-
公开(公告)号:KR1020160111798A
公开(公告)日:2016-09-27
申请号:KR1020150036970
申请日:2015-03-17
Applicant: 한국전자통신연구원
Inventor: 윤승용
Abstract: MTM을기반으로하는보안서비스제공방법이개시된다. MTM 기반의보안서비스제공방법은앱 실행에의해입력되는암호화된명령어를파싱하는단계; 상기파싱된명령어에의한세션연결시도가있으면상기세션연결을인증하는단계; 상기연결된세션의세션키를이용하여상기암호화된명령어를복호화하는단계; 상기복호화된명령어가 MTM 실행명령어또는보안서비스실행명령어인지판단하는단계; 및상기복호화된명령어가 MTM 실행명령어로판단되면 MTM을실행하고, 상기파싱된명령어가보안서비스실행명령어로판단되면보안서비스를실행하는단계;를포함할수 있다.
Abstract translation: 公开了一种基于移动可信模块(MTM)提供安全服务的方法。 用于基于MTM提供安全服务的方法可以包括以下步骤:响应于应用的执行来解析加密的指令输入; 当通过解析的加密指令尝试会话的连接时,认证会话的连接; 通过使用所连接会话的会话密钥解密加密指令; 确定解密的指令是否对应于MTM执行指令或安全服务执行指令; 以及当确定所述解密的指令对应于所述MTM执行指令时执行MTM,以及当确定所述解密的指令对应于所述安全服务执行指令时,执行安全服务。
-
公开(公告)号:KR1020150089664A
公开(公告)日:2015-08-05
申请号:KR1020140010563
申请日:2014-01-28
Applicant: 한국전자통신연구원
Inventor: 윤승용
IPC: G06F21/56
CPC classification number: G06F21/565
Abstract: 본발명은리패키징된모바일악성코드를신속하고정확하게탐지할수 있는리패키징된모바일악성코드탐지시스템에관한것으로, 상기모바일악성코드탐지시스템은, 다양한경로를통해 APK 파일을수집하고, 파일정보를추출하는파일취득부; 상기파일정보를분석하여유사도에따라상기파일정보를다수의그룹으로분류하고, 분류된그룹별로해당파일정보의상세분석및 상세유사도분석에따라지속적으로유지되는그룹에대해악성코드를판별하는분석부; 및상기분석부의악성코드판별결과에따라, 판별대상그룹내에속한 APK 파일에대한정상파일인지악성파일인지를표시하는출력부를포함한다.
Abstract translation: 本发明涉及一种用于检测重新包装的恶意移动代码的系统,其使得用户能够快速且精确地检测重新打包的恶意移动代码,其中用于检测恶意移动代码的系统包括:文件获取单元,经由 提取文件信息的各种路径; 分析单元,分析文件信息以根据相似性将文件信息分类成多个组,并且通过对相应文件信息的详细分析和分类组的详细相似性分析来确定持续组的恶意代码; 以及输出单元,其根据分析单元已经对恶意代码确定的结果,指示落入进行了确定的组的APK文件的正常文件或恶意文件。
-
公开(公告)号:KR1020140058196A
公开(公告)日:2014-05-14
申请号:KR1020120124924
申请日:2012-11-06
Applicant: 한국전자통신연구원
Abstract: The present invention provides an apparatus and a method for protecting mobile message data which can fundamentally prevent personal information leakage caused by a mobile massager by forming a security channel while exchanging conversation messages through a mobile messenger by utilizing asymmetric key encryption using a security module installed on a mobile terminal. In order to achieve this, the apparatus according to the present invention comprises: a terminal system unit of a terminal to generate and register encryption information for a secure conversation with the other party through a mobile message server by being linked to a security module, and to perform a secure conversation by setting and performing a secure conversation session; and a security module installed in the terminal to generate and store encryption information for a secure conversation through a mobile messenger in a terminal system unit, and to generate, encrypt, and decrypt session information according to the setting of a secure conversation session.
Abstract translation: 本发明提供了一种用于保护移动消息数据的装置和方法,其可以从根本上防止移动按摩器引起的个人信息泄漏,通过使用安装在其上的安全模块通过使用非对称密钥加密来通过移动信使交换对话消息,形成安全信道 移动终端。 为了实现这一点,根据本发明的装置包括:终端的终端系统单元,通过链接到安全模块来通过移动消息服务器生成并登记用于与对方的安全对话的加密信息;以及 通过设置和执行安全对话会话来执行安全对话; 以及安装在终端中的安全模块,通过终端系统单元中的移动信使生成和存储用于安全对话的加密信息,并且根据安全会话会话的设置生成,加密和解密会话信息。
-
公开(公告)号:KR101286647B1
公开(公告)日:2013-08-23
申请号:KR1020090117143
申请日:2009-11-30
Applicant: 한국전자통신연구원
Abstract: 본 발명은 세션 관리 방법에 대하여 개시한다. 본 발명의 일면에 따른 세션 관리 방법은, TCP 세션 연결에 따라, TCP 헤더 및 IP 헤더를 포함하는 제1 단편 패킷이 수신되면, 상기 제1 단편 패킷이 포함된 세션 상태와 방향성을 파악하는 단계; 상기 TCP 헤더 및 상기 IP 헤더의 정보를 이용하여 제1 주소를 결정하고, 상기 제1 주소의 엔트리를 구성하여 상기 세션 상태와 방향성과 함께 저장하는 단계; 상기 IP 헤더를 포함하는 제2 내지 제N 단편 패킷이 수신되면, 상기 IP 헤더의 정보를 이용하여 상기 세션 상태와 방향성을 파악하는 단계; 및 상기 IP 헤더의 정보를 이용하여 제2 내지 제N 주소를 결정하고, 상기 제2 내지 제N 주소의 엔트리를 구성하여 세션 상태와 방향성과 함께 저장하는 단계를 포함하되, 상기 제2 내지 제N 단편 패킷이 단편화된 패킷중 마지막 패킷이면 상기 구성된 제2 내지 제N 주소의 엔트리를 삭제하는 것을 특징으로 한다.
Fragment, 패킷 단편화, TCP 세션, 세션 상태, 세션 추적-
公开(公告)号:KR101262845B1
公开(公告)日:2013-05-09
申请号:KR1020090127050
申请日:2009-12-18
Applicant: 한국전자통신연구원
IPC: H04L12/22
Abstract: 본발명의 URI 컨텐츠식별을이용한웹 부하공격차단장치는, 유입페이로드패킷으로부터클라이언트의정보를추출하는패킷파서모듈; 패킷파서모듈로부터추출정보를전달받아이 정보에대하여해쉬함수(Hash)를적용하여해쉬값을생성하는해쉬생성모듈; 및해쉬생성모듈에의해생성된해쉬값들과기 추출된정보를전달받아클라이언트의정보를기반으로하는웹 서버의부하공격을탐지하고, 악의적인사용자에의한메시지로판단될경우에는패킷을차단하는 DDoS 감지및 보호모듈을구비한다.
-
Patent Agency Ranking
公开(公告)号:KR1020130030086A
公开(公告)日:2013-03-26
申请号:KR1020110093618
申请日:2011-09-16
Applicant: 한국전자통신연구원
Inventor: 윤승용
CPC classification number: G06F21/00 , H04L63/0254 , H04L63/1458 , H04L63/166
Abstract: PURPOSE: A method for defending a DDoS(Distributed Denial-of-Service) attack through abnormal session connection termination and a device thereof are provided to conspicuously reduce operation for detection and a wrong detection ratio of the DDoS attack. CONSTITUTION: A session tracking unit(110) parses collected packets. The session tracking unit extracts header information. The session tracking unit tracks the abnormal session connection termination of a type predefined based on the extracted header information. The session tracking unit measures the number of abnormal session connection terminations. An attack detecting unit(150) determines a DDoS attack by comparing the measured number of the abnormal session connection terminations with a preset threshold value. [Reference numerals] (110) Session tracking unit; (111) Packet parsing module; (130) Storage unit; (131) Session table; (133) Flow table; (150) Attack detecting unit; (170) Attack handling unit; (AA) Alarm; (BB) Input:packet
Abstract translation: 目的:提供一种通过异常会话连接终止来防御DDoS(分布式拒绝服务)攻击的方法及其设备,以显着降低DDoS攻击检测和错误检测率。 构成:会话跟踪单元(110)解析收集的数据包。 会话跟踪单元提取标题信息。 会话跟踪单元基于提取的头信息跟踪预定义的类型的异常会话连接终止。 会话跟踪单元测量异常会话连接终止的次数。 攻击检测单元(150)通过将所测量的异常会话连接终端的数量与预设的阈值进行比较来确定DDoS攻击。 (附图标记)(110)会话跟踪单元; (111)分组解析模块; (130)存储单元; (131)会话表; (133)流量表; (150)攻击检测单元; (170)攻击处理单元; (AA)报警; (BB)输入:数据包
-
公开(公告)号:KR1020120066466A
公开(公告)日:2012-06-22
申请号:KR1020100127821
申请日:2010-12-14
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: G06F21/55 , H04L63/1458
Abstract: PURPOSE: A DoS(Denial-of-Service) attack prevention method is provided to secure network service to a normal user by preventing only malicious user's operation about various types of ICMP(Internet Control Message Protocol) flooding. CONSTITUTION: A server detects suspicious packet among a plurality of received packets using protocol information of received plural packets, fragmentation property information, and fragmentation location information(S311). The server determines whether the suspicious packet is an attack packet or not using the payload which is included in the detected suspicious packet(S312). The server determines the suspicious packet as the attack packet(S313).
Abstract translation: 目的:通过防止恶意用户对各种类型的ICMP(Internet Control Message Protocol)泛滥的操作,提供DoS(拒绝服务)攻击防范方法来保护网络服务到普通用户。 规定:服务器使用接收到的多个分组的协议信息,分段属性信息和分段位置信息来检测多个接收到的分组中的可疑分组(S311)。 服务器使用检测到的可疑包中包含的有效载荷来确定可疑包是否是攻击包(S312)。 服务器将可疑包确定为攻击包(S313)。
-
公开(公告)号:KR1020110037645A
公开(公告)日:2011-04-13
申请号:KR1020090095173
申请日:2009-10-07
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1458 , G06F21/56 , H04L63/1416
Abstract: PURPOSE: A distributed service denying protecting device and method thereof are provided to reinforcing security of a network and a server system by helping a performance of a abnormal packet detecting function. CONSTITUTION: A session table(232) stores session information for coping with an invasion detection. A flow table(231) stores traffic measurement information by flow. A packet extracting unit(210) extracts packet from an inflow traffic. A detecting unit(220) extracts a field for a session tracking and traffic measurement from the packet. The detecting unit detects an abnormal packet through one between extracted field and the session table. A corresponding unit(240) secludes the abnormal packet.
Abstract translation: 目的:通过帮助执行异常分组检测功能,提供了一种分布式服务拒绝保护设备及其方法,以加强网络和服务器系统的安全性。 构成:会话表(232)存储用于应对入侵检测的会话信息。 流表(231)通过流量存储流量测量信息。 分组提取单元(210)从流入业务中提取分组。 检测单元(220)从分组中提取用于会话跟踪和业务测量的字段。 检测单元通过提取字段和会话表之间的一个检测异常分组。 对应的单元(240)隐藏异常分组。
-
公开(公告)号:KR1020100066170A
公开(公告)日:2010-06-17
申请号:KR1020080124848
申请日:2008-12-09
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1458 , H04L43/16 , H04L63/1416
Abstract: PURPOSE: A method and a device for preventing denial service through session state tracking are provided to trace a session stat in a real time, thereby rapidly detecting generation of DoS/DDos attack. CONSTITUTION: An attach detection engine(20) traces the state of the session according to the packet transmission between a client and a server. If the number of sessions of a particular state exceeds a preset critical value, the attack detection engine determines the DoS(Denial-of-Service)/DDoS(Distributed Denial-of-service) attack. If the DoS/DDoS attack is detected, a correspondence engine(30) determines the drop of a packet according to the presence of the session corresponding with the new packet of client. The correspondence engine deals with the DoS/DDoS attack by the determination of the packet drop.
Abstract translation: 目的:提供一种通过会话状态跟踪来防止拒绝服务的方法和设备,用于实时跟踪会话统计信息,从而快速检测DoS / DDos攻击的产生。 构成:附件检测引擎(20)根据客户端和服务器之间的数据包传输跟踪会话的状态。 如果特定状态的会话数超过预设的临界值,则攻击检测引擎确定DoS(拒绝服务)/ DDoS(分布式拒绝服务)攻击。 如果检测到DoS / DDoS攻击,则通信引擎(30)根据与客户端的新分组对应的会话的存在来确定分组的丢弃。 通信引擎通过确定数据包丢失来处理DoS / DDoS攻击。
-
公开(公告)号:KR1020090066142A
公开(公告)日:2009-06-23
申请号:KR1020070133772
申请日:2007-12-18
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1416 , G06F21/566
Abstract: A polymorphic shell code detection method is provided to reduce operation overhead without missing corresponding instruction by performing a reverse assemble for detecting the instruction searching an address of the encoded code. An execution code address is stored in a register table(S100). In case the register item in which the executable code address is stored is used as the input of an instruction, the instruction defining rest register item is detected(S400). An emulation is performed from the instruction storing the executable code address in a stack or instructions defining rest register items from the first instruction. If the emulation result is stored in the memory, the input data is determined as a polymorphic shell code(S500).
Abstract translation: 提供多态shell代码检测方法以减少操作开销而不丢失对应指令,通过执行用于检测编码代码的地址的指令的反向组合。 执行代码地址存储在寄存器表中(S100)。 在存储可执行代码地址的寄存器项目被用作指令的输入的情况下,检测定义休止寄存器项目的指令(S400)。 从存储堆栈中的可执行代码地址的指令或从第一指令定义休眠寄存器项的指令执行仿真。 如果仿真结果存储在存储器中,则输入数据被确定为多态shell代码(S500)。
-
-
-
-
-
-
-
-
-
Search Results
68
records
(took 0.023 seconds)
