-
公开(公告)号:KR100656352B1
公开(公告)日:2006-12-11
申请号:KR1020050087024
申请日:2005-09-16
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: A method for displaying event information related to network security is provided to enable a user to visually analyze change of a quantity and connectivity of events of a specific attribute among the events related to the network security, and intuitively recognize a current security situation. The network-related events generated in a managed domain of the network are collected(110). Information including a generation quantity of each application port, the connectivity between a source and destination address, a source and destination address, and an event type to be expressed as a graphic is extracted from the collected event(151,161). The extracted information is displayed as the graphic according to the source and destination address, and interconnectivity among the event types(152,162). An abnormal security state of the managed domain is determined according to a pattern of the displayed graph(170).
Abstract translation: 提供了一种显示与网络安全相关的事件信息的方法,使用户能够直观地分析与网络安全相关的事件中特定属性事件的数量和连通性的变化,直观地识别当前的安全状况。 收集在网络的受管理域中生成的与网络有关的事件(110)。 从所收集的事件(151,161)中提取包括每个应用端口的产生量,源和目的地地址之间的连通性,源和目的地地址以及将被表达为图形的事件类型的信息。 提取的信息根据源地址和目的地址以及事件类型之间的互连性显示为图形(152,162)。 根据所显示的图形的模式来确定管理域的异常安全状态(170)。
-
-
公开(公告)号:KR1020060062298A
公开(公告)日:2006-06-12
申请号:KR1020040101086
申请日:2004-12-03
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1416 , G06F21/552 , G06F21/85 , H04L63/1441
Abstract: 본 발명에 의한 네트워크 공격상황 탐지 장치는 접속하고 있는 네트워크의 경보를 수신한 후 소정의 경보 데이터로 가공하여 출력하는 경보수신부; 상기 가공된 경보 데이터의 속성 및 발생 빈도를 기초로 상기 네트워크의 공격상황을 분석하는 경보처리부; 상기 네트워크의 상황을 분석할 수 있는 기본 데이터를 유지하며 상기 경보처리부에 제공하는 메모리부; 및 외부 장치로 상기 분석 결과를 송신하고 상기 공격상황의 판단시 기초가 되는 소정의 임계치를 수신한 후 상기 경보처리부로 출력하여 상기 메모리부에 저장하도록 하는 인터페이스부;를 포함하는 것을 특징으로 하며, 네트워크의 경보를 처리하기 위한 해쉬 엔진과 탐지 엔진을 네트워크 공격 상황으로 분류한 데이터 집합과 동일한 수로 병렬 구성함으로써, 네트워크의 공격 상황을 방대한 양의 침입 탐지 경보로부터 실시간으로 탐지해낼 수 있다.
네트워크 공격상황 분석, 침입탐지 경보 연관성 분석, 고성능 공격상황 탐지-
公开(公告)号:KR1020060042783A
公开(公告)日:2006-05-15
申请号:KR1020040091567
申请日:2004-11-10
Applicant: 한국전자통신연구원
CPC classification number: G06F15/00
Abstract: 본 발명에 의한 정책서버의 정책 분배 방법은 정책서버와 정책 클라이언트를 포함하는 정책 기반 네트워크상에서 상기 정책 클라이언트의 정책 요청에 따라 정책 클라이언트에게 정책 분배를 하는 방법에 있어서, 정책클라이언트로부터 롤(role)과 캐퍼빌리티(capability)정보를 포함하는 정책 요청을 수신하는 단계; 및 상기 정책 요청에 부응하여 정책을 결정한 후 PIB(Policy Information Base)로 변환하여 상기 정책클라이언트로 송신하는 단계;를 포함하는 것을 특징으로 하며, 복잡하고 대규모화되는 네트워크나 네트워크의 서비스들을 관리하기 위해 정의된 정책을 롤을 기반으로 관리하고 분배하는데 최적의 정책 분배 알고리즘으로써, 관리자의 개별적인 인터페이스들의 관리 대신 롤을 기반으로 한 정책 정의와 분배를 통해 복잡하고 대규모화되는 네트워크와 네트워크 서비스들을 효율적으로 관리할 수 있다.
-
公开(公告)号:KR1020040055513A
公开(公告)日:2004-06-26
申请号:KR1020020082207
申请日:2002-12-21
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/205 , H04L63/1408 , H04L63/1441
Abstract: PURPOSE: An information model for a security policy of a policy-based network security system is provided to accept a detection policy, a cut-off policy, a sensing policy, an IP security policy and an alarm control policy by defining a policy information model. CONSTITUTION: A policy client system(120) analyzes packets accessing an internal network, detects an attack and transmits an alarm message to a policy server(110). The policy server(110) generates a systematical policy to cope with a possible attack through collective analysis by using traffic information, log information and alarm information received from multiple policy client systems(120). A policy storing unit(140) stores policies generated by the policy server(110). A policy determining module(112) transfers the policies of the policy storing unit(140) to the policy client system(120), and if a problem arises during performing a policy, the policy determining module(112) transfers it to a viewer(160). An alarm management module(114) stores alarm data transferred from the policy client system(120) in an alarm database(150) and transfers the alarm data and a result obtained by analyzing the alarm data to the viewer(160).
Abstract translation: 目的:提供基于策略的网络安全系统的安全策略的信息模型,通过定义策略信息模型来接受检测策略,截止策略,感知策略,IP安全策略和警报控制策略 。 规定:策略客户端系统(120)分析访问内部网络的分组,检测攻击并将警报消息发送到策略服务器(110)。 策略服务器(110)通过使用从多个策略客户端系统(120)接收到的交通信息,日志信息和报警信息,通过集体分析生成应对可能的攻击的系统策略。 策略存储单元(140)存储策略服务器(110)生成的策略。 策略确定模块(112)将策略存储单元(140)的策略传送到策略客户端系统(120),并且如果在执行策略期间出现问题,策略确定模块(112)将其传送给观众( 160)。 警报管理模块(114)将从策略客户机系统(120)传送的报警数据存储在报警数据库(150)中,并将报警数据和通过分析报警数据获得的结果传送给观察者(160)。
-
Patent Agency Ranking
公开(公告)号:KR100401064B1
公开(公告)日:2003-10-10
申请号:KR1020010081104
申请日:2001-12-19
Applicant: 한국전자통신연구원
IPC: G06F15/16
Abstract: PURPOSE: A method for checking a collision at editing a policy in a network security policy managing tool is provided to complement an operation mechanism of a network security policy managing tool based on a policy server. CONSTITUTION: It is judged whether an appendix is executed or new object is created with respect to a reusable object(S41). If new object is created, a corresponding object is selected(S42) and an attribute of the selected object is inputted(S43). If a rule object is created, an attribute of the rule object is inputted. In addition, it is checked whether a rule object having an identical name or keyword exists(S44). In the case that a condition object, an action object, a variable object, or a value object is created except a rule object, it is checked whether an object of the same name exists. In addition, when an attribute is inputted, it is checked whether a value possessed in a range defined by the attribute is inputted, and the corresponding object is created(S45-S46). It is judged whether an object to be appended exists after creating the object(S47). If an object to be appended exists, the stage is returned to the stage (S41).
Abstract translation: 目的:提供一种在编辑网络安全策略管理工具中的策略时检查冲突的方法,以基于策略服务器来补充网络安全策略管理工具的操作机制。 构成:判断是否执行了附录或者针对可重用对象创建了新对象(S41)。 如果创建了新对象,则选择对应对象(S42),并输入所选对象的属性(S43)。 如果创建规则对象,则输入规则对象的属性。 另外,检查是否存在具有相同名称或关键字的规则对象(S44)。 在除规则对象之外创建条件对象,动作对象,变量对象或值对象的情况下,检查是否存在具有相同名称的对象。 另外,当输入属性时,检查是否输入了由该属性定义的范围中拥有的值,并且创建对应的对象(S45-S46)。 在创建对象之后判断是否存在要附加的对象(S47)。 如果存在要附加的对象,则将该阶段返回到阶段(S41)。
-
公开(公告)号:KR1020030050619A
公开(公告)日:2003-06-25
申请号:KR1020010081104
申请日:2001-12-19
Applicant: 한국전자통신연구원
IPC: G06F15/16
Abstract: PURPOSE: A method for checking a collision at editing a policy in a network security policy managing tool is provided to complement an operation mechanism of a network security policy managing tool based on a policy server. CONSTITUTION: It is judged whether an appendix is executed or new object is created with respect to a reusable object(S41). If new object is created, a corresponding object is selected(S42) and an attribute of the selected object is inputted(S43). If a rule object is created, an attribute of the rule object is inputted. In addition, it is checked whether a rule object having an identical name or keyword exists(S44). In the case that a condition object, an action object, a variable object, or a value object is created except a rule object, it is checked whether an object of the same name exists. In addition, when an attribute is inputted, it is checked whether a value possessed in a range defined by the attribute is inputted, and the corresponding object is created(S45-S46). It is judged whether an object to be appended exists after creating the object(S47). If an object to be appended exists, the stage is returned to the stage (S41).
Abstract translation: 目的:提供一种在网络安全策略管理工具中编辑策略时检查冲突的方法,以补充基于策略服务器的网络安全策略管理工具的运行机制。 构成:判断是否执行了附录,或者针对可重用对象创建了新对象(S41)。 如果创建新对象,则选择对应的对象(S42),并输入所选对象的属性(S43)。 如果创建了规则对象,则输入规则对象的属性。 此外,检查是否存在具有相同名称或关键字的规则对象(S44)。 在除规则对象之外创建条件对象,动作对象,变量对象或值对象的情况下,将检查是否存在同名的对象。 此外,当输入属性时,检查是否输入了由属性定义的范围内具有的值,并创建了相应的对象(S45-S46)。 在创建对象后,判断是否存在要附加的对象(S47)。 如果要附加的对象存在,则将舞台返回到舞台(S41)。
-
-
公开(公告)号:KR101554340B1
公开(公告)日:2015-09-21
申请号:KR1020080116357
申请日:2008-11-21
Applicant: 한국전자통신연구원
Abstract: 본발명은, 사용자단말기가웹 서버에로그인할 때, 자신의 IP 정보를웹 서버에노출하도록함으로써, 신뢰할수 없는네트워크에대해서도웹 서버가사용자단말기를인증하고안전한암호통신용세션키교환을수행할수 있도록하는패스워드기반인증방법에대한것이다.
-
公开(公告)号:KR1020110040152A
公开(公告)日:2011-04-20
申请号:KR1020090097313
申请日:2009-10-13
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/1408 , H04L2463/146
Abstract: PURPOSE: A method for reversely tracking an attacker packet and a system therefore are provided to sense the attacker packet by using a hash function and a bloom filter. CONSTITUTION: A first router(100) receives a hash information list of an attacker packet from a server(300) which reversely track an attack path of the attacker packet in a network. A hash value is extracted by applying a hash function to a reception packet. It is determined whether the information corresponding to the extracted hash value exists in the hash information list. The reception packet is determined to the attacker packet according to the information corresponding to the extracted hash value. The determination result is transmitted to the server.
Abstract translation: 目的:提供一种用于反向跟踪攻击者数据包和系统的方法,以通过使用散列函数和绽放过滤器来感知攻击者数据包。 构成:第一路由器(100)从服务器(300)接收攻击者包的哈希信息列表,该服务器反向跟踪网络中的攻击者包的攻击路径。 通过将哈希函数应用于接收分组来提取散列值。 确定在哈希信息列表中是否存在与提取的散列值相对应的信息。 接收包根据与提取的散列值对应的信息确定给攻击者包。 确定结果被发送到服务器。
-
-
-
-
-
-
-
-
-
Search Results
71
records
(took 0.024 seconds)
