-
公开(公告)号:KR1020120105759A
公开(公告)日:2012-09-26
申请号:KR1020110023391
申请日:2011-03-16
Applicant: 한국전자통신연구원
CPC classification number: G06F21/564
Abstract: PURPOSE: A malicious code visualizing apparatus, a malicious code detecting apparatus, and a method thereof are provided to easily represent a structure, a shape, and a behavior of a malicious code executing file by visualizing a structure, a shape, and a behavior of an execution file having a malicious code. CONSTITUTION: A string extracting unit(102) unpacks a file according to packing a file having a malicious file and extracts strings. An entropy calculator(104) calculates entropy about the extracted string. A graph generating unit(106) sets up the string as a node and sets up directionality between nodes based on a connection relation about the string. The graph generating unit sets up a color of the node based on entropy about the string and generates a graph about the file. The entropy calculating unit calculates the entropy about the string. [Reference numerals] (102) String extracting unit; (104) Entropy calculating unit; (106) Graph generating unit; (110) Malicious code database; (AA) File
Abstract translation: 目的:提供恶意代码可视化设备,恶意代码检测设备及其方法,以通过可视化结构,形状和行为来容易地表示恶意代码执行文件的结构,形状和行为 具有恶意代码的执行文件。 构成:字符串提取单元(102)根据打包具有恶意文件的文件并提取字符串来解包文件。 熵计算器(104)计算关于提取的串的熵。 图形生成单元(106)将字符串设置为节点,并且基于关于字符串的连接关系在节点之间建立方向性。 图形生成单元基于关于该字符串的熵来建立该节点的颜色,并且生成关于该文件的图形。 熵计算单元计算关于该串的熵。 (102)串提取单元; (104)熵计算单元; (106)图形生成单元; (110)恶意代码数据库; (AA)文件
-
公开(公告)号:KR1020120076661A
公开(公告)日:2012-07-09
申请号:KR1020100125849
申请日:2010-12-09
Applicant: 한국전자통신연구원
CPC classification number: G06F21/554
Abstract: PURPOSE: An information asset management device, a server, an agent, and a method thereof are provided to check the current state of critical information assets of a host system through an agent for monitoring the leak of the critical information assets. CONSTITUTION: An information asset monitoring agent(150) monitors and outputs critical asset information or leak information of a host system. An information asset management and storage unit(160) stores the critical information and ID of each host system. An information asset management server(100) stores the critical asset information of the host system received from the information asset monitoring agent in the information asset management and storage unit and grasps the current condition of critical information assets of the host system using the critical information asset information.
Abstract translation: 目的:提供信息资产管理设备,服务器,代理及其方法,以通过用于监视关键信息资产泄漏的代理来检查主机系统的关键信息资产的当前状态。 规定:信息资产监控代理(150)监视和输出主机系统的关键资产信息或泄漏信息。 信息资产管理和存储单元(160)存储每个主机系统的关键信息和ID。 信息资产管理服务器(100)将从信息资产监控代理接收到的主机系统的关键资产信息存储在信息资产管理存储部中,使用关键信息资产掌握主机系统的关键信息资产的当前状态 信息。
-
13.发明公开지능형 출입 감시 방법 및 시스템, 지능형 출입 감시를 위한 출입 감시 장치, 지능형 출입 감시를 위한 프로그램이 기록된 기록매체 无效用于提供智能接入监控的智能接入监控装置的方法和系统,用于智能接入监视的记录介质
公开(公告)号:KR1020120065817A
公开(公告)日:2012-06-21
申请号:KR1020100127130
申请日:2010-12-13
Applicant: 한국전자통신연구원
IPC: G08B13/196 , H04N7/18 , G08B25/00
CPC classification number: H04N7/18 , G06F17/30781 , G07C9/00087 , H04L67/02 , H04L67/18 , H04L67/306 , H04N5/76 , H04W4/02
Abstract: PURPOSE: A method and a system for monitoring intelligent access, a device for monitoring intelligent access, a recording medium for monitoring intelligent access are provided to enhance the level and accuracy of security service. CONSTITUTION: An entrance event collector(1100) collects entrance event information provided from an entrance control device and stores the information in entrance monitoring DB. A profile manager(1200) generates keywords for network information search. A data searching unit(1300) searches network information using the keywords and transfers the result to a preprocessor(1400). The preprocessor executes preprocess for extracting information related to visitors. An entrance monitoring unit(1500) generates entrance monitoring profile information and provides mapping date.
Abstract translation: 目的:提供监控智能接入的方法和系统,智能接入监控设备,智能接入监控记录介质,提升安全服务的水平和准确性。 构成:入口事件收集器(1100)收集从入口控制装置提供的入口事件信息,并将信息存储在入口监视DB中。 配置文件管理器(1200)生成用于网络信息搜索的关键字。 数据搜索单元(1300)使用关键字搜索网络信息并将结果传送到预处理器(1400)。 预处理器执行预处理,以提取与访问者相关的信息。 入口监视单元(1500)生成入口监视简档信息并提供映射日期。
-
公开(公告)号:KR1020110043982A
公开(公告)日:2011-04-28
申请号:KR1020090100758
申请日:2009-10-22
Applicant: 한국전자통신연구원
CPC classification number: G06F21/60 , G06F17/30241 , G06Q50/32
Abstract: PURPOSE: A domain security state displaying device using geographic information and a method thereof are provided to enable a manager to make a countermeasure plan by instinctively notifying the source of an abnormality in an ISP network. CONSTITUTION: A security event collector(310) collects information from internet service providing system in order to prepare a security event. A security event analyzer(320) analyzes the existence of a web email or a web posting using the collected information. The security event analyzer maps the source IP address, a destination IP address, and a proxy IP address.
Abstract translation: 目的:提供使用地理信息的域安全状态显示设备及其方法,以使管理者能够通过本地地通知ISP网络中的异常源来做出对策计划。 规定:安全事件收集器(310)从互联网服务提供系统收集信息,以准备安全事件。 安全事件分析器(320)使用所收集的信息分析网络电子邮件的存在或网络发布。 安全事件分析器映射源IP地址,目的IP地址和代理IP地址。
-
公开(公告)号:KR100949803B1
公开(公告)日:2010-03-30
申请号:KR1020070133083
申请日:2007-12-18
Applicant: 한국전자통신연구원
IPC: H04L12/26
CPC classification number: H04L63/1416 , H04L29/12783 , H04L61/35 , H04L63/1441
Abstract: 보안 이벤트의 중요 속성들에 대한 조합 결과를 표시함으로써 네트워크의 성능을 저하시키는 이상 및 유해 트래픽 등을 직관적으로 인식하고 보안 상황을 실시간으로 용이하게 판단할 수 있도록 한 아이피 주소 분할 표시 장치 및 방법을 개시한다. 개시된 본 발명은 수집된 보안 이벤트들에서 공통 특성 정보를 이용하여 군집화하고, 군집화된 이벤트들의 IP주소들을 병렬좌표 및/또는 원형좌표로 분할 표시한다.
-
Patent Agency Ranking
公开(公告)号:KR1020090030880A
公开(公告)日:2009-03-25
申请号:KR1020070096537
申请日:2007-09-21
Applicant: 한국전자통신연구원
IPC: H04L12/26
CPC classification number: H04L41/28 , H04L63/1416
Abstract: An apparatus and a method for visualizing a network state by using geographic information are provided to use a globe that everyone can easily understand, thereby easily checking a source site in which a security event occurs and a real site of a destination. A security event collecting unit(110) collects a security event from the outside. An IP(Internet Protocol) address converter(120) converts a source IP address within characteristic data of the collected security event and a destination IP address into geographic information based on a geographical information database(130). A network state display unit(140) displays flow of protocol security events between the source and the destination by a 3D screen including globe shape.
Abstract translation: 提供一种通过使用地理信息可视化网络状态的装置和方法,以使用每个人都可以容易理解的地球仪,从而容易地检查发生安全事件的源站点和目的地的真实站点。 安全事件收集单元(110)从外部收集安全事件。 IP(因特网协议)地址转换器(120)基于地理信息数据库(130)将收集的安全事件的特征数据中的源IP地址和目的地IP地址转换为地理信息。 网络状态显示单元(140)通过包括球形形状的3D屏幕来显示源和目的地之间的协议安全事件的流程。
-
公开(公告)号:KR1020090009622A
公开(公告)日:2009-01-23
申请号:KR1020070073059
申请日:2007-07-20
Applicant: 한국전자통신연구원
CPC classification number: H04L45/00 , H04L45/12 , H04L63/1416 , H04L63/1425 , H04L63/1441 , H04L2463/146
Abstract: A back-tracking system based on log and a method thereof using a center division technique capable of quickly searching the actual location of an attacker are provided to apply connection information of a network router collected from a network managing server and log information of an invasion alarm. A log information input module(101) collects log information toward the invasion alarm of a network attacker from an intrusion detection system(120). A reverse invasion process module(103) extracts necessary log information and analyzes log information of the collected invasion alarm. If the log information of the invasion alarm is inputted, a centroid node detection module(104) collects the connect information of the network router from the network management server(110).
Abstract translation: 提供一种基于日志的后跟踪系统及其使用能够快速搜索攻击者的实际位置的中心分割技术的方法,以应用从网络管理服务器收集的网络路由器的连接信息和入侵警报的日志信息 。 日志信息输入模块(101)从入侵检测系统(120)向网络攻击者的入侵警报收集日志信息。 反向入侵处理模块(103)提取必要的日志信息并分析所收集的入侵报警的日志信息。 如果入侵报警的日志信息被输入,则质心节点检测模块(104)从网络管理服务器(110)收集网络路由器的连接信息。
-
公开(公告)号:KR100862194B1
公开(公告)日:2008-10-09
申请号:KR1020070034102
申请日:2007-04-06
Applicant: 한국전자통신연구원
Abstract: A device and a method for sharing infringement accident information, and a network security system including the same are provided to enable domains included in the network security system to share the information related to infringement accidents occurring in the network security system by using a standardized Internet format and transfer protocol. A controller(111) which comprises a reporting unit(111-1), a reporting analyzing unit(111-2), a tracking request unit(111-3) and a tracking execution unit(111-4) controls operation of a security management device by detecting an infringement accident occurring in managed domains, and generating infringement accident information including a trust level of the managed domain, a seriousness level of the infringement accident, and priority of management actions, or analyzing the infringement accident information received from external domains. A message converter(112) generates a message by encoding the infringement accident information and extracts the infringement accident information by decoding the message received from the external domains based on an IODEF(Incident Objection Description Exchange Format)/RID(Real-Time Inter-network Defense) data format. A message transceiver(113) transceives the message with the external domains by using SOAP(Simple Object Application Protocol)/HTTPS(HyperText Transfer Protocol over Secure socket level).
Abstract translation: 提供了一种共享侵权事故信息的装置和方法,以及包括该网络安全系统的网络安全系统,以使网络安全系统中包含的域能够通过使用标准的因特网格式共享与网络安全系统中发生的侵权事故相关的信息 和传输协议。 一种控制器(111),包括报告单元(111-1),报告分析单元(111-2),跟踪请求单元(111-3)和跟踪执行单元(111-4)控制安全性 通过检测管理域中发生的侵权事故,产生管理域的信任级别,侵权事故的严重程度,管理行为的优先级,或分析从外部域收到的侵权事故信息的侵权事故信息,管理设备 。 消息转换器(112)通过对侵权事件信息进行编码来生成消息,并且通过根据IODEF(事件异常描述交换格式)/ RID(实时网络间)解码从外部域接收到的消息来提取侵权事件信息 防御)数据格式。 消息收发器(113)通过使用SOAP(简单对象应用协议)/ HTTPS(通过安全套接字级别的超文本传输协议)来收发与外部域的消息。
-
公开(公告)号:KR1020080040921A
公开(公告)日:2008-05-09
申请号:KR1020060108893
申请日:2006-11-06
Applicant: 한국전자통신연구원
Abstract: A method and an apparatus for managing security in large network environment are provided to detect an attack pattern of a network by classifying traffic information depending on a flow having the same characteristic, and to recognize attack situation by analyzing the statistical information. An apparatus for managing security is made up of a traffic receiver(110), a traffic classifier(120), a traffic analyzer(130) and an external interface(140). The traffic receiver collects traffic information(Net flow) from all router which are scattered in a large network in real time. The traffic classifier comprises multi hash table having a stratified structure, and stores the traffic information as traffic statistics information by classifying the traffic information into each flow group. The traffic analyzer receives the traffic statistics information, detects flows which show abnormal indication, and recognizes attack situation. The external interface notifies the present security situation to the outside according to the notified attack situation.
Abstract translation: 提供一种用于管理大型网络环境中的安全性的方法和装置,用于通过根据具有相同特征的流分类业务信息来检测网络的攻击模式,并通过分析统计信息来识别攻击情况。 用于管理安全性的装置由业务接收器(110),业务分类器(120),业务分析器(130)和外部接口(140)组成。 流量接收方从实时分散在大型网络中的所有路由器收集流量信息(Net Flow)。 流分类器包括具有分层结构的多哈希表,并将流量信息作为流量统计信息存储,将流量信息分类到每个流组中。 流量分析仪接收流量统计信息,检测出异常指示的流量,识别攻击情况。 外部接口根据通知的攻击情况将当前的安全情况通知给外界。
-
公开(公告)号:KR1020070035918A
公开(公告)日:2007-04-02
申请号:KR1020050116586
申请日:2005-12-01
Applicant: 한국전자통신연구원
CPC classification number: H04B7/2606 , H04W16/26 , H04W40/22 , H04W48/08 , H04W76/10
Abstract: An apparatus and method for transmitting relay station (RS) type information in a multi-hop relay cellular communication system are provided. In the RS type information providing method, an RS transmits a message including information about RS's type to an MS. The MS acquires the RS type information from the message and performs an initial connection procedure with the RS based on the RS type information.
-
-
-
-
-
-
-
-
-
Search Results
74
records
(took 0.027 seconds)
