattern information, and bitmap information, and a pattern index table, which contains the input pattern and pattern index information of each pattern board corresponding to each of the patterns of the bitmap table. The information storage part stores the bitmap table and the pattern index table. Using the pattern boards, the multi-pattern judgement part extracts one or more patterns from an input stream, confirms a search rule associated with the extracted patterns through the pattern index table, and judges the existence of a multi-pattern in the input stream through the bitmap table.
Abstract translation: 提供了使用不支持多模式的图案板的多图案搜索方法及其装置,以通过配置用于搜索的位图表来仅支持单样式搜索的图案板来实现多图案搜索 规则并创建包含每个模板的输入模式信息的模式索引表。 多图案搜索装置包括搜索规则设置部分(410),信息存储部分(420)和多模式判断部分(430)。 搜索规则设置部分创建包含规则索引,模式信息和位图信息的位图表,以及模式索引表,其包含与位图的每个模式对应的每个模板的输入模式和模式索引信息 表。 信息存储部存储位图表和图案索引表。 使用图案板,多图案判断部分从输入流中提取一个或多个图案,通过图案索引表确认与提取的图案相关联的搜索规则,并通过输入流中的多个图案的存在来判断 位图表。
-
Patent Agency Ranking
公开(公告)号:KR1020080041088A
公开(公告)日:2008-05-09
申请号:KR1020070006164
申请日:2007-01-19
Applicant: 한국전자통신연구원
IPC: G06F15/163 , G06F15/16 , H04L12/28 , H04L29/10
Abstract: An apparatus for implementing a 2x10 gigabit Ethernet application is provided to enable a user to implement various applications which support two 10 gigabit interfaces by using the IXP2850 network processor. An apparatus for implementing a 2x10 gigabit Ethernet application includes the first and the second micro block(310,320) for receiving packets, the third micro block(330) for helping transmission, and the fourth to seventh micro block(340-370) for transmitting packets. The first and the second micro block reassemble packets inputted via an Ethernet interface, write the reassembled packets to a DRAM, and transmit information on the packets to the third micro block. The third micro block receive the information on the packets from the first and the second micro block via the Ethernet interface, discriminates the packets according to port numbers, and transmits the information on the packets to the fourth to the seventh micro block. The fourth to the seventh micro block receive the information on the packets which are discriminated according to the port numbers, and transmit real packets, recorded at the DRAM, to a corresponding port based on the information on the packets.
Abstract translation: 提供了一种用于实现2x10吉比特以太网应用的设备,以使用户能够通过使用IXP2850网络处理器实现支持两个10千兆位接口的各种应用。 用于实现2x10吉比特以太网应用的装置包括用于接收分组的第一和第二微块(310,320),用于帮助传输的第三微块(330)和用于传输分组的第四至第七微块(340-370) 。 第一和第二微块重新组合经由以太网接口输入的分组,将重组的分组写入DRAM,并将分组上的信息发送到第三微块。 第三微块经由以太网接口接收来自第一和第二微块的分组的信息,根据端口号识别分组,并将分组上的信息发送到第四到第七微块。 第四到第七微块根据端口号接收关于根据端口号识别的分组的信息,并且根据关于分组的信息将记录在DRAM中的实际分组发送到对应的端口。
-
公开(公告)号:KR100786391B1
公开(公告)日:2007-12-17
申请号:KR1020060095008
申请日:2006-09-28
Applicant: 한국전자통신연구원
CPC classification number: H04L9/0631 , H04L2209/122 , H04L2209/125
Abstract: A fast aria block encryption and decryption apparatus is provided to reduce the number of clock cycles used in encryption remarkably by increasing the number of rounds which can be calculated in a first clock and to downsize a hardware without an additional key initializing circuit by performing a key initializing process with a round operation unit. The fast aria block encryption and decryption apparatus performs encryption and decryption operation and key initialization process through following parts: the first round operation part to significantly reduce the number of clock cycle required in case of encryption, perform exclusive OR operation for input data of an object for encryption and decryption or an operation result of even number round and a key of odd number round, perform substitution operation to the result of exclusive OR operation, and perform diffusion operation for the result of exclusive OR operation(15); the second round operation part to perform exclusive OR operation for the result of the first round operation part and even number round key, substitution operation for the result of exclusive OR operation, and diffusion operation for the result of substitution operation(17); the first XOR period to perform exclusive OR operation for the result of substitution operation process of the second round operation part on the final round and the key for the final round, and print data for aria block encryption and decryption(18); and a part to perform encryption and decryption operation and key initialization process through round key generation part which generates and provides round key value needed to the operation of the first and second round operation part from the initial key value acquired from master key(25).
Abstract translation: 提供了一种快速咏唱块加密和解密装置,通过增加可以在第一时钟中计算出的回合次数来显着减少加密中使用的时钟周期数量,并且通过执行密钥来减小硬件的小型化,而不需要附加的密钥初始化电路 初始化过程与循环操作单元。 快速aria块加密和解密装置通过以下部分执行加密和解密操作和密钥初始化处理:第一轮操作部分,显着减少加密情况下所需的时钟周期数,对对象的输入数据执行异或运算 对于加密和解密或偶数的运算结果和奇数的关键字,对异或运算的结果执行替换操作,并对异或运算结果进行扩散运算(15); 第二轮操作部分,用于对第一轮操作部分的结果进行异或运算,并且进行偶数循环密钥,对异或运算结果进行替换运算,以及对替代运算结果进行扩散运算(17); 对最终轮次的第二轮操作部分的替代操作处理结果执行异或运算的第一异或周期,以及用于最后一轮的关键字的打印数据,以及用于aria块加密和解密的打印数据(18)。 以及通过循环密钥生成部分执行加密和解密操作和密钥初始化处理的部分,其根据从主密钥(25)获取的初始密钥值产生并提供操作第一和第二轮操作部分所需的轮回密钥值。
-
公开(公告)号:KR100779076B1
公开(公告)日:2007-11-27
申请号:KR1020050121031
申请日:2005-12-09
Applicant: 한국전자통신연구원
CPC classification number: H04L9/0631 , H04L2209/122
Abstract: 아리아 암/복호화 장치, 그 방법 및 이를 위한 초기 키 생성 방법이 개시된다. 본 발명은 복수의 라운드를 반복 수행하여 입력 데이터를 암/복호화하는 아리아 암/복호화 장치에 있어서. 제1제어신호에 따라 입력 데이터 또는 중간 계산값을 저장하는 제1레지스터; 매 라운드마다 입력되는 라운트 키를 저장하는 제2레지스터; 제1 및 제2레지스터에 저장된 값들을 배타적 논리합 연산하는 배타적 논리합 연산기; 배타적 논리합 연산된 결과를 아리아 치환 알고리즘에 따라 치환하는 치환부; 마지막 라운드가 아니면, 치환부의 치환결과를 아리아 확산 알고리즘에 따라 확산하는 확산부; 및 마지막 라운드가 아니면 확산부의 출력을, 마지막 라운드이면 치환부의 출력을 중간 계산값으로 출력하도록 제1제어신호를 출력하고, 마지막 라운드이면 치환부의 출력을 중간 계산값으로 출력하도록 제1제어신호를 출력하고 배타적 논리합 연산기의 출력을 아리아 암/복호화된 결과로 출력하는 제어부를 포함한다.
-
公开(公告)号:KR100753815B1
公开(公告)日:2007-08-31
申请号:KR1020050080628
申请日:2005-08-31
Applicant: 한국전자통신연구원
Abstract: 본 발명은 차세대 인터넷 프로토콜 네트워크 환경하에서, 패킷을 차단하는 장치 및 방법에 관한 것으로서, 네트워크 주소 관리부, 호스트 주소 관리부, 네트워크 프리픽스의 변경 통보 또는 IP 주소의 변경 통보를 수신하는 수신부, 수신부에서 상기 네트워크 프리픽스 변경 통보 또는 상기 IP 주소 변경 통보를 수신할 경우, 각각 네트워크 주소 관리부 및 호스트 주소 관리부를 갱신하는 주소 갱신부, 외부망으로부터 내부망으로 패킷 전송시, 네트워크 프리픽스의 유효기간이 경과하지 않은 경우 네트워크 주소 관리부를 기초로 패킷을 전송하고, 네트워크 프리픽스의 유효기간이 경과한 경우 패킷 수신을 차단하며, 내부망에서 호스트로 패킷 전송시, IP 주소의 유효기간이 경과하지 않은 경우 호스트 주소 관리부를 기초로 패킷을 전송하고, IP 주소의 유효기간이 경과한 경우 패킷 수신을 차단하는 패킷 처리부를 포함함으로써 차세대 인터넷 프로토콜 네트워크 환경하에서도 네트워크 관리자가 의도하는 호스트 및 내부망에서 패킷을 차단할 수 있다.
패킷 필터링, 패킷 차단Abstract translation: 提供一种用于截取分组的装置和方法,用于在IPv6网络环境下像网络管理者一样进行分组处理,例如分组拦截,即使内部网络中的节点的地址,节点的状态 或更改地址前缀。 拦截分组的装置包括网络地址管理部分(210),主机地址管理部分(220),接收部分(230),更新部分(240)和分组处理部分(250)。 网络地址管理部分(210)拦截并管理从外部网络提供给内部网络的分组。 主机地址管理部分(220)拦截或管理从外部网络向主机发送分组的分组。 在网络地址改变为内部网络中的主机的IP地址或网络前缀的情况下,接收部分(230)被改变,接收IP地址改变通知或网络前缀改变通知。 当接收部分(230)接收到IP地址改变通知或网络前缀改变通知时,更新部分(240)更新网络地址管理部分(210)和主机地址管理部分(220)。 在从外部网络向内部网络发送分组时,如果网络前缀的有效性已过期,则分组处理部分(250)拦截分组。 然而,在网络前缀有效的情况下,分组处理部(250)基于更新后的网络地址管理部(210)发送分组。
-
公开(公告)号:KR100734866B1
公开(公告)日:2007-07-03
申请号:KR1020050121004
申请日:2005-12-09
Applicant: 한국전자통신연구원
Abstract: 본 발명은 비정상 패킷 탐지 방법 및 장치에 관한 것으로, 비정상 패킷 탐지 장치는, 송신 서버로부터 수신 서버로 전송하고자 하는 패킷을 송신 서버로부터 전송받아 비정상 패킷임을 탐지하는 장치에 있어서, 패킷이 송신 서버와 수신 서버에서 세션이 성립된 이후 첫 번째 패킷인지 여부를 판단하는 세션 관리부, 세션 관리부에서 패킷이 첫 번째 패킷이라고 판단되는 경우에, 패킷이 보안 정책을 만족하는지 탐지하는 비정상 패킷 탐지부, 및 비정상 패킷 탐지부에서 패킷이 보안 정책을 만족하지 못한다고 판단되는 경우에, 상기 패킷이 비정상 패킷임을 알리는 알림부;로 구성되어, 기가급의 네트워크 환경에서 비정상 패킷을 실시간으로 탐지할 수 있다.
-
-
-
-
-
-
-
-
-
Search Results
160
records
(took 0.031 seconds)
