公开(公告)号：KR100772177B1

公开(公告)日：2007-11-01

申请号：KR1020060112962

申请日：2006-11-15

Applicant: 한국전자통신연구원

Inventor： 김동영 ,  김종현 ,  방효찬 ,  김현주 ,  장범환 ,  김건량 ,  이수형 ,  유종호 ,  박원주 ,  손선경 ,  정치윤 ,  나중찬 ,  장종수

IPC: H04L9/00 ,  H04L12/26

CPC classification number: H04L63/1416

Abstract: A method and a device for generating an intrusion detection event for testing a security function are provided to simply test the security function of products and systems related to security without real hacking or generation and intrusion of attack packets by generating the intrusion detection events for various situations. A method for generating an intrusion detection event for testing a security function is composed of steps for setting a basic information list for generating the intrusion detection event(S100); setting a basic template of the intrusion detection event(S110); selecting specific basic information in the set basic information list(S120); generating a virtual intrusion detection event by inserting the chosen basic information into the basic template(S130); and transmitting the generated virtual intrusion detection event to a security system to be tested(S140).

Abstract translation: 提供了一种用于生成用于测试安全功能的入侵检测事件的方法和设备，以简单地测试与安全相关的产品和系统的安全功能，而无需真正的黑客入侵或攻击包的生成和入侵，并通过生成针对各种情况的入侵检测事件 。 用于生成用于测试安全功能的入侵检测事件的方法包括用于设置用于生成入侵检测事件的基本信息列表的步骤（S100）; 设置入侵检测事件的基本模板（S110）; 在设定的基本信息列表中选择特定的基本信息（S120）; 通过将所选择的基本信息插入到基本模板中来生成虚拟入侵检测事件（S130）; 以及将生成的虚拟入侵检测事件发送到要测试的安全系统（S140）。

公开(公告)号：KR1020070059898A

公开(公告)日：2007-06-12

申请号：KR1020060072647

申请日：2006-08-01

Applicant: 한국전자통신연구원

Inventor： 정연서 ,  유종호 ,  서동일

IPC: G06F15/00 ,  G06F21/20

CPC classification number: G06F21/6209 ,  G06F21/577 ,  G06F2221/2115 ,  G06F2221/2119 ,  H04L63/12 ,  H04L63/14 ,  H04L63/1483

Abstract: A method and a device for preventing leakage of user information by using server registration information are provided to enable a user to check security by checking information of service providing sites in an authentication server before the site is connected. A server authentication system(120) classifies the site operating a web server(130) into a safe site or not after collecting an address of the servers connected through the Internet and site information. A user computer(110) is connected to the Internet. A server authentication client(111) is mounted on the user computer and blocks connection to a harmful site based on the site information. The server authentication system classifies an IP(Internet Protocol) address of the servers operated by the trusted sites after collecting the IP address and information of the servers, and stores the classified servers by each domain of the site. The server authentication client includes a connector receiving the information of the site to be connected by the user computer from the authentication system, a monitoring part, an address extractor, and an analyzer.

Abstract translation: 提供了一种通过使用服务器注册信息来防止用户信息泄漏的方法和装置，以使得用户能够在网站连接之前通过检查认证服务器中的服务提供站点的信息来检查安全性。 服务器认证系统（120）在收集通过因特网连接的服务器的地址和站点信息之后，将运行Web服务器（130）的站点分类到安全站点。 用户计算机（110）连接到因特网。 服务器认证客户端（111）安装在用户计算机上，并基于站点信息阻止与有害站点的连接。 服务器认证系统在收集服务器的IP地址和信息后，对由可信站点运行的服务器的IP（Internet协议）地址进行分类，并通过站点的每个域存储分类的服务器。 服务器认证客户机包括从认证系统接收用户计算机要连接的站点的信息的连接器，监视部分，地址提取器和分析器。