-
公开(公告)号:KR1020110043982A
公开(公告)日:2011-04-28
申请号:KR1020090100758
申请日:2009-10-22
Applicant: 한국전자통신연구원
CPC classification number: G06F21/60 , G06F17/30241 , G06Q50/32
Abstract: PURPOSE: A domain security state displaying device using geographic information and a method thereof are provided to enable a manager to make a countermeasure plan by instinctively notifying the source of an abnormality in an ISP network. CONSTITUTION: A security event collector(310) collects information from internet service providing system in order to prepare a security event. A security event analyzer(320) analyzes the existence of a web email or a web posting using the collected information. The security event analyzer maps the source IP address, a destination IP address, and a proxy IP address.
Abstract translation: 目的:提供使用地理信息的域安全状态显示设备及其方法,以使管理者能够通过本地地通知ISP网络中的异常源来做出对策计划。 规定:安全事件收集器(310)从互联网服务提供系统收集信息,以准备安全事件。 安全事件分析器(320)使用所收集的信息分析网络电子邮件的存在或网络发布。 安全事件分析器映射源IP地址,目的IP地址和代理IP地址。
-
公开(公告)号:KR100949803B1
公开(公告)日:2010-03-30
申请号:KR1020070133083
申请日:2007-12-18
Applicant: 한국전자통신연구원
IPC: H04L12/26
CPC classification number: H04L63/1416 , H04L29/12783 , H04L61/35 , H04L63/1441
Abstract: 보안 이벤트의 중요 속성들에 대한 조합 결과를 표시함으로써 네트워크의 성능을 저하시키는 이상 및 유해 트래픽 등을 직관적으로 인식하고 보안 상황을 실시간으로 용이하게 판단할 수 있도록 한 아이피 주소 분할 표시 장치 및 방법을 개시한다. 개시된 본 발명은 수집된 보안 이벤트들에서 공통 특성 정보를 이용하여 군집화하고, 군집화된 이벤트들의 IP주소들을 병렬좌표 및/또는 원형좌표로 분할 표시한다.
-
公开(公告)号:KR1020090030880A
公开(公告)日:2009-03-25
申请号:KR1020070096537
申请日:2007-09-21
Applicant: 한국전자통신연구원
IPC: H04L12/26
CPC classification number: H04L41/28 , H04L63/1416
Abstract: An apparatus and a method for visualizing a network state by using geographic information are provided to use a globe that everyone can easily understand, thereby easily checking a source site in which a security event occurs and a real site of a destination. A security event collecting unit(110) collects a security event from the outside. An IP(Internet Protocol) address converter(120) converts a source IP address within characteristic data of the collected security event and a destination IP address into geographic information based on a geographical information database(130). A network state display unit(140) displays flow of protocol security events between the source and the destination by a 3D screen including globe shape.
Abstract translation: 提供一种通过使用地理信息可视化网络状态的装置和方法,以使用每个人都可以容易理解的地球仪,从而容易地检查发生安全事件的源站点和目的地的真实站点。 安全事件收集单元(110)从外部收集安全事件。 IP(因特网协议)地址转换器(120)基于地理信息数据库(130)将收集的安全事件的特征数据中的源IP地址和目的地IP地址转换为地理信息。 网络状态显示单元(140)通过包括球形形状的3D屏幕来显示源和目的地之间的协议安全事件的流程。
-
公开(公告)号:KR1020090009622A
公开(公告)日:2009-01-23
申请号:KR1020070073059
申请日:2007-07-20
Applicant: 한국전자통신연구원
CPC classification number: H04L45/00 , H04L45/12 , H04L63/1416 , H04L63/1425 , H04L63/1441 , H04L2463/146
Abstract: A back-tracking system based on log and a method thereof using a center division technique capable of quickly searching the actual location of an attacker are provided to apply connection information of a network router collected from a network managing server and log information of an invasion alarm. A log information input module(101) collects log information toward the invasion alarm of a network attacker from an intrusion detection system(120). A reverse invasion process module(103) extracts necessary log information and analyzes log information of the collected invasion alarm. If the log information of the invasion alarm is inputted, a centroid node detection module(104) collects the connect information of the network router from the network management server(110).
Abstract translation: 提供一种基于日志的后跟踪系统及其使用能够快速搜索攻击者的实际位置的中心分割技术的方法,以应用从网络管理服务器收集的网络路由器的连接信息和入侵警报的日志信息 。 日志信息输入模块(101)从入侵检测系统(120)向网络攻击者的入侵警报收集日志信息。 反向入侵处理模块(103)提取必要的日志信息并分析所收集的入侵报警的日志信息。 如果入侵报警的日志信息被输入,则质心节点检测模块(104)从网络管理服务器(110)收集网络路由器的连接信息。
-
公开(公告)号:KR100862194B1
公开(公告)日:2008-10-09
申请号:KR1020070034102
申请日:2007-04-06
Applicant: 한국전자통신연구원
Abstract: A device and a method for sharing infringement accident information, and a network security system including the same are provided to enable domains included in the network security system to share the information related to infringement accidents occurring in the network security system by using a standardized Internet format and transfer protocol. A controller(111) which comprises a reporting unit(111-1), a reporting analyzing unit(111-2), a tracking request unit(111-3) and a tracking execution unit(111-4) controls operation of a security management device by detecting an infringement accident occurring in managed domains, and generating infringement accident information including a trust level of the managed domain, a seriousness level of the infringement accident, and priority of management actions, or analyzing the infringement accident information received from external domains. A message converter(112) generates a message by encoding the infringement accident information and extracts the infringement accident information by decoding the message received from the external domains based on an IODEF(Incident Objection Description Exchange Format)/RID(Real-Time Inter-network Defense) data format. A message transceiver(113) transceives the message with the external domains by using SOAP(Simple Object Application Protocol)/HTTPS(HyperText Transfer Protocol over Secure socket level).
Abstract translation: 提供了一种共享侵权事故信息的装置和方法,以及包括该网络安全系统的网络安全系统,以使网络安全系统中包含的域能够通过使用标准的因特网格式共享与网络安全系统中发生的侵权事故相关的信息 和传输协议。 一种控制器(111),包括报告单元(111-1),报告分析单元(111-2),跟踪请求单元(111-3)和跟踪执行单元(111-4)控制安全性 通过检测管理域中发生的侵权事故,产生管理域的信任级别,侵权事故的严重程度,管理行为的优先级,或分析从外部域收到的侵权事故信息的侵权事故信息,管理设备 。 消息转换器(112)通过对侵权事件信息进行编码来生成消息,并且通过根据IODEF(事件异常描述交换格式)/ RID(实时网络间)解码从外部域接收到的消息来提取侵权事件信息 防御)数据格式。 消息收发器(113)通过使用SOAP(简单对象应用协议)/ HTTPS(通过安全套接字级别的超文本传输协议)来收发与外部域的消息。
-
Patent Agency Ranking
公开(公告)号:KR1020080040921A
公开(公告)日:2008-05-09
申请号:KR1020060108893
申请日:2006-11-06
Applicant: 한국전자통신연구원
Abstract: A method and an apparatus for managing security in large network environment are provided to detect an attack pattern of a network by classifying traffic information depending on a flow having the same characteristic, and to recognize attack situation by analyzing the statistical information. An apparatus for managing security is made up of a traffic receiver(110), a traffic classifier(120), a traffic analyzer(130) and an external interface(140). The traffic receiver collects traffic information(Net flow) from all router which are scattered in a large network in real time. The traffic classifier comprises multi hash table having a stratified structure, and stores the traffic information as traffic statistics information by classifying the traffic information into each flow group. The traffic analyzer receives the traffic statistics information, detects flows which show abnormal indication, and recognizes attack situation. The external interface notifies the present security situation to the outside according to the notified attack situation.
Abstract translation: 提供一种用于管理大型网络环境中的安全性的方法和装置,用于通过根据具有相同特征的流分类业务信息来检测网络的攻击模式,并通过分析统计信息来识别攻击情况。 用于管理安全性的装置由业务接收器(110),业务分类器(120),业务分析器(130)和外部接口(140)组成。 流量接收方从实时分散在大型网络中的所有路由器收集流量信息(Net Flow)。 流分类器包括具有分层结构的多哈希表,并将流量信息作为流量统计信息存储,将流量信息分类到每个流组中。 流量分析仪接收流量统计信息,检测出异常指示的流量,识别攻击情况。 外部接口根据通知的攻击情况将当前的安全情况通知给外界。
-
公开(公告)号:KR1020070061287A
公开(公告)日:2007-06-13
申请号:KR1020060083569
申请日:2006-08-31
Applicant: 한국전자통신연구원
CPC classification number: H04L63/0227 , G06Q20/206 , H04L63/101 , H04L63/1408
Abstract: A device and a method for protecting credit information and IP of a user against information denial attack are provided to block intrusion of malicious information, prevent illegal information leakage, prevent illegal action of an authorized user, and prevent an unauthorized user from malicious using the information by monitoring inbound/outbound contents in a network level. An inbound processor(201) blocks a harmful traffic by determining whether the harmful traffic is included in the inbound contents by using a black list. An integrated IAM(ID and Access Management)/NAM(Network Access Management) solution part(203) detects/blocks an internal abnormal action or fraud attack for the credit information and the IP by controlling user and device access. An outbound manager(202) prevents leakage of the credit information and the IP in the outbound contents by using a white list. The inbound processor determines the attack by combining a rule-based using a rule database and action-based attack determination result using a traffic action pattern.
Abstract translation: 提供了一种用于保护用户免受信息拒绝攻击的信用信息和IP的设备和方法,以阻止恶意信息的入侵,防止非法信息泄露,防止授权用户的非法操作,并防止未经授权的用户使用该信息进行恶意 通过监视网络级别的入站/出站内容。 入站处理器(201)通过使用黑名单来确定有害通信是否包括在入站内容中来阻止有害通信。 集成的IAM(ID和访问管理)/ NAM(网络访问管理)解决方案部分(203)通过控制用户和设备访问来检测/阻止信用信息和IP的内部异常动作或欺诈攻击。 出站管理器(202)通过使用白名单来防止信用信息和出站内容中的IP的泄漏。 入站处理器通过使用规则数据库和使用业务动作模式的基于动作的攻击确定结果组合基于规则的来确定攻击。
-
公开(公告)号:KR101554340B1
公开(公告)日:2015-09-21
申请号:KR1020080116357
申请日:2008-11-21
Applicant: 한국전자통신연구원
Abstract: 본발명은, 사용자단말기가웹 서버에로그인할 때, 자신의 IP 정보를웹 서버에노출하도록함으로써, 신뢰할수 없는네트워크에대해서도웹 서버가사용자단말기를인증하고안전한암호통신용세션키교환을수행할수 있도록하는패스워드기반인증방법에대한것이다.
-
公开(公告)号:KR1020110040152A
公开(公告)日:2011-04-20
申请号:KR1020090097313
申请日:2009-10-13
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/1408 , H04L2463/146
Abstract: PURPOSE: A method for reversely tracking an attacker packet and a system therefore are provided to sense the attacker packet by using a hash function and a bloom filter. CONSTITUTION: A first router(100) receives a hash information list of an attacker packet from a server(300) which reversely track an attack path of the attacker packet in a network. A hash value is extracted by applying a hash function to a reception packet. It is determined whether the information corresponding to the extracted hash value exists in the hash information list. The reception packet is determined to the attacker packet according to the information corresponding to the extracted hash value. The determination result is transmitted to the server.
Abstract translation: 目的:提供一种用于反向跟踪攻击者数据包和系统的方法,以通过使用散列函数和绽放过滤器来感知攻击者数据包。 构成:第一路由器(100)从服务器(300)接收攻击者包的哈希信息列表,该服务器反向跟踪网络中的攻击者包的攻击路径。 通过将哈希函数应用于接收分组来提取散列值。 确定在哈希信息列表中是否存在与提取的散列值相对应的信息。 接收包根据与提取的散列值对应的信息确定给攻击者包。 确定结果被发送到服务器。
-
公开(公告)号:KR1020110011935A
公开(公告)日:2011-02-09
申请号:KR1020090069418
申请日:2009-07-29
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1425
Abstract: PURPOSE: A network attach sensing device based on visual data analysis and a method thereof are provided to convert traffic information into an image and sense various attacks on a network using the formed image through a visual data analysis technique. CONSTITUTION: A traffic image generator(100) generates a traffic image through IP additional information. By comparing the traffic image with a previously inputted traffic image, a network attack detector(200) detects a network attack. A network attack analyzer(300) detects network attack information and pattern information of the network attack information. A network attack detection result expression unit(400) expresses the network attack information and the pattern information of the network attack.
Abstract translation: 目的:提供一种基于视觉数据分析的网络附着感测装置及其方法,用于通过视觉数据分析技术将交通信息转换为图像,并使用形成的图像感知网络上的各种攻击。 构成:流量图像生成器(100)通过IP附加信息生成流量图像。 通过将流量图像与先前输入的流量图像进行比较,网络攻击检测器(200)检测网络攻击。 网络攻击分析器(300)检测网络攻击信息和网络攻击信息的模式信息。 网络攻击检测结果表达单元(400)表示网络攻击信息和网络攻击的模式信息。
-
-
-
-
-
-
-
-
-
Search Results
42
records
(took 0.026 seconds)
