公开(公告)号：KR100432166B1

公开(公告)日：2004-05-17

申请号：KR1020010084800

申请日：2001-12-26

Applicant: 한국전자통신연구원

Inventor： 윤승용 ,  안개일 ,  류걸우 ,  장종수

IPC: H04L12/22

Abstract: PURPOSE: A message transmission unit for delivering a security policy in a global intrusion detection system and a method for delivering the security policy using the same, are provided to enable a policy server to comprehensively collect and analyze alarm messages delivered from many clients, so as to establish and transmit security policies for the alarm messages in real time. CONSTITUTION: An initialization function unit(211) initializes a protocol stack(200). A connection manager(212) sets up connections between a policy server(100) and clients, and manages connected states. A basic message generator(213) generates a basic message for delivering a message with the policy server(100) and the clients. A basic message processor(214) processes the basic message. An encoding/decoding processor(215) performs encoding and decoding according to data transmission/receiving. An event generator(216) generates an event for message delivery with the policy server(100) and the clients. An alarm message processor(221) delivers alarm messages transmitted from the clients to the policy server(100), and performs processing therefor. A resource processor(222) detects resources of the clients requesting connections to the policy server(100), to transmit detected results to the policy server(100). And a security policy information processor(223) delivers security policy information distributed by the policy server(100) to the clients.

Abstract translation: 目的：提供一种用于在全球入侵检测系统中传递安全策略的消息传输单元以及使用该消息传递单元来传递安全策略的方法，以使得策略服务器能够全面地收集和分析从多个客户端传递的警报消息，例如 实时建立并传输警报消息的安全策略。 构成：初始化功能单元（211）初始化协议栈（200）。 连接管理器（212）在策略服务器（100）和客户端之间建立连接，并管理连接状态。 基本消息生成器（213）生成用于向策略服务器（100）和客户端传递消息的基本消息。 基本消息处理器（214）处理基本消息。 编码/解码处理器（215）根据数据发送/接收来执行编码和解码。 事件生成器（216）生成用于与策略服务器（100）和客户端进行消息传递的事件。 警报消息处理器（221）将从客户端发送的警报消息传送给策略服务器（100），并且为此执行处理。 资源处理器（222）检测请求连接到策略服务器（100）的客户端的资源，以将检测到的结果传输到策略服务器（100）。 并且安全策略信息处理器（223）将由策略服务器（100）分发的安全策略信息传递到客户端。

公开(公告)号：KR1020030054659A

公开(公告)日：2003-07-02

申请号：KR1020010084868

申请日：2001-12-26

Applicant: 한국전자통신연구원

Inventor： 김익균 ,  류걸우 ,  장종수

IPC: H04L12/22

CPC classification number: H04L63/10 ,  H04L63/1408 ,  H04L63/30

Abstract: PURPOSE: A hidden-type intrusion detection and cutoff controlling system and a controlling method thereof are provided to detect illegal intrusion of hackers through a network by using a line speed, so as to cut off packets of the illegal intrusion in advance. CONSTITUTION: An RISC(Reduced Instruction Set Computer) processor(110) provides a management function and instructs a security policy. An external MAC(Media Access Controller)(150) transceives packets by being connected with an external connection unit(200). An internal MAC(160) transceives packets by being connected with an internal connection unit(300). A packet memory(120) temporarily stores the packets received through the external MAC(150) and the packets received through the internal MAC(160). A packet control engine(130) temporarily stores the packets received through the external and internal MACs(150,160) in the packet memory(120), and checks whether the packets are harmful, if the packets are normal, to deliver the packets to the external and internal connection units(200,300) through the external and internal MACs(150,160) or to the RISC processor(110) at need, and if harmful, to cut off the packets or generate an alarm to the RISC processor(110). A CAM(Contents Address Memory)(140) extracts stored contents by using contents rather than an address of a memory. And a statistical value memory(170) stores statistical values.

Abstract translation: 目的：提供隐藏式入侵检测和切断控制系统及其控制方法，通过使用线速度来检测黑客通过网络的非法入侵，提前切断非法入侵的数据包。 构成：RISC（精简指令集计算机）处理器（110）提供管理功能并指示安全策略。 外部MAC（媒体访问控制器）（150）通过与外部连接单元（200）连接来收发数据包。 内部MAC（160）通过与内部连接单元（300）连接来收发数据包。 分组存储器（120）临时存储通过外部MAC（150）接收的分组和通过内部MAC（160）接收的分组。 分组控制引擎（130）将通过外部和内部MAC（150,160）接收的分组临时存储在分组存储器（120）中，并且如果分组是正常的，则检查分组是否有害，以将分组传送到外部 以及在需要时通过外部和内部MAC（150,160）或RISC处理器（110）的内部连接单元（200,300），如果有害的话，则切断数据包或向RISC处理器（110）产生报警。 CAM（内容地址存储器）（140）通过使用内容而不是存储器的地址来提取存储的内容。 并且统计值存储器（170）存储统计值。

公开(公告)号：KR1020030054604A

公开(公告)日：2003-07-02

申请号：KR1020010084800

申请日：2001-12-26

Applicant: 한국전자통신연구원

Inventor： 윤승용 ,  안개일 ,  류걸우 ,  장종수

IPC: H04L12/22

CPC classification number: H04L63/205 ,  H04L63/102 ,  H04L63/1408

Abstract: PURPOSE: A message transmission unit for delivering a security policy in a global intrusion detection system and a method for delivering the security policy using the same, are provided to enable a policy server to comprehensively collect and analyze alarm messages delivered from many clients, so as to establish and transmit security policies for the alarm messages in real time. CONSTITUTION: An initialization function unit(211) initializes a protocol stack(200). A connection manager(212) sets up connections between a policy server(100) and clients, and manages connected states. A basic message generator(213) generates a basic message for delivering a message with the policy server(100) and the clients. A basic message processor(214) processes the basic message. An encoding/decoding processor(215) performs encoding and decoding according to data transmission/receiving. An event generator(216) generates an event for message delivery with the policy server(100) and the clients. An alarm message processor(221) delivers alarm messages transmitted from the clients to the policy server(100), and performs processing therefor. A resource processor(222) detects resources of the clients requesting connections to the policy server(100), to transmit detected results to the policy server(100). And a security policy information processor(223) delivers security policy information distributed by the policy server(100) to the clients.

Abstract translation: 目的：提供一种用于在全局入侵检测系统中传递安全策略的消息传输单元，以及使用该安全策略传递安全策略的方法，使策略服务器能够全面收集和分析从许多客户端传递的报警消息，以便 实时建立和传送报警信息的安全策略。 构成：初始化功能单元（211）初始化协议栈（200）。 连接管理器（212）设置策略服务器（100）和客户机之间的连接，并管理连接的状态。 基本消息生成器（213）生成用于与策略服务器（100）和客户端传递消息的基本消息。 基本消息处理器（214）处理基本消息。 编码/解码处理器（215）根据数据发送/接收执行编码和解码。 事件生成器（216）生成与策略服务器（100）和客户端进行消息传递的事件。 警报消息处理器（221）将从客户端发送的报警消息传递到策略服务器（100），并进行处理。 资源处理器（222）检测请求到策略服务器（100）的连接的客户端的资源，以将检测到的结果发送到策略服务器（100）。 并且安全策略信息处理器（223）将由策略服务器（100）分发的安全策略信息传递给客户端。

公开(公告)号：KR1019980043439A

公开(公告)日：1998-09-05

申请号：KR1019960061297

申请日：1996-12-03

Applicant: 한국전자통신연구원 ,  주식회사 케이티

Inventor： 류걸우 ,  정태수

IPC: H04L12/407

Abstract: 본 발명은 분산형 엑세스망 관리 시스템의 점대점 영구 가상경로(PVC) 설정 관리장치 및 방법에 관한 것으로, 분산형 엑세스망 관리 시스템(102:DOMS)과 복수개의 분산형 엑세스망(104:DANS) 내의 헤더노드(Head Node : HN)(105)를 이더넷(103)으로 연결하여;
상기 분산형 엑세스망 관리 시스템(102:DOMS)에서 상기 헤더노드(HN)(105) 내부의 통신 관리 망(TMN) 에이전트 블록(TAGB)(106)과 공통 관리 인터페이스 프로토콜(CMIP) 통신을 통해 점대점 영구 가상 경로(PVC)의 설정 관리 기능을 수행하도록 구성한 것을 특징으로 한다.

公开(公告)号：KR1019960027803A

公开(公告)日：1996-07-22

申请号：KR1019940034021

申请日：1994-12-13

Applicant: 한국전자통신연구원 ,  주식회사 케이티

Inventor： 류걸우 ,  정태수

IPC: H04L12/433

Abstract: 본 발명은 고속화와 대용량에 적합한 출력버퍼형 ATM 스위치 구조에 관한 것으로, 특히 스위치의 입력단을 통해 동시에 들어오는 N개의 셀을 출력단 그룹에 따라 작은 것에서 큰 순으로 배열하는 배처-솔팅(Batcher-sorting) 네트워크(BSN)(401); 상기 배처-솔팅 네트워크(BSN)(401)에서 배열된 셀을 각각의 출력단이 속하는 출력단 그룹으로 출력하는 확장형 반얀(Banyan) 네트워크(EBRN)(402); 및 상기 확장용 반얀 네트워크(EBRN)(402)로부터 출력되는 셀을 공동 메모리인 버퍼에 일시 저장한 후, 출력단으로 송출하는 출려단 버퍼수단(OQM:Output Queueing Modules)(403)을 구비하여, 여러 입력셀을 각 출력단으로 동시에 송출할 수 있는 분산처리가 가능하고, 모듈화로 인하여 구현이 용이하며, 각 입출력단으로 입출력되는 고속의 데이타를 스위치의 속도배율(speed-up) 없이도 처리할 수 있다.

公开(公告)号：KR100432168B1

公开(公告)日：2004-05-17

申请号：KR1020010086312

申请日：2001-12-27

Applicant: 한국전자통신연구원

Inventor： 김병구 ,  정연서 ,  류걸우 ,  장종수

IPC: H04L12/22

Abstract: PURPOSE: A security gateway system using multiple intrusion detection objects and an intrusion detection method are provided to judge whether intrusion occurs, by generating the multiple intrusion detection objects on the basis of object-oriented modeling and analyzing contraction observation data with respect to a network packet according to each intrusion detection object. CONSTITUTION: A network packet information extracting and transmitting device(205) receives a network packet from a lower network layer, and generates contraction observation data. A network intrusion detection performing device(203) analyzes whether intrusion occurs by the contraction observation data generated in the network packet information extracting and transmitting device(205), and provides the analyzed result. An intrusion pattern database(204) stores intrusion patterns required for judging whether the intrusion occurs in the network intrusion detection performing device(203). A cyber patrol agent(202) manages the entire security gateway system, and generates and transmits an alarm message. An alarm processing device(201) transmits policy and the alarm message from the cyber patrol agent(202).

Abstract translation: 目的：提供一种使用多个入侵检测对象和入侵检测方法的安全网关系统，通过基于面向对象建模生成多个入侵检测对象并分析关于网络分组的收缩观察数据来判断入侵是否发生 根据每个入侵检测对象。 组成：网络分组信息提取和发送设备（205）从下层网络层接收网络分组，并产生收缩观察数据。 网络入侵检测执行设备（203）通过在网络分组信息提取和发送设备（205）中生成的收缩观察数据来分析是否发生入侵，并提供分析结果。 入侵模式数据库（204）存储用于判断网络入侵检测执行设备（203）中是否发生入侵所需的入侵模式。 网络巡逻代理（202）管理整个安全网关系统，并生成并发送警报消息。 警报处理设备（201）从网络巡逻代理（202）发送策略和警报消息。

公开(公告)号：KR1020030056148A

公开(公告)日：2003-07-04

申请号：KR1020010086312

申请日：2001-12-27

Applicant: 한국전자통신연구원

Inventor： 김병구 ,  정연서 ,  류걸우 ,  장종수

IPC: H04L12/22

CPC classification number: H04L63/1416 ,  H04L63/1433 ,  H04L63/1441

Abstract: PURPOSE: A security gateway system using multiple intrusion detection objects and an intrusion detection method are provided to judge whether intrusion occurs, by generating the multiple intrusion detection objects on the basis of object-oriented modeling and analyzing contraction observation data with respect to a network packet according to each intrusion detection object. CONSTITUTION: A network packet information extracting and transmitting device(205) receives a network packet from a lower network layer, and generates contraction observation data. A network intrusion detection performing device(203) analyzes whether intrusion occurs by the contraction observation data generated in the network packet information extracting and transmitting device(205), and provides the analyzed result. An intrusion pattern database(204) stores intrusion patterns required for judging whether the intrusion occurs in the network intrusion detection performing device(203). A cyber patrol agent(202) manages the entire security gateway system, and generates and transmits an alarm message. An alarm processing device(201) transmits policy and the alarm message from the cyber patrol agent(202).

Abstract translation: 目的：提供一种使用多个入侵检测对象和入侵检测方法的安全网关系统，通过在面向对象建模的基础上生成多个入侵检测对象并分析相对于网络包的收缩观察数据，来判断是否发生入侵 根据每个入侵检测对象。 构成：网络分组信息提取与发送装置（205）从下层网络层接收网络分组，生成收缩观察数据。 网络入侵检测执行装置（203）通过网络分组信息提取和发送装置（205）中生成的收缩观察数据来分析入侵是否发生，并提供分析结果。 入侵模式数据库（204）存储用于判断入侵检测执行装置（203）中是否发生入侵所需的入侵模式。 网络巡逻代理（202）管理整个安全网关系统，并生成并发送警报消息。 报警处理装置（201）从网络巡逻代理（202）发送策略和报警消息。

公开(公告)号：KR1020030050307A

公开(公告)日：2003-06-25

申请号：KR1020010080720

申请日：2001-12-18

Applicant: 한국전자통신연구원

Inventor： 허영준 ,  류걸우 ,  장종수

IPC: H04L12/22

CPC classification number: H04L63/1416 ,  H04L63/1433

Abstract: PURPOSE: A Ladon-SGS(Security Gateway System), its security policy setting method and a harmful traffic detection alarm generating method are provided to control an illegal intrusion or a harmful traffic by analyzing a large scale network traffic and packet information. CONSTITUTION: A communication processor(21) sets connection with a security policy server and a Ladon-SGS and transfers and receives information according to security policy. A system controller(22) performs operations related to initialization of the Ladon-SGS and controls an overall system. A security policy processor(23) converts the security policy transferred from a security policy server into a form applicable to the Ladon-SGS. An intrusion detection analyzer(24) analyzes an intrusion as occurred through a network and transfers an analysis result to an intrusion detection alarm processor. An intrusion detection alarm processor(25) analyzes an intrusion alarm importance according to a pre-set security policy on the basis of information related to the intrusion type analyzed by the intrusion detection analyzer(24), compares the importance with a reference value, and determines whether to cope with it by a system or transfer it to the security policy server. A security policy storing unit(26) stores the security policy which has been converted by the security policy processor(23), the intrusion detection and corresponding results of the detected intrusion. A firewall processor(27) cuts off an illegal intrusion defined by a firewall policy and a harmful traffic.

Abstract translation: 目的：提供Ladon-SGS（安全网关系统），其安全策略设置方法和有害的流量检测报警生成方法，通过分析大规模网络流量和分组信息来控制非法入侵或有害流量。 规定：通信处理器（21）设置与安全策略服务器和Ladon-SGS的连接，并根据安全策略传输和接收信息。 系统控制器（22）执行与Ladon-SGS的初始化相关的操作并控制整个系统。 安全策略处理器（23）将从安全策略服务器传送的安全策略转换为适用于Ladon-SGS的形式。 入侵检测分析器（24）通过网络分析入侵，并将分析结果传送到入侵检测报警处理器。 入侵检测报警处理器（25）根据与入侵检测分析器（24）分析的入侵类型相关的信息，根据预设的安全策略分析入侵报警重要性，将重要性与参考值进行比较，以及 确定是否由系统处理或将其传输到安全策略服务器。 安全策略存储单元（26）存储由安全策略处理器（23）转换的安全策略，入侵检测和检测到的入侵的相应结果。 防火墙处理器（27）切断了防火墙策略和有害流量所定义的非法入侵。

公开(公告)号：KR1020030013709A

公开(公告)日：2003-02-15

申请号：KR1020010047861

申请日：2001-08-09

Applicant: 한국전자통신연구원

Inventor： 류걸우 ,  이규호 ,  이형호 ,  박성우

IPC: H04L12/28

CPC classification number: H04L12/5601 ,  H04L2012/5656

Abstract: PURPOSE: A method for controlling a dynamic combined use timer based call connection in an ATM(asynchronous transfer mode) adaptive layer 2 is provided to minimize a consumption of a bandwidth by dynamically controlling a Time_CU value to reduce the time out number and use a remained bandwidth in a traffic for an available bit rate/unspecified bit rat service. CONSTITUTION: When a call is requested(S501), a cell assembly delay time is tested(S503). A Time_CU is increased(S505) and the cell assembly delay time is again tested(S507). The Time_CU is reduced to a previous value(S509) and a call request is received(S511). The Time_CU is compared with a MAX_TCU(S513). When the Time_CU is greater than the MAX_TCU, the call request is received(S511). When the Time_CU is less than the MAX_TCU, steps S505 to S513 are sequentially performed. The Time_CU is reduced(S515) and the cell assembly delay time is again tested(S517). The Time_CU is compared with a MIN_TCU(S519). When the Time_CU is greater than the MIN_TCU, the call request is rejected(S521). When the Time_CU is less than the MIN_TCU, steps S515 to S519 are sequentially performed.

Abstract translation: 目的：提供一种用于控制ATM（异步传输模式）自适应层2中的基于动态组合使用定时器的呼叫连接的方法，以通过动态地控制Time_CU值来减少带宽的消耗以减少超时数并使用剩余 流量中的带宽用于可用比特率/未指定的比特老鼠服务。 构成：当请求呼叫（S501）时，测试单元组装延迟时间（S503）。 增加Time_CU（S505），再次测试单元组装延迟时间（S507）。 Time_CU减少到先前的值（S509），并且接收到呼叫请求（S511）。 将Time_CU与MAX_TCU进行比较（S513）。 当Time_CU大于MAX_TCU时，接收到呼叫请求（S511）。 当Time_CU小于MAX_TCU时，顺序执行步骤S505至S513。 Time_CU被减小（S515），再次测试单元组装延迟时间（S517）。 将Time_CU与MIN_TCU（S519）进行比较。 当Time_CU大于MIN_TCU时，呼叫请求被拒绝（S521）。 当Time_CU小于MIN_TCU时，顺序执行步骤S515至S519。

公开(公告)号：KR100211975B1

公开(公告)日：1999-08-02

申请号：KR1019960061297

申请日：1996-12-03

Applicant: 한국전자통신연구원 ,  주식회사 케이티

Inventor： 류걸우 ,  정태수

IPC: H04L12/407

Abstract: 본 발명은 분산형 엑세스망 관리 시스템의 점대점 영구 가상경로(PVC) 설정 관리 장치 및 방법에 관한 것으로, 분산형 엑세스망 관리 시스템(102:DOMS)과 복수개의 분산형 엑세스망(104:DANS) 내의 헤더노드(Head Node ; HN)(105)를 이더넷(103)으로 연결하여,
상기 분산형 엑세스망 관리 시스템(102:DOMS)에서 상기 헤더노드(HN)(105) 내부의 통신 관리 망(TMN) 에이전트 블록(TAGB)(106)과 공통 관리 인터페이스 프로토콜(CMIP) 통신을 통해 점대점 영구 가상 경로(PVC)의 설정 관리 기능을 수행하도로 구성한 것을 특징으로 한다.