-
公开(公告)号:KR1020050060553A
公开(公告)日:2005-06-22
申请号:KR1020030092190
申请日:2003-12-16
Applicant: 한국전자통신연구원
IPC: H04L12/865
CPC classification number: H04L47/6275 , H04L49/1546
Abstract: 본 발명은 파이프라인 방식의 힙 관리기 및 그의 우선순위 정렬 방법에 관한 것이다.
본 발명에서는 10Gbps급 패킷 스케줄러에서 자신을 포함한 왼쪽 하위 노드들의 점유(Non-empty) 카운터를 이용하여 고속 정렬 기능을 수행한다. 구체적으로, 매 패킷 세그먼트 타임(32㎱)마다 2개의 패킷 세그먼트에 대한 우선순위 값을 받아 정렬을 수행하고, 1개의 가장 높은 우선순위 값을 가지는 패킷 세그먼트를 서비스한다. 따라서, 10Gbps 패킷 스케줄러에서 새로 입력되는 플로우의 패킷과 대기 중인 패킷을 동시에 받아 우선순위를 정렬할 수 있다. 이외에도, 연속적인 두 개의 패킷 세그먼트들 간에 메모리 충돌 없이 정렬 기능을 수행하며, 많은 우선순위 레벨에 대해 쉽게 확장할 수 있다. 또한, 작업 보존 방식과 비 작업 보존 방식으로 구성 가능하여 지연 경계(Delay Bound)나 지터(Jitter) 등 실시간 서비스 품질(QoS)의 보장을 제공할 수 있다.-
42.发明授权
公开(公告)号:KR100468232B1
公开(公告)日:2005-01-26
申请号:KR1020020008654
申请日:2002-02-19
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/1425 , G06F21/552 , H04L2463/146
Abstract: Disclosed is a network-based attack tracing system and method using a distributed attack detection agent and manager system that can detect and trace an attack path of a hacker in real time on the whole network using distributed network-based attack detection agent, request manager, and reply manager. The agent detects an attack using a network-based intrusion detection system (NIDS), analyzes an alarm log that is judged to be the attack, changes the analyzed alarm log into attack information, and transmits the attack information to the request manager. The request manager performs a search of an attack IP based on the attack information received from the agent, stores a result of search in a tree structure, and if a final search is completed, extracts a hacking path using a binary search tree (BST) algorithm. The reply manager searches an alarm log DB located in the agent of its own network in response to the attack information search request from the request manager, and transmits a result of search to the request manager. The system and method can use the detection function of the existing NIDS at maximum, control unnecessary tracing requests during the process of judging many alarm logs as the attack logs, and broaden its application range in case of the authenticated network.
Abstract translation: 公开了一种使用分布式攻击检测代理和管理器系统的基于网络的攻击跟踪系统和方法,该系统和方法能够使用基于分布式网络的攻击检测代理,请求管理器来实时在整个网络上检测和跟踪黑客的攻击路径, 和回复经理。 代理使用基于网络的入侵检测系统(NIDS)检测攻击,分析被判定为攻击的警报日志,将分析的警报日志更改为攻击信息,并将攻击信息发送给请求管理器。 请求管理器基于从代理接收的攻击信息执行攻击IP的搜索,将搜索结果存储在树结构中,并且如果最终搜索完成,则使用二叉搜索树(BST)提取黑客路径, 算法。 响应管理器响应于来自请求管理器的攻击信息搜索请求,搜索位于其自己网络的代理中的警报日志DB,并将搜索结果发送给请求管理器。 该系统和方法可以最大限度地利用现有NIDS的检测功能,在将多个告警日志判断为攻击日志的过程中控制不必要的跟踪请求,并且在认证网络的情况下扩大其应用范围。
-
公开(公告)号:KR1020040050570A
公开(公告)日:2004-06-16
申请号:KR1020020078427
申请日:2002-12-10
Applicant: 한국전자통신연구원
IPC: H04N21/80 , H04N21/8358
Abstract: PURPOSE: A response watermark generating/inserting apparatus for tracing back connection attack and a method therefor are provided to easily trace back a packet by inserting a watermark capable of discrimination into contents of a response packet of a damage system hacked by a hacker. CONSTITUTION: A packet check module(10) receives all packets through a network interface card(S1), and performs a test for searching a response packet corresponding to a damage system among the received packets. A watermark generating module(20) provides the response packet searched by the packet check module(10), and generates a packet watermark corresponding to the response packet. A watermark inserting module(30) inserts the packet watermark into a TCP(Transmission Control Protocol) data region in the response packet provided by the watermark generating module(20). A watermark packet transmitting module(40) transmits the packet provided from the watermark inserting module(30) through a network interface card(S2).
Abstract translation: 目的:提供一种用于跟踪连接攻击的响应水印生成/插入装置及其方法,用于通过将能够识别的水印插入到由黑客攻击的损坏系统的响应分组的内容中来容易地追溯分组。 构成:数据包检查模块(10)通过网络接口卡(S1)接收所有数据包,并对接收到的数据包中的损坏系统进行对应的响应包进行检测。 水印生成模块(20)提供由分组检查模块(10)搜索到的响应分组,并生成与响应分组对应的分组水印。 水印插入模块(30)将分组水印插入由水印生成模块(20)提供的响应分组中的TCP(传输控制协议)数据区域中。 水印分组发送模块(40)通过网络接口卡(S2)发送从水印插入模块(30)提供的分组。
-
公开(公告)号:KR100432420B1
公开(公告)日:2004-05-22
申请号:KR1020010081719
申请日:2001-12-20
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: A system and a method for judging attack using the log monitoring on an IDS(Intrusion Detection System) are provided to adjust the load of a reverse tracking system and to enhance the reliability for the attack detection by monitoring and processing a log generated from the IDS, and tracking the actual intrusion after judging it by a defined attack type. CONSTITUTION: A monitoring part(31) extracts an IP(Internet Protocol), time, and a log type from the log record detected by the IDS(11). A rule processor(32) previously defines the attack types for analyzing the attack logs, analyzes and compares the updated log from the monitored log with the defined attack type, and judges the actual attack if the updated log is agreed with the defined attack type. A statistics processor(33) improves the reliability for the attack log by applying a critical value for the updated log that is judged as the actual attack by the rule processor(32), and judges the log having the attack trial of a higher frequency than the critical value as the attack.
Abstract translation: 目的:提供一种利用IDS(入侵检测系统)上的日志监视来判断攻击的系统和方法,用于调整反向跟踪系统的负载并通过监视和处理从日志生成的日志来提高攻击检测的可靠性 IDS,并在通过确定的攻击类型判断它之后跟踪实际的入侵。 构成:监视部分(31)从由IDS(11)检测到的日志记录中提取IP(互联网协议),时间和日志类型。 规则处理器(32)预先定义用于分析攻击日志的攻击类型,分析并比较来自监控日志的更新日志与定义的攻击类型,并且如果更新的日志与定义的攻击类型一致则判断实际攻击。 统计处理器(33)通过对被判定为规则处理器(32)的实际攻击的更新日志应用临界值来提高攻击日志的可靠性,并且判断具有高于 作为攻击的临界值。
-
公开(公告)号:KR100427449B1
公开(公告)日:2004-04-14
申请号:KR1020010079179
申请日:2001-12-14
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/0227 , G06F21/55 , H04L63/0263 , H04L63/1416
Abstract: An intrusion detection method by adaptive rule estimation in a network-based intrusion detection system (NDS) is disclosed. The method includes collecting a packet on a network and searching for an original rule most similar to the collected packet from a rule database in which a rule for intrusion detection is stored, and judging whether a hacker intrudes by estimating a changed position of the collected packet from the original rule. Accordingly, it is possible to prevent an indirect attack of a hacker using a packet whose number of bits is changed due to deletion/insertion of characters from/into the packet.
Abstract translation: 公开了基于网络的入侵检测系统(NDS)中的自适应规则估计的入侵检测方法。 该方法包括收集网络上的分组并且从其中存储入侵检测规则的规则数据库中搜索与收集到的分组最为相似的原始规则,并且通过估计收集到的分组的改变的位置来判断黑客是否入侵 从原来的规则。 因此,可以防止使用由于从分组中删除/插入字符而改变了比特数的分组的黑客的间接攻击。
-
Patent Agency Ranking
公开(公告)号:KR1020040026169A
公开(公告)日:2004-03-30
申请号:KR1020020057526
申请日:2002-09-23
Applicant: 한국전자통신연구원
IPC: H04L12/28
Abstract: PURPOSE: A switch interface device interworking a DASL(Data-Aligned Synchronous Link) interface with a CSIX(Common Switch Interface) is provided to interwork a UTOPIA-L3/DASL conversion module in a network processor, and to interwork a common UTOPIA-L3/DASL conversion module with a CSIX by using an FPGA module, thereby interworking a DASL switch interface with a switch fabric. CONSTITUTION: An IBM network processor(500) is connected with a UTOPIA-L3/DASL conversion module(501) through a DASL interface(505), and has 2 A/B sides in accordance with switch duplexing. A DASL interface data packet stream controlling signal(508) is connected through a UTOPIA-L3/CSIX conversion module FPGA(502). The UTOPIA-L3/DASL conversion module(501) and the UTOPIA-L3/CSIX conversion module FPGA(502) control a packet stream by a UTOPIA control signal(506). The UTOPIA-L3/CSIX conversion module FPGA(502) uses a switch clock as a CSIX interface clock. The UTOPIA-L3/DASL conversion module(501) and the UTOPIA-L3/CSIX conversion module FPGA(502) build control processor interfaces(504) therein in order to interface with an IBM CPU.
Abstract translation: 目的:提供与DASL(数据对齐同步链路)与CSIX(公共交换机接口)接口交互的交换机接口设备,用于在网络处理器中互通UTOPIA-L3 / DASL转换模块,并与普通的UTOPIA-L3 / DASL转换模块与CSIX通过使用FPGA模块,从而将DASL交换机接口与交换结构互通。 规定:IBM网络处理器(500)通过DASL接口(505)与UTOPIA-L3 / DASL转换模块(501)连接,并且根据交换机双工具有2个A / B侧。 DASL接口数据分组流控制信号(508)通过UTOPIA-L3 / CSIX转换模块FPGA(502)连接。 UTOPIA-L3 / DASL转换模块(501)和UTOPIA-L3 / CSIX转换模块FPGA(502)通过UTOPIA控制信号(506)控制分组流。 UTOPIA-L3 / CSIX转换模块FPGA(502)使用开关时钟作为CSIX接口时钟。 UTOPIA-L3 / DASL转换模块(501)和UTOPIA-L3 / CSIX转换模块FPGA(502)在其中构建控制处理器接口(504),以便与IBM CPU接口。
-
公开(公告)号:KR1020030089935A
公开(公告)日:2003-11-28
申请号:KR1020020027862
申请日:2002-05-20
IPC: H04L12/28
CPC classification number: H04L45/54 , H04L45/745
Abstract: PURPOSE: An apparatus and a method for controlling a high-speed IP forwarding engine on the basis of a high-speed lookup device are provided to overcome deterioration in performance, due to lookup process, by embodying a hardware lookup device driver to configure a lookup table as preparation for the driving of a high-speed IP lookup device and replacing an existing software-based lookup module. CONSTITUTION: A forwarding control system based on a high-speed IP lookup device consists of a lookup device(36), a control data structure memory(32), a lookup device and memory initialization control part(33), a lookup table configuration part(34), and a lookup device and memory control part(35). The lookup device(36) compares a lookup table stored in an internal lookup memory(37) with the address information of an inputted IP packet and finds out forwarding information stored in an external forwarding memory(38). The control data structure memory(32) stores the configuration information of a structure that manages the control data of the lookup device(36), the control data of the lookup memory(37), and the control data of the forwarding memory(38) in common. The lookup device and memory initialization control part(33) issues a control command to initialize the lookup device(36), the lookup memory(37), and the control data structure memory(32) in case that an initialization command is generated from an upper application program module(31). In case that a lookup entry addition/deletion command is generated from the upper application program module(31), the lookup table configuration part(34) searches the lookup table to confirm whether an addition or deletion lookup entry exists, adds or deletes the addition or deletion lookup entry according to a search result, and issues a control command to update the contents of the control data structure memory(32). The lookup device and memory control part(35) receives the issued control commands and inputs control values, related to the issued control commands, to the lookup device(36), the lookup memory(37), and the forwarding memory(38).
Abstract translation: 目的:提供一种用于基于高速查找设备来控制高速IP转发引擎的装置和方法,以通过体现硬件查找设备驱动程序来配置查找来克服由查找过程导致的性能下降 表,作为驱动高速IP查找设备和替换现有的基于软件的查找模块的准备。 构成:基于高速IP查找装置的转发控制系统包括查找装置(36),控制数据结构存储器(32),查找装置和存储器初始化控制部分(33),查找表配置部分 (34),以及查找装置和存储器控制部(35)。 查找装置(36)将存储在内部查找存储器(37)中的查找表与输入的IP分组的地址信息进行比较,并且发现存储在外部转发存储器(38)中的转发信息。 控制数据结构存储器(32)存储管理查找装置(36)的控制数据,查找存储器(37)的控制数据和转发存储器(38)的控制数据的结构的配置信息, 共同点 在从初始化命令生成初始化命令的情况下,查找设备和存储器初始化控制部分(33)发出控制命令来初始化查找设备(36),查找存储器(37)和控制数据结构存储器(32) 上层应用程序模块(31)。 在从上层应用程序模块(31)生成查找条目添加/删除命令的情况下,查找表配置部分(34)搜索查找表以确认添加或删除查找条目是否存在,添加或删除添加 或删除查找条目,并且发出控制命令来更新控制数据结构存储器(32)的内容。 查找装置和存储器控制部分(35)接收发出的控制命令,并将与所发出的控制命令相关的控制值输入到查找装置(36),查找存储器(37)和转发存储器(38)。
-
公开(公告)号:KR1020030002570A
公开(公告)日:2003-01-09
申请号:KR1020010038234
申请日:2001-06-29
IPC: H04L12/28
CPC classification number: H04L45/745 , H04L45/60
Abstract: PURPOSE: A parallel lookup control device for various service IP(Internet Protocol) packet forwarding and a method therefor are provided to prevent the performance degradation of the IP packet forwarding and improve a lookup performance as to various services. CONSTITUTION: A lookup control unit(103) has a lookup information storing unit(201) for storing information required in various service classified lookup such as an IP destination address, an IP source address, a TCP(Transmission Control Protocol) destination port number, a TCP source port number, connection information of a received packet, and VPN(Virtual Private Network) root identification information. The lookup control unit(103) has each service classified lookup comparison control unit(501-503) for obtaining information required in each service lookup from the lookup information storing unit(201) and generating a comparison control signal according to each service, and each service classified lookup identity index storing unit(504-506) for storing an identical entry index corresponding to each service classified lookup result in the each service classified lookup comparison control unit(501-503). The lookup control unit(103) has an index priority comparing unit(510) for comparing the entry indexes stored in the service classified lookup identity index storing units(504-506) according a service priority, and a label table index generating unit(511) for generating a label table index according to the selected priority. A lookup engine(104) has each service classified forwarding table(507-509) for storing each service classified lookup information.
Abstract translation: 目的:提供用于各种服务IP(因特网协议)分组转发的并行查找控制设备及其方法,以防止IP分组转发的性能下降,并提高对各种服务的查找性能。 构成:查找控制单元(103)具有查找信息存储单元(201),用于存储诸如IP目的地地址,IP源地址,TCP(传输控制协议)目的地端口号等各种服务分类查找所需的信息, TCP源端口号,接收到的分组的连接信息和VPN(虚拟专用网络)根标识信息。 查找控制单元(103)具有每个服务分类查找比较控制单元(501-503),用于从查找信息存储单元(201)获得每个服务查找所需的信息,并根据每个服务生成比较控制信号,并且每个 服务分类查找身份索引存储单元(504-506),用于存储与每个服务分类查找比较控制单元(501-503)中的每个服务分类查找结果相对应的相同条目索引。 查找控制单元(103)具有索引优先级比较单元(510),用于根据服务优先级将存储在服务分类查找身份索引存储单元(504-506)中的条目索引与标签表索引生成单元(511 ),用于根据所选择的优先级生成标签表索引。 查找引擎(104)具有用于存储每个服务分类查找信息的每个服务分类转发表(507-509)。
-
公开(公告)号:KR100310288B1
公开(公告)日:2001-09-28
申请号:KR1019990061909
申请日:1999-12-24
Applicant: 한국전자통신연구원
IPC: H04L12/28
Abstract: 본발명은라우터시스템에서의룩업처리를위한포워딩엔진장치에관한것으로, 비동기전달모드(ATM) 기반의에지라우터에서룩업처리성능을최대한활용할수 있도록여러라인정합부로유입되는 ATM 셀에대한스케쥴링및 인터넷프로토콜(IP) 룩업처리를파이프라인으로수행할수 있는포워딩엔진장치를제공하고자하며, ATM 라우터시스템에서의룩업처리를위한포워딩엔진장치에있어서, 스위치정합제어부는, 다수의 ATM 스위치에각각연결되여, 수신된 ATM 셀에서라우팅태그를제거하여, 분리/재결합제어부로전달하거나, 이의역기능을수행하는다수개의스위치정합수단; 및다수의스위치정합수단의라우팅태그정보테이블에대한액세스중재와, 스위치정합수단과분리/재결합제어수단간의신호중재를담당하는액세스중재수단을포함하고분리/재결합제어수단은다수의스위치정합수단과일대일대응되게연결된다수의분리/재결합수단을포함하고패킷메모리및 패킷제어부는다수의분리/재결합수단에대응되게구비되며룩업제어부는다수의패킷제어부로부터수신된패킷헤더정보를병렬처리함과동시에스케쥴링을통해패킷헤더에대한룩업기능을수행하며, ATM 기반의라우터시스템에이용됨
-
公开(公告)号:KR100275506B1
公开(公告)日:2000-12-15
申请号:KR1019980050416
申请日:1998-11-24
Applicant: 한국전자통신연구원
IPC: H04L12/433
Abstract: 1. 청구범위에 기재된 발명이 속한 기술분야
본 발명은 레이블 스위칭 경로 설정을 위한 제어 메시지 처리 방법에 관한 것임.
2. 발명이 해결하려고 하는 기술적 과제
본 발명은 초고속 공중 통신망의 근간이 되는 비동기전달모드 교환시스템내에서 인터넷 트래픽을 고속으로 전송하기 위하여 레이블 스위칭 경로를 설정하기 위한 제어 메시지를 처리하는 제어 메시지 처리 방법 및 상기 방법을 실현시키기 위한 프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체를 제공하는데 그 목적이 있음.
3. 발명의 해결방법의 요지
본 발명은, 타국으로부터 입력된 레이블 스위칭 경로 설정 제어 메시지를 분석하여 인터넷 프로토콜(IP) 프리픽스별로 스위치 자원을 요청하는 제 1 단계; 인터넷 프로토콜(IP) 프리픽스별로 스위치 자원을 할당하는 제 2 단계; 인터넷 프로토콜(IP) 프리픽스와 할당된 스위치 자원을 맵핑하는 제 3 단계; 및 상기 맵핑된 정보를 레이블 스위칭 경로 설정을 요청한 상기 타국으로 전송하는 제 4 단계를 포함한다.
4. 발명의 중요한 용도
본 발명은 비동기전달모드 교환시스템 등에 이용됨.
-
-
-
-
-
-
-
-
-
Search Results
216
records
(took 0.025 seconds)
