-
公开(公告)号:KR100856924B1
公开(公告)日:2008-09-05
申请号:KR1020070022971
申请日:2007-03-08
Applicant: 한국전자통신연구원
IPC: H04L12/26
CPC classification number: H04L41/22 , H04L43/045 , H04L63/1408
Abstract: An apparatus and a method for displaying a network state are provided to determine an abnormal state which deteriorates the performance of a network by using information about distinct dispersion, entropy, and clustering as a result of a combination of important properties in a traffic event, and detect a harmful traffic or an abnormal traffic. A method for displaying a network state comprises the following steps of: grouping traffics according to a protocol(S100); selecting and combining three of a resource address, a resource port, a destination address, and a destination port, and calculating distinct dispersion and entropy for a remaining element(S200); displaying the calculated distinct dispersion and entropy on a security radar that an angle of a circle is divided into N and a radius of the circle is divided into M(S300); and detecting the abnormality of a network by referring to a displayed radar state and detecting and reporting a harmful traffic or an abnormal traffic which causes an abnormal state(S400).
Abstract translation: 提供一种用于显示网络状态的装置和方法,用于通过使用关于交通事件中的重要属性的组合的结果,通过使用关于不同色散,熵和聚类的信息来确定恶化网络性能的异常状态,以及 检测到有害的流量或异常流量。 一种用于显示网络状态的方法包括以下步骤:根据协议对流量进行分组(S100); 选择和组合资源地址,资源端口,目的地地址和目的地端口中的三个,并为剩余元素计算不同的色散和熵(S200); 在安全雷达上显示计算出的不同色散和熵,将圆的角度分为N和圆的半径分为M(S300); 以及通过参照所显示的雷达状态来检测和检测网络的异常,并检测并报告导致异常状态的有害通信或异常业务(S400)。
-
公开(公告)号:KR100786392B1
公开(公告)日:2007-12-17
申请号:KR1020060096570
申请日:2006-09-29
Applicant: 한국전자통신연구원
CPC classification number: G06F17/30283 , G06F17/30401 , G06F17/30539 , G06Q50/26
Abstract: A method for deciding a policy enforcement target of a policy client in a policy-based management framework is provided to rightly and efficiently decide an applicable object resource in case of executing a policy provided from a policy server. A method for deciding a policy enforcement target of a policy client in a policy-based management framework includes the following steps: a step that the policy client confirms capability set of policy information base received from policy serer(101); a step to confirm role-combination of the policy information base received from a policy server(103); a step to search resource satisfying the confirmed capability set and role-combination(105,106); and a step to apply and execute policy received on the searched resource(107).
Abstract translation: 提供了一种用于在基于策略的管理框架中决定策略客户端的策略执行目标的方法,以在执行从策略服务器提供的策略的情况下正确有效地确定适用的对象资源。 一种用于在基于策略的管理框架中决定策略客户端的策略执行目标的方法包括以下步骤:策略客户端确认从策略策略器(101)接收的策略信息库的功能集合的步骤; 确认从策略服务器(103)接收的策略信息库的角色组合的步骤; 搜索满足确认能力集和角色组合的资源的一个步骤(105,106); 以及在搜索到的资源(107)上应用和执行收到的策略的步骤。
-
-
公开(公告)号:KR101889500B1
公开(公告)日:2018-09-20
申请号:KR1020140027202
申请日:2014-03-07
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1441 , H04L63/1416 , H04L63/1425
Abstract: 본발명은인터넷및 내부네트워크에서사이버해킹공격이발생하였을경우네트워크의새로운장비의추가나표준프로토콜의수정없이여러사이트를경유하는사이버해킹공격에대한공격근원지를추적하기위하여네트워크플로우데이터를이용해네트워크의연결체인을역추적하는방법및 시스템을제공하는데 있다.
-
公开(公告)号:KR1020170096780A
公开(公告)日:2017-08-25
申请号:KR1020160018460
申请日:2016-02-17
Applicant: 한국전자통신연구원
CPC classification number: H04L63/0435 , H04L63/0272 , H04L63/045 , H04L63/061 , H04L63/0823 , H04L63/0869 , H04L63/1425 , H04L63/166
Abstract: 본발명은침해사고정보연동시스템및 방법에관한것이다. 본발명에따른연동시스템은, 서로다른네트워크도메인에서침해사고의세션정보를수집하는클라이언트시스템과연결되어클라이언트시스템에의해수집된침해사고정보를관제시스템으로전달하고, 클라이언트시스템의요청에따라침해사고정보에대한분석정보를요청하여상기클라이언트시스템으로제공하는하나이상의연동클라이언트, 및침해사고정보를분석하는관제시스템과연결되어하나이상의연동클라이언트로부터제공된서로다른네트워크도메인의침해사고정보를관제시스템으로전달하고, 관제시스템으로부터의침해사고분석정보를저장하며상기연동클라이언트의요청에따라저장된침해사고분석정보를연동클라이언트와공유하는연동서버를포함한다.
Abstract translation: 本发明涉及一种侵权事故信息联锁系统和方法。 根据本发明的联锁系统中,每个传输事件的信息是由与客户端计算机的连接收集收集入射在其它网络域的会话信息,客户端计算机向控制系统,事故侵权在客户端系统的请求 一个转移或多个互锁客户端,并且所述事件信息,分析控制系统和连接到所述一个或多个联锁客户控制系统的一个其它网络域的另一事件信息,从中提供请求提供给用于信息的客户端计算机的信息的分析 和存储来自所述控制系统的事件分析信息和包含与事件的分析和根据所述互锁客户端的请求存储在所述客户机连接的信息共享的服务器。
-
Patent Agency Ranking
公开(公告)号:KR1020170095570A
公开(公告)日:2017-08-23
申请号:KR1020160017135
申请日:2016-02-15
Applicant: 한국전자통신연구원
CPC classification number: G06F11/1448 , G06F17/30094 , G06F2201/82 , H04L67/10
Abstract: 본발명의실시예에따른일정단위의원본데이터로부터하나의데이터블록을생성하고하나의데이터블록을미리정한단위로분할하는데이터분할부; 상기하나의데이터블록단위로데이터무결성검증정보를생성하는데이터무결성검증정보생성부; 및상기하나의데이터블록단위로중복제거대상데이터에대한중복제거를수행하는데이터중복제거인코딩부를포함할수 있다.
Abstract translation: 数据分割,以产生一个数据块是从根据本发明的一个实施例的单元将源数据分成数据块单元的指定的一个提前; 数据完整性验证信息生成单元,用于以一个数据块为单位生成数据完整性验证信息; 以及数据去重复编码单元,用于以一个数据块为单位执行要去重的数据的去重复。
-
公开(公告)号:KR101554340B1
公开(公告)日:2015-09-21
申请号:KR1020080116357
申请日:2008-11-21
Applicant: 한국전자통신연구원
Abstract: 본발명은, 사용자단말기가웹 서버에로그인할 때, 자신의 IP 정보를웹 서버에노출하도록함으로써, 신뢰할수 없는네트워크에대해서도웹 서버가사용자단말기를인증하고안전한암호통신용세션키교환을수행할수 있도록하는패스워드기반인증방법에대한것이다.
-
公开(公告)号:KR1020150105039A
公开(公告)日:2015-09-16
申请号:KR1020140027202
申请日:2014-03-07
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1441 , H04L63/1416 , H04L63/1425
Abstract: 본 발명은 인터넷 및 내부 네트워크에서 사이버 해킹 공격이 발생하였을 경우 네트워크의 새로운 장비의 추가나 표준 프로토콜의 수정없이 여러 사이트를 경유하는 사이버 해킹 공격에 대한 공격 근원지를 추적하기 위하여 네트워크 플로우 데이터를 이용해 네트워크의 연결 체인을 역추적하는 방법 및 시스템을 제공하는 데 있다.
Abstract translation: 本发明是提供一种用于通过使用网络流数据跟踪网络连接链的方法和系统来跟踪网络黑客攻击的攻击源,所述攻击源通过若干站点而不需要额外的新的网络设备或校正标准 网络黑客攻击发生在互联网和内部网络时的协议。 根据本发明,该方法包括以下步骤:搜索网络会话以产生其中相应的源地址被跟踪地址替换的指纹信息; 并且生成攻击连接链表,其中将相应网络会话的ID进一步添加到用于先前网络会话的ID。
-
公开(公告)号:KR1020130049336A
公开(公告)日:2013-05-14
申请号:KR1020110114286
申请日:2011-11-04
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1491
Abstract: PURPOSE: A method for tracking attack sources and attack distribution places and a system thereof are provided to manage a path and configuration for an attack scenario by tracking an abnormal file uploader in real-time. CONSTITUTION: An agent(500) receives an information confirmation message of an abnormal file corresponding to the information transmission of an abnormal file(S117). The agent selects a place corresponding to the information of the abnormal file as an attack distribution place(S119). The agent transmits an abnormal file uploader information request message. The agent receives the abnormal file uploader information corresponding to the request message(S121). When the received abnormal file uploader information corresponds to the stored uploader information, the agent sets an attack source using the abnormal file uploader information(S123). [Reference numerals] (100) Attack computer; (200) User computer; (300) Network security server; (400) Site file management server; (500) Agent; (S101) Upload an abnormal file; (S103) Analyze action and extract uploader information; (S105) Transmit the uploader information; (S107) Store the uploader information; (S109) Download abnormal file; (S111) Store downloaded user information with the uploader information; (S113) Transmit attack information when detecting cyber attack; (S115) Transmit transmission network address; (S117) Transmit confirmation message of the transmission network address; (S119) Define an attack distribution place; (S121) Receive the uploader information; (S123) Define an attack source
Abstract translation: 目的:提供跟踪攻击源和攻击分发场所的方法及其系统,以便通过实时跟踪异常文件上传器来管理攻击场景的路径和配置。 构成:代理(500)接收与异常文件的信息发送对应的异常文件的信息确认消息(S117)。 代理选择与异常文件的信息相对应的地点作为攻击分发地点(S119)。 代理发送异常文件上传器信息请求消息。 代理接收与请求消息对应的异常文件上传器信息(S121)。 当接收到的异常文件上传器信息对应于存储的上传者信息时,代理使用异常文件上传器信息设置攻击源(S123)。 (附图标记)(100)攻击计算机; (200)用户电脑; (300)网络安全服务器; (400)站点文件管理服务器; (500)代理; (S101)上传异常文件; (S103)分析操作并提取上传者信息; (S105)发送上传者信息; (S107)存储上传者信息; (S109)下载异常文件; (S111)使用上传者信息存储下载的用户信息; (S113)检测网络攻击时发送攻击信息; (S115)发送传输网络地址; (S117)传输网络地址的发送确认消息; (S119)定义攻击分配地点; (S121)接收上传者信息; (S123)定义攻击源
-
公开(公告)号:KR1020110040152A
公开(公告)日:2011-04-20
申请号:KR1020090097313
申请日:2009-10-13
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/1408 , H04L2463/146
Abstract: PURPOSE: A method for reversely tracking an attacker packet and a system therefore are provided to sense the attacker packet by using a hash function and a bloom filter. CONSTITUTION: A first router(100) receives a hash information list of an attacker packet from a server(300) which reversely track an attack path of the attacker packet in a network. A hash value is extracted by applying a hash function to a reception packet. It is determined whether the information corresponding to the extracted hash value exists in the hash information list. The reception packet is determined to the attacker packet according to the information corresponding to the extracted hash value. The determination result is transmitted to the server.
Abstract translation: 目的:提供一种用于反向跟踪攻击者数据包和系统的方法,以通过使用散列函数和绽放过滤器来感知攻击者数据包。 构成:第一路由器(100)从服务器(300)接收攻击者包的哈希信息列表,该服务器反向跟踪网络中的攻击者包的攻击路径。 通过将哈希函数应用于接收分组来提取散列值。 确定在哈希信息列表中是否存在与提取的散列值相对应的信息。 接收包根据与提取的散列值对应的信息确定给攻击者包。 确定结果被发送到服务器。
-
-
-
-
-
-
-
-
-
Search Results
72
records
(took 0.026 seconds)
