公开(公告)号：KR100786392B1

公开(公告)日：2007-12-17

申请号：KR1020060096570

申请日：2006-09-29

Applicant: 한국전자통신연구원

Inventor： 김건량 ,  정치윤 ,  손선경 ,  김현주 ,  김동영 ,  장범환 ,  김종현 ,  이수형 ,  방효찬 ,  박원주 ,  유종호 ,  나중찬 ,  장종수

IPC: G06F17/00 ,  G06F15/16

CPC classification number: G06F17/30283 ,  G06F17/30401 ,  G06F17/30539 ,  G06Q50/26

Abstract: A method for deciding a policy enforcement target of a policy client in a policy-based management framework is provided to rightly and efficiently decide an applicable object resource in case of executing a policy provided from a policy server. A method for deciding a policy enforcement target of a policy client in a policy-based management framework includes the following steps: a step that the policy client confirms capability set of policy information base received from policy serer(101); a step to confirm role-combination of the policy information base received from a policy server(103); a step to search resource satisfying the confirmed capability set and role-combination(105,106); and a step to apply and execute policy received on the searched resource(107).

Abstract translation: 提供了一种用于在基于策略的管理框架中决定策略客户端的策略执行目标的方法，以在执行从策略服务器提供的策略的情况下正确有效地确定适用的对象资源。 一种用于在基于策略的管理框架中决定策略客户端的策略执行目标的方法包括以下步骤：策略客户端确认从策略策略器（101）接收的策略信息库的功能集合的步骤; 确认从策略服务器（103）接收的策略信息库的角色组合的步骤; 搜索满足确认能力集和角色组合的资源的一个步骤（105,106）; 以及在搜索到的资源（107）上应用和执行收到的策略的步骤。

公开(公告)号：KR102088290B1

公开(公告)日：2020-03-12

申请号：KR1020160002172

申请日：2016-01-07

Applicant: 한국전자통신연구원

Inventor： 김건량 ,  김정녀

IPC: G06F21/60 ,  G06F21/30 ,  G06F21/42 ,  G06F9/44

公开(公告)号：KR101219538B1

公开(公告)日：2013-01-08

申请号：KR1020090069418

申请日：2009-07-29

Applicant: 한국전자통신연구원

Inventor： 정치윤 ,  장범환 ,  손선경 ,  유종호 ,  김건량 ,  김종현 ,  나중찬 ,  조현숙

IPC: H04L12/22 ,  H04L12/26

CPC classification number: H04L63/1425

Abstract: 본발명은비주얼데이터분석기반의네트워크공격탐지장치및 그방법에관한것으로, 대량의트래픽데이터를실시간으로처리할 수있고, 트래픽이미지를생성할때 트래픽의볼륨, 국가정보, ISP 정보, 사용되는포트정보등의다양한정보들을삽입하여기존의트래픽볼륨기반의네트워크공격탐지기법들이탐지하지못했던공격들을탐지할수 있다. 또한, 본발명은비주얼데이터분석기법을사용하여네트워크트래픽을분석함으로써분석된결과가이미지패턴으로나타나기때문에공격의탐지결과를보고네트워크공격여부를직관적으로인지하고, 네트워크공격탐지정보와네트워크공격에대한이미지패턴과원본데이터등을표현하는사용자인터페이스를제공하기때문에네트워크관리자측면에서탐지된공격을신속하게검증할수 있다.

公开(公告)号：KR1020120065817A

公开(公告)日：2012-06-21

申请号：KR1020100127130

申请日：2010-12-13

Applicant: 한국전자통신연구원

Inventor： 김건량 ,  장범환

IPC: G08B13/196 ,  H04N7/18 ,  G08B25/00

CPC classification number: H04N7/18 ,  G06F17/30781 ,  G07C9/00087 ,  H04L67/02 ,  H04L67/18 ,  H04L67/306 ,  H04N5/76 ,  H04W4/02

Abstract: PURPOSE: A method and a system for monitoring intelligent access, a device for monitoring intelligent access, a recording medium for monitoring intelligent access are provided to enhance the level and accuracy of security service. CONSTITUTION: An entrance event collector(1100) collects entrance event information provided from an entrance control device and stores the information in entrance monitoring DB. A profile manager(1200) generates keywords for network information search. A data searching unit(1300) searches network information using the keywords and transfers the result to a preprocessor(1400). The preprocessor executes preprocess for extracting information related to visitors. An entrance monitoring unit(1500) generates entrance monitoring profile information and provides mapping date.

Abstract translation: 目的：提供监控智能接入的方法和系统，智能接入监控设备，智能接入监控记录介质，提升安全服务的水平和准确性。 构成：入口事件收集器（1100）收集从入口控制装置提供的入口事件信息，并将信息存储在入口监视DB中。 配置文件管理器（1200）生成用于网络信息搜索的关键字。 数据搜索单元（1300）使用关键字搜索网络信息并将结果传送到预处理器（1400）。 预处理器执行预处理，以提取与访问者相关的信息。 入口监视单元（1500）生成入口监视简档信息并提供映射日期。

公开(公告)号：KR1020110043982A

公开(公告)日：2011-04-28

申请号：KR1020090100758

申请日：2009-10-22

Applicant: 한국전자통신연구원

Inventor： 유종호 ,  장범환 ,  정치윤 ,  조아라 ,  김종현 ,  손선경 ,  김건량 ,  나중찬

IPC: G06Q50/10 ,  G06F21/60

CPC classification number: G06F21/60 ,  G06F17/30241 ,  G06Q50/32

Abstract: PURPOSE: A domain security state displaying device using geographic information and a method thereof are provided to enable a manager to make a countermeasure plan by instinctively notifying the source of an abnormality in an ISP network. CONSTITUTION: A security event collector(310) collects information from internet service providing system in order to prepare a security event. A security event analyzer(320) analyzes the existence of a web email or a web posting using the collected information. The security event analyzer maps the source IP address, a destination IP address, and a proxy IP address.

Abstract translation: 目的：提供使用地理信息的域安全状态显示设备及其方法，以使管理者能够通过本地地通知ISP网络中的异常源来做出对策计划。 规定：安全事件收集器（310）从互联网服务提供系统收集信息，以准备安全事件。 安全事件分析器（320）使用所收集的信息分析网络电子邮件的存在或网络发布。 安全事件分析器映射源IP地址，目的IP地址和代理IP地址。

公开(公告)号：KR100949803B1

公开(公告)日：2010-03-30

申请号：KR1020070133083

申请日：2007-12-18

Applicant: 한국전자통신연구원

Inventor： 장범환 ,  정치윤 ,  손선경 ,  김건량 ,  김종현 ,  유종호 ,  나중찬 ,  장종수 ,  손승원

IPC: H04L12/26

CPC classification number: H04L63/1416 ,  H04L29/12783 ,  H04L61/35 ,  H04L63/1441

Abstract: 보안 이벤트의 중요 속성들에 대한 조합 결과를 표시함으로써 네트워크의 성능을 저하시키는 이상 및 유해 트래픽 등을 직관적으로 인식하고 보안 상황을 실시간으로 용이하게 판단할 수 있도록 한 아이피 주소 분할 표시 장치 및 방법을 개시한다. 개시된 본 발명은 수집된 보안 이벤트들에서 공통 특성 정보를 이용하여 군집화하고, 군집화된 이벤트들의 IP주소들을 병렬좌표 및/또는 원형좌표로 분할 표시한다.

公开(公告)号：KR1020090030880A

公开(公告)日：2009-03-25

申请号：KR1020070096537

申请日：2007-09-21

Applicant: 한국전자통신연구원

Inventor： 손선경 ,  장범환 ,  정치윤 ,  김건량 ,  김종현 ,  유종호 ,  나중찬 ,  장종수 ,  손승원

IPC: H04L12/26

CPC classification number: H04L41/28 ,  H04L63/1416

Abstract: An apparatus and a method for visualizing a network state by using geographic information are provided to use a globe that everyone can easily understand, thereby easily checking a source site in which a security event occurs and a real site of a destination. A security event collecting unit(110) collects a security event from the outside. An IP(Internet Protocol) address converter(120) converts a source IP address within characteristic data of the collected security event and a destination IP address into geographic information based on a geographical information database(130). A network state display unit(140) displays flow of protocol security events between the source and the destination by a 3D screen including globe shape.

Abstract translation: 提供一种通过使用地理信息可视化网络状态的装置和方法，以使用每个人都可以容易理解的地球仪，从而容易地检查发​​生安全事件的源站点和目的地的真实站点。 安全事件收集单元（110）从外部收集安全事件。 IP（因特网协议）地址转换器（120）基于地理信息数据库（130）将收集的安全事件的特征数据中的源IP地址和目的地IP地址转换为地理信息。 网络状态显示单元（140）通过包括球形形状的3D屏幕来显示源和目的地之间的协议安全事件的流程。

公开(公告)号：KR1020090009622A

公开(公告)日：2009-01-23

申请号：KR1020070073059

申请日：2007-07-20

Applicant: 한국전자통신연구원

Inventor： 김종현 ,  김건량 ,  손선경 ,  장범환 ,  정치윤 ,  유종호 ,  나중찬 ,  장종수 ,  손승원

IPC: H04L12/26 ,  H04L12/22

CPC classification number: H04L45/00 ,  H04L45/12 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

Abstract: A back-tracking system based on log and a method thereof using a center division technique capable of quickly searching the actual location of an attacker are provided to apply connection information of a network router collected from a network managing server and log information of an invasion alarm. A log information input module(101) collects log information toward the invasion alarm of a network attacker from an intrusion detection system(120). A reverse invasion process module(103) extracts necessary log information and analyzes log information of the collected invasion alarm. If the log information of the invasion alarm is inputted, a centroid node detection module(104) collects the connect information of the network router from the network management server(110).

Abstract translation: 提供一种基于日志的后跟踪系统及其使用能够快速搜索攻击者的实际位置的中心分割技术的方法，以应用从网络管理服务器收集的网络路由器的连接信息和入侵警报的日志信息 。 日志信息输入模块（101）从入侵检测系统（120）向网络攻击者的入侵警报收集日志信息。 反向入侵处理模块（103）提取必要的日志信息并分析所收集的入侵报警的日志信息。 如果入侵报警的日志信息被输入，则质心节点检测模块（104）从网络管理服务器（110）收集网络路由器的连接信息。

公开(公告)号：KR100862194B1

公开(公告)日：2008-10-09

申请号：KR1020070034102

申请日：2007-04-06

Applicant: 한국전자통신연구원

Inventor： 김현주 ,  장범환 ,  이수형 ,  김건량 ,  방효찬 ,  손선경 ,  정치윤 ,  김종현 ,  박원주 ,  유종호 ,  나중찬 ,  장종수 ,  손승원

IPC: G06F11/00 ,  G06F21/00

Abstract: A device and a method for sharing infringement accident information, and a network security system including the same are provided to enable domains included in the network security system to share the information related to infringement accidents occurring in the network security system by using a standardized Internet format and transfer protocol. A controller(111) which comprises a reporting unit(111-1), a reporting analyzing unit(111-2), a tracking request unit(111-3) and a tracking execution unit(111-4) controls operation of a security management device by detecting an infringement accident occurring in managed domains, and generating infringement accident information including a trust level of the managed domain, a seriousness level of the infringement accident, and priority of management actions, or analyzing the infringement accident information received from external domains. A message converter(112) generates a message by encoding the infringement accident information and extracts the infringement accident information by decoding the message received from the external domains based on an IODEF(Incident Objection Description Exchange Format)/RID(Real-Time Inter-network Defense) data format. A message transceiver(113) transceives the message with the external domains by using SOAP(Simple Object Application Protocol)/HTTPS(HyperText Transfer Protocol over Secure socket level).

Abstract translation: 提供了一种共享侵权事故信息的装置和方法，以及包括该网络安全系统的网络安全系统，以使网络安全系统中包含的域能够通过使用标准的因特网格式共享与网络安全系统中发生的侵权事故相关的信息 和传输协议。 一种控制器（111），包括报告单元（111-1），报告分析单元（111-2），跟踪请求单元（111-3）和跟踪执行单元（111-4）控制安全性 通过检测管理域中发生的侵权事故，产生管理域的信任级别，侵权事故的严重程度，管理行为的优先级，或分析从外部域收到的侵权事故信息的侵权事故信息，管理设备 。 消息转换器（112）通过对侵权事件信息进行编码来生成消息，并且通过根据IODEF（事件异常描述交换格式）/ RID（实时网络间）解码从外部域接收到的消息来提取侵权事件信息 防御）数据格式。 消息收发器（113）通过使用SOAP（简单对象应用协议）/ HTTPS（通过安全套接字级别的超文本传输​​协议）来收发与外部域的消息。

公开(公告)号：KR1020080040921A

公开(公告)日：2008-05-09

申请号：KR1020060108893

申请日：2006-11-06

Applicant: 한국전자통신연구원

Inventor： 방효찬 ,  김동영 ,  나중찬 ,  장범환 ,  김건량 ,  손선경 ,  김종현 ,  정치윤 ,  유종호 ,  이수형 ,  김현주 ,  박원주 ,  장종수

IPC: G06F15/00 ,  G06F17/00

Abstract: A method and an apparatus for managing security in large network environment are provided to detect an attack pattern of a network by classifying traffic information depending on a flow having the same characteristic, and to recognize attack situation by analyzing the statistical information. An apparatus for managing security is made up of a traffic receiver(110), a traffic classifier(120), a traffic analyzer(130) and an external interface(140). The traffic receiver collects traffic information(Net flow) from all router which are scattered in a large network in real time. The traffic classifier comprises multi hash table having a stratified structure, and stores the traffic information as traffic statistics information by classifying the traffic information into each flow group. The traffic analyzer receives the traffic statistics information, detects flows which show abnormal indication, and recognizes attack situation. The external interface notifies the present security situation to the outside according to the notified attack situation.

Abstract translation: 提供一种用于管理大型网络环境中的安全性的方法和装置，用于通过根据具有相同特征的流分类业务信息来检测网络的攻击模式，并通过分析统计信息来识别攻击情况。 用于管理安全性的装置由业务接收器（110），业务分类器（120），业务分析器（130）和外部接口（140）组成。 流量接收方从实时分散在大型网络中的所有路由器收集流量信息（Net Flow）。 流分类器包括具有分层结构的多哈希表，并将流量信息作为流量统计信息存储，将流量信息分类到每个流组中。 流量分析仪接收流量统计信息，检测出异常指示的流量，识别攻击情况。 外部接口根据通知的攻击情况将当前的安全情况通知给外界。