公开(公告)号：KR1020120047350A

公开(公告)日：2012-05-14

申请号：KR1020100108148

申请日：2010-11-02

Applicant: 한국전자통신연구원

Inventor： 이수형 ,  김재혁 ,  김원태 ,  박승민

IPC: H04L29/10 ,  H04L12/66 ,  H04L12/28

CPC classification number: H04L12/1836

Abstract: PURPOSE: A method and a system for discovering a communication entity using a discovery gateway are provided to ensure stability and reliability not only in a search procedure but also in performing whole applications by performing a distributed search procedure through requests and responses between communications entities. CONSTITUTION: A first local network(102) and a second local network are connected through a via network(105). A search gateway is installed inside a first local domain(310) and a second local domain(320). A first search gateway(103) in the first local domain is connected to a second search gateway(107) in the second local domain. The search gateway is formed in the same device or a separate device of network devices(104,106) to connect a local network to the via network.

Abstract translation: 目的：提供一种用于发现使用发现网关的通信实体的方法和系统，以便不仅在搜索过程中确保稳定性和可靠性，而且还通过通过通信实体之间的请求和响应执行分布式搜索过程来执行整个应用。 构成：通过网络（105）连接第一本地网络（102）和第二本地网络。 搜索网关安装在第一本地域（310）和第二本地域（320）内。 第一本地域中的第一搜索网关（103）连接到第二本地域中的第二搜索网关（107）。 搜索网关形成在相同设备或网络设备（104,106）的单独设备中，以将本地网络连接到通路网络。

公开(公告)号：KR1020100127948A

公开(公告)日：2010-12-07

申请号：KR1020090046309

申请日：2009-05-27

Applicant: 한국전자통신연구원

Inventor： 이수형 ,  홍효봉 ,  김태완 ,  정명애 ,  손승원 ,  유승민

IPC: A61K31/195 ,  A61K38/16 ,  G01N33/569 ,  A61P31/12

CPC classification number: G01N33/56983 ,  C07K5/06026 ,  C07K5/06043 ,  C07K5/06052 ,  C07K5/0606 ,  C07K5/06069 ,  C07K5/06078 ,  C07K5/06095 ,  C07K5/06104 ,  C07K5/06156 ,  G01N2333/165

Abstract: PURPOSE: A peptide compound for detecting or suppressing corona virus which causes SARS is provided to form strong bond with SARS corona virus and to easily synthesize. CONSTITUTION: An agent for capturing and inhibiting SARS corona virus contains a comound of chemical formula 1. A method for contacting the compound of chemical formula 1 with a test sample for detecting SARS corona virus comprises: a step of fixing the test sample on a substrate surface; a step of contacting the compound of chemical formula 1 with the test sample; and a step of contacting a label-conjugated secondary capturing material.

Abstract translation: 目的：提供一种用于检测或抑制导致SARS的电晕病毒的肽化合物，以形成与SARS冠状病毒的强烈结合并易于合成。 构成：用于捕获和抑制SARS电晕病毒的药剂含有化学式1的化合物。将化学式1的化合物与用于检测SARS电晕病毒的检测样品接触的方法包括：将测试样品固定在基底上的步骤 表面; 使化学式1的化合物与测试样品接触的步骤; 以及使标记共轭二次捕获材料接触的步骤。

公开(公告)号：KR100862194B1

公开(公告)日：2008-10-09

申请号：KR1020070034102

申请日：2007-04-06

Applicant: 한국전자통신연구원

Inventor： 김현주 ,  장범환 ,  이수형 ,  김건량 ,  방효찬 ,  손선경 ,  정치윤 ,  김종현 ,  박원주 ,  유종호 ,  나중찬 ,  장종수 ,  손승원

IPC: G06F11/00 ,  G06F21/00

Abstract: A device and a method for sharing infringement accident information, and a network security system including the same are provided to enable domains included in the network security system to share the information related to infringement accidents occurring in the network security system by using a standardized Internet format and transfer protocol. A controller(111) which comprises a reporting unit(111-1), a reporting analyzing unit(111-2), a tracking request unit(111-3) and a tracking execution unit(111-4) controls operation of a security management device by detecting an infringement accident occurring in managed domains, and generating infringement accident information including a trust level of the managed domain, a seriousness level of the infringement accident, and priority of management actions, or analyzing the infringement accident information received from external domains. A message converter(112) generates a message by encoding the infringement accident information and extracts the infringement accident information by decoding the message received from the external domains based on an IODEF(Incident Objection Description Exchange Format)/RID(Real-Time Inter-network Defense) data format. A message transceiver(113) transceives the message with the external domains by using SOAP(Simple Object Application Protocol)/HTTPS(HyperText Transfer Protocol over Secure socket level).

Abstract translation: 提供了一种共享侵权事故信息的装置和方法，以及包括该网络安全系统的网络安全系统，以使网络安全系统中包含的域能够通过使用标准的因特网格式共享与网络安全系统中发生的侵权事故相关的信息 和传输协议。 一种控制器（111），包括报告单元（111-1），报告分析单元（111-2），跟踪请求单元（111-3）和跟踪执行单元（111-4）控制安全性 通过检测管理域中发生的侵权事故，产生管理域的信任级别，侵权事故的严重程度，管理行为的优先级，或分析从外部域收到的侵权事故信息的侵权事故信息，管理设备 。 消息转换器（112）通过对侵权事件信息进行编码来生成消息，并且通过根据IODEF（事件异常描述交换格式）/ RID（实时网络间）解码从外部域接收到的消息来提取侵权事件信息 防御）数据格式。 消息收发器（113）通过使用SOAP（简单对象应用协议）/ HTTPS（通过安全套接字级别的超文本传输​​协议）来收发与外部域的消息。

公开(公告)号：KR1020080040921A

公开(公告)日：2008-05-09

申请号：KR1020060108893

申请日：2006-11-06

Applicant: 한국전자통신연구원

Inventor： 방효찬 ,  김동영 ,  나중찬 ,  장범환 ,  김건량 ,  손선경 ,  김종현 ,  정치윤 ,  유종호 ,  이수형 ,  김현주 ,  박원주 ,  장종수

IPC: G06F15/00 ,  G06F17/00

Abstract: A method and an apparatus for managing security in large network environment are provided to detect an attack pattern of a network by classifying traffic information depending on a flow having the same characteristic, and to recognize attack situation by analyzing the statistical information. An apparatus for managing security is made up of a traffic receiver(110), a traffic classifier(120), a traffic analyzer(130) and an external interface(140). The traffic receiver collects traffic information(Net flow) from all router which are scattered in a large network in real time. The traffic classifier comprises multi hash table having a stratified structure, and stores the traffic information as traffic statistics information by classifying the traffic information into each flow group. The traffic analyzer receives the traffic statistics information, detects flows which show abnormal indication, and recognizes attack situation. The external interface notifies the present security situation to the outside according to the notified attack situation.

Abstract translation: 提供一种用于管理大型网络环境中的安全性的方法和装置，用于通过根据具有相同特征的流分类业务信息来检测网络的攻击模式，并通过分析统计信息来识别攻击情况。 用于管理安全性的装置由业务接收器（110），业务分类器（120），业务分析器（130）和外部接口（140）组成。 流量接收方从实时分散在大型网络中的所有路由器收集流量信息（Net Flow）。 流分类器包括具有分层结构的多哈希表，并将流量信息作为流量统计信息存储，将流量信息分类到每个流组中。 流量分析仪接收流量统计信息，检测出异常指示的流量，识别攻击情况。 外部接口根据通知的攻击情况将当前的安全情况通知给外界。

公开(公告)号：KR1020070035918A

公开(公告)日：2007-04-02

申请号：KR1020050116586

申请日：2005-12-01

Applicant: 한국전자통신연구원

Inventor： 장범환 ,  나중찬 ,  김건량 ,  김동영 ,  김진오 ,  김현주 ,  방효찬 ,  이수형 ,  손선경 ,  장종수 ,  손승원

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04B7/2606 ,  H04W16/26 ,  H04W40/22 ,  H04W48/08 ,  H04W76/10

Abstract: An apparatus and method for transmitting relay station (RS) type information in a multi-hop relay cellular communication system are provided. In the RS type information providing method, an RS transmits a message including information about RS's type to an MS. The MS acquires the RS type information from the message and performs an initial connection procedure with the RS based on the RS type information.

公开(公告)号：KR100439169B1

公开(公告)日：2004-07-05

申请号：KR1020010070765

申请日：2001-11-14

Applicant: 한국전자통신연구원

Inventor： 이수형 ,  이승민 ,  지정훈 ,  오승희 ,  남택용

IPC: H04L12/22

Abstract: PURPOSE: A method of back-tracking an attacker through session information management applied with code mobility is provided to track a hacker's connection when a direct invasion attack on a host is detected, thereby identifying the host where a hacker substantially exists. CONSTITUTION: A security managing system decides whether an invasion detecting system senses an invasion on a host(510). If so, the system generates a back-tracking sensor(520). The system moves the back-tracking sensor to the invasion-targeted host(530). The back-tracking sensor inquires of a monitoring sensor about previous path information of an attacker(540). The back-tracking sensor receives the previous path information, and decides whether a host exists in a self domain and other domain(550). If so, the system requests a managing server of the other domain to authenticate the back-tracking sensor(560). The back-tracking sensor moves to other host of the other domain(570). The back-tracking sensor inquires of a monitoring sensor mounted on the other host about the next host path, and performs the step '550'(580). If the next host exists in the same domain, the back-tracking sensor informs a security managing server of the host(590).

Abstract translation: 目的：提供一种通过应用代码移动性的会话信息管理来追踪攻击者的方法，以在检测到对主机的直接入侵攻击时跟踪黑客的连接，从而识别黑客实际存在的主机。 构成：安全管理系统决定入侵检测系统是否感知主机上的入侵（510）。 如果是，则系统生成回溯传感器（520）。 系统将回溯传感器移动到以入侵为目标的主机（530）。 回溯传感器询问监测传感器关于攻击者的先前路径信息（540）。 回溯传感器接收先前的路径信息，并确定主机是否存在于自身域和其他域中（550）。 如果是，则系统请求另一个域的管理服务器对后向跟踪传感器进行认证（560）。 回溯传感器移动到另一个域的其他主机（570）。 回溯传感器询问安装在另一主机上的监控传感器关于下一主机路径，并执行步骤'550'（580）。 如果下一个主机存在于相同的域中，则回溯传感器通知主机的安全管理服务器（590）。

公开(公告)号：KR1020040039552A

公开(公告)日：2004-05-12

申请号：KR1020020067660

申请日：2002-11-02

Applicant: 한국전자통신연구원

Inventor： 이수형 ,  나중찬 ,  손승원 ,  김현주

IPC: H04L12/22

CPC classification number: H04L63/1416 ,  H04L63/1458 ,  H04L63/1466 ,  H04L2463/146

Abstract: PURPOSE: A system and method for tracking an attacker back and intercepting an attack in a security network is provided to trace the location of an attacker back in case that the attacker accesses a specific host via many hosts for the purpose of the stealing or change of important data. CONSTITUTION: A system and method for tracking an attacker back and intercepting an attack in a security network is comprised of a session logging part(240), a security management system(220), and a traffic interruption part(230). The session logging part(240) is installed and executed at each host(210-213). The security management system(220) executes an attacker tracking function at each domain. The traffic interruption part(230), having an interface for an external system, intercepts an attacker's traffic through the interface.

Abstract translation: 目的：提供一种用于跟踪攻击者返回并拦截安全网络中的攻击的系统和方法，用于跟踪攻击者的位置，以防攻击者通过许多主机访问特定主机，以窃取或更改攻击者 重要资料。 构成：用于跟踪攻击者并拦截安全网络中的攻击的系统和方法包括会话记录部分（240），安全管理系统（220）和业务中断部分（230）。 会话记录部分（240）在每个主机（210-213）处被安装和执行。 安全管理系统（220）在每个域执行攻击者跟踪功能。 具有用于外部系统的接口的流量中断部分（230）通过该接口拦截攻击者的流量。

公开(公告)号：KR1020030039732A

公开(公告)日：2003-05-22

申请号：KR1020010070766

申请日：2001-11-14

Applicant: 한국전자통신연구원

Inventor： 이승민 ,  남택용 ,  이수형 ,  지정훈 ,  오승희

IPC: H04L12/22

CPC classification number: H04L63/1458 ,  H04L63/1416 ,  H04L63/1425 ,  H04L2463/146

Abstract: PURPOSE: A method of back-tracking an attacker by using log information of edge routers on the Internet is provided to record log information on all packets accessing to inside from edge routers of each network, thereby back-tracking the packets regardless of a changed IP address of the attacker. CONSTITUTION: When an attacker attacks an invasion host, an internal invasion detecting system senses the invasion(201). The system informs a managing server of an internal network of the invasion(202). The managing server inquires of all edge routers of the network to analyze an invasion-detected log corresponding to a trace of the attacker' packet(203), and decides whether the invasion trace is searched through an internal edge router(204). If so, the managing server requests a managing server of other network corresponding to the invasion trace to log-analyze self edge routers(205). If the invasion trace is not searched, the managing server decides that a hacker exists in the internal network(208).

Abstract translation: 目的：通过在互联网上使用边缘路由器的日志信息来回溯跟踪攻击者的方法，用于记录从每个网络的边缘路由器访问内部的所有数据包的日志信息，从而回溯跟踪数据包，而不管更改的IP 地址的攻击者。 构成：当攻击者攻击入侵主机时，内部入侵检测系统会检测入侵（201）。 系统通知管理服务器内部网络的入侵（202）。 管理服务器询问网络的所有边缘路由器，以分析对应于攻击者包的跟踪的入侵检测日志（203），并且确定是否通过内部边缘路由器搜索入侵跟踪（204）。 如果是，则管理服务器请求对应于入侵跟踪的其他网络的管理服务器来对自边缘路由器进行日志分析（205）。 如果没有搜索入侵跟踪，则管理服务器决定内部网络中存在黑客（208）。

公开(公告)号：KR1020030039731A

公开(公告)日：2003-05-22

申请号：KR1020010070765

申请日：2001-11-14

Applicant: 한국전자통신연구원

Inventor： 이수형 ,  이승민 ,  지정훈 ,  오승희 ,  남택용

IPC: H04L12/22

CPC classification number: H04L63/1466 ,  H04L63/1408 ,  H04L63/1433 ,  H04L2463/146

Abstract: PURPOSE: A method of back-tracking an attacker through session information management applied with code mobility is provided to track a hacker's connection when a direct invasion attack on a host is detected, thereby identifying the host where a hacker substantially exists. CONSTITUTION: A security managing system decides whether an invasion detecting system senses an invasion on a host(510). If so, the system generates a back-tracking sensor(520). The system moves the back-tracking sensor to the invasion-targeted host(530). The back-tracking sensor inquires of a monitoring sensor about previous path information of an attacker(540). The back-tracking sensor receives the previous path information, and decides whether a host exists in a self domain and other domain(550). If so, the system requests a managing server of the other domain to authenticate the back-tracking sensor(560). The back-tracking sensor moves to other host of the other domain(570). The back-tracking sensor inquires of a monitoring sensor mounted on the other host about the next host path, and performs the step '550'(580). If the next host exists in the same domain, the back-tracking sensor informs a security managing server of the host(590).

Abstract translation: 目的：提供通过应用代码移动性的会话信息管理来回溯跟踪攻击者的方法，以便在检测到主机的直接入侵攻击时跟踪黑客的连接，从而识别黑客基本上存在的主机。 规定：安全管理系统决定入侵检测系统是否感测主机上的入侵（510）。 如果是，则系统产生后跟踪传感器（520）。 系统将后跟踪传感器移动到入侵目标主机（530）。 后跟踪传感器向监视传感器询问攻击者的先前路径信息（540）。 后跟踪传感器接收先前的路径信息，并且决定主机是否存在于自身域和其他域中（550）。 如果是，系统请求其他域的管理服务器来认证后跟踪传感器（560）。 后跟踪传感器移动到另一个域的其他主机（570）。 后跟踪传感器询问安装在另一主机上的监视传感器关于下一个主机路径，并执行步骤'550'（580）。 如果下一个主机存在于同一个域中，则后跟踪传感器通知主机的安全管理服务器（590）。

公开(公告)号：KR102152116B1

公开(公告)日：2020-09-07

申请号：KR1020140036984

申请日：2014-03-28

Applicant: 한국전자통신연구원

Inventor： 박제만 ,  이수형 ,  전형국 ,  김경일 ,  김경태 ,  김용연 ,  김원태

IPC: H04L12/28