公开(公告)号：KR1020140006408A

公开(公告)日：2014-01-16

申请号：KR1020120073225

申请日：2012-07-05

Applicant: 한국전자통신연구원

Inventor： 임선희 ,  김종현 ,  김기영 ,  이성원 ,  조재익 ,  서동일 ,  안개일 ,  서대희

IPC: H04L12/26

CPC classification number: H04L43/062 ,  H04L41/145 ,  H04L43/08 ,  H04L63/1425

Abstract: Disclosed are an apparatus for quantifying the abnormality of an abnormal host and a method thereof. The apparatus for quantifying abnormality according to the present invention comprises: an analysis component extractor for extracting analysis components in a DNS traffic; a node classifier for modeling the analysis components according to a classification rule and classifying terminal nodes within a network based on the modeling result; a basic probability extractor for checking a relative distribution corresponding to the terminal node classification result and extracting a basic probability value based on the check result; a counter for classifying malicious zombie nodes by using the basic probability value, extracting domain information among traffics from the malicious zombie nodes to a DNS server, and counting the number of domain occurrences based on the extracted domain information; and a quantifying part for extracting a quantified value of the malicious domains based on the number of domain occurrences and quantifying the abnormal value of the abnormal host based on the quantified value. [Reference numerals] (110) Analysis component extractor; (120) Node classifier; (130) Basic probability extractor; (140) Counter; (150) Quantifying part

Abstract translation: 公开了一种用于量化异常主机的异常的装置及其方法。 根据本发明的用于量化异常的装置包括：用于提取DNS业务中的分析组件的分析部件提取器; 一种用于根据分类规则建模分析组件并基于建模结果对网络内的终端节点进行分类的节点分类器; 基本概率提取器，用于检查对应于终端节点分类结果的相对分布，并且基于检查结果提取基本概率值; 通过使用基本概率值对恶意僵尸节点进行分类的计数器，从恶意僵尸节点到DNS服务器的流量中提取域信息，并根据提取的域信息对域数发生次数进行计数; 以及量化部，其基于域发生次数提取恶意域的量化值，并根据量化值量化异常主机的异常值。 （附图标记）（110）分析部件提取器; （120）节点分类器; （130）基本概率提取器; （140）柜台; （150）量化部分

公开(公告)号：KR1020120068352A

公开(公告)日：2012-06-27

申请号：KR1020100129942

申请日：2010-12-17

Applicant: 한국전자통신연구원

Inventor： 이승민 ,  문용혁 ,  서대희 ,  권혁찬 ,  남택용 ,  나재훈 ,  서동일

IPC: H04N21/235

CPC classification number: H04N21/2351 ,  H04L65/4084 ,  H04N19/30 ,  H04N21/47211

Abstract: PURPOSE: An IPTV(Internet Protocol TV) service supplying apparatus and a method thereof are provided to increase quality of content through minimum information. CONSTITUTION: A security engine server(316) confirms whether additional cost is paid for high quality content from a security managing server. The security engine server generates a security message. The partial information includes a low layer information and high layer information from an extractor. The streaming server transmits information to a subscriber terminal.

Abstract translation: 目的：提供IPTV（因特网协议电视）服务提供装置及其方法，以通过最小信息提高内容质量。 规定：安全引擎服务器（316）确认是否从安全管理服务器支付高质量内容的附加费用。 安全引擎服务器生成安全消息。 部分信息包括来自提取器的低层信息和高层信息。 流服务器向用户终端发送信息。