-
公开(公告)号:KR1020090055669A
公开(公告)日:2009-06-03
申请号:KR1020070122412
申请日:2007-11-29
Applicant: 한국전자통신연구원
IPC: G06F11/00
Abstract: A malware malicious software device for detecting and a method thereof including the execution file analyzer classifying layer and a malware malicious software classification machine detecting one or more malware malicious software are provided to measure the degree of byte distribution similarity of the execution file layer. An execution file analyzer(10) classifies a class according to the filed section of the execution file by analyzing the execution file. The execution file analyzer measures the byte distribution toward the field area of each layer. The malware malicious software classification unit(20) detects one or more malware malicious software based on the byte distribution of the field area.
Abstract translation: 提供用于检测的恶意软件恶意软件设备及其方法,包括执行文件分析器分类层和检测一个或多个恶意软件恶意软件的恶意软件分类机,以测量执行文件层的字节分布相似度。 执行文件分析器(10)通过分析执行文件来分类根据执行文件的归档部分的类。 执行文件分析器测量朝向每层的场区域的字节分布。 恶意软件分类单元(20)根据字段区域的字节分布检测一个或多个恶意软件恶意软件。
-
公开(公告)号:KR1020090052596A
公开(公告)日:2009-05-26
申请号:KR1020070119190
申请日:2007-11-21
Applicant: 한국전자통신연구원
CPC classification number: G06F21/562 , G06F21/56
Abstract: 본 발명은 악성프로그램 탐지 장치 및 그 방법에 관한 것으로, 실행 가능한 파일의 헤더를 분석하여 해당 파일의 악성프로그램 여부를 판단함으로써, 악성프로그램의 빠른 탐지가 가능하고, 알려지지 않은 악성프로그램에 대해서도 악성프로그램 여부를 예측 및 판단할 수 있어, 악성프로그램으로부터 시스템을 보호하고 보안성을 향상시키는 효과가 있다.
악성프로그램, 악성코드, malware, malicious software, virus, 바이러스, 탐지, PE파일-
公开(公告)号:KR1020090002889A
公开(公告)日:2009-01-09
申请号:KR1020070067268
申请日:2007-07-04
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1416 , G06Q10/06
Abstract: A security event sampling device and a method thereof based on the contents of the security event received from a network device are provided to maintain the contents characteristic information of sampled security events before sampling the security event. A security event accumulation module(110) collects a security event generated from a network apparatus. The contents of the collected security event are classified into for each type and stored in each memory of the security event storing part(100). A sampling ratio determining module(120) compares the number of maximum process security events and the number of previously determined average receiving security events. A security event analyzing module(130) analyzes the number of security events and calculates port correlation distribution.
Abstract translation: 提供一种基于从网络设备接收的安全事件的内容的安全事件采样设备及其方法,用于在采样安全事件之前维护采样的安全事件的内容特征信息。 安全事件累积模块(110)收集从网络装置生成的安全事件。 收集的安全事件的内容被分类为每种类型并存储在安全事件存储部分(100)的每个存储器中。 采样比确定模块(120)比较最大过程安全事件的数量和先前确定的平均接收安全事件的数量。 安全事件分析模块(130)分析安全事件的数量并计算端口相关分布。
-
公开(公告)号:KR100850361B1
公开(公告)日:2008-08-04
申请号:KR1020070025033
申请日:2007-03-14
Applicant: 한국전자통신연구원
CPC classification number: H04L43/18 , H04L63/1408 , H04L63/145
Abstract: An executable code detection method and a device thereof are provided to enable a CPU(Central Processing Unit) to decide whether an executable code exists and to verify data related to signature generation or an extracted signature, thereby enabling reliable signature to be extracted. Network data is inputted(S100). The inputted network data is reversely assembled to make instructions(S200). It is compared whether the made instructions are identical with instruction patterns complying with calling mechanism of a function(S300). It is decided whether an executable code exists in the network data according to the compared results(S400). Before reversely assembling the inputted network data, the network data is processed to enable the reverse assembling process.
Abstract translation: 提供了一种可执行代码检测方法及其装置,以使CPU(中央处理单元)能够确定是否存在可执行代码,并且验证与签名生成相关的数据或提取的签名,从而能够提取可靠的签名。 输入网络数据(S100)。 输入的网络数据被反向组装以进行指令(S200)。 比较所作出的指令是否与符合功能的调用机制的指令模式相同(S300)。 根据比较结果确定网络数据中是否存在可执行代码(S400)。 在反向组合输入的网络数据之前,处理网络数据以实现反向组装过程。
-
公开(公告)号:KR1020080051960A
公开(公告)日:2008-06-11
申请号:KR1020060123844
申请日:2006-12-07
Applicant: 한국전자통신연구원
IPC: H04L29/10
CPC classification number: H04L69/321 , H04Q11/0067
Abstract: A gigabit Ethernet line interface apparatus is provided to form many physical link ports through connecting with a network processor in a gigabit Ethernet linecard having a physical link interface and a system interface. A gigabit Ethernet line interface apparatus includes at least two physical link ports(112,116) selectively transmitting after converting inputted at least one gigabit Ethernet optical signal data to an electric signal. The physical link ports outputs after converting inputted at least one electric signal data to a gigabit Ethernet optical signal. At least two system interfaces is connected to a gigabit network processor card with a plurality connection interface to selectively output the electric signal data inputted through the physical link port to the gigabit network processor card. The system interfaces outputs data inputted from the gigabit network processor card through the connection interfaces to the physical link port. A mode setting unit(130) sets a communication channel ratio between the physical link port and the gigabit network processor card.
Abstract translation: 提供千兆以太网线路接口装置,通过与具有物理链路接口和系统接口的千兆以太网线卡中的网络处理器连接来形成许多物理链路端口。 吉比特以太网线路接口装置包括至少两个物理链路端口(112,116),其在将至少一个千兆以太网光信号数据输入到电信号之后有选择地发送。 在将至少一个电信号数据输入到千兆以太网光信号之后,物理链路端口输出。 至少两个系统接口连接到具有多个连接接口的千兆网络处理器卡,以选择性地将通过物理链路端口输入的电信号数据输出到千兆网络处理器卡。 系统接口通过连接接口将从吉比特网络处理器卡输入的数据输出到物理链路端口。 模式设置单元(130)设置物理链路端口和千兆位网络处理器卡之间的通信信道比。
-
Patent Agency Ranking
公开(公告)号:KR1020080050265A
公开(公告)日:2008-06-05
申请号:KR1020070076950
申请日:2007-07-31
Applicant: 한국전자통신연구원
Abstract: An attack pattern processing system and a method for the same are provided to watch various types of malicious traffic by efficiently arranging and storing no-case sensitive attack patterns and case sensitive attack patterns at a limited memory resource, and managing no-case sensitive attack patterns and the case sensitive attack patterns of the same strings on the same memory. An attack pattern processing system includes a memory(53), pattern converters(51,55) converting an attack pattern to be stored at the memory in accordance with a predetermined pattern conversion rule, and a hash function processor(52) obtaining a hash value of the converted attack pattern and storing the converted attack pattern information at an area of the memory corresponding to the obtained hash value. The attack pattern information consists of an attack pattern except a final letter of the attack pattern and information bits. The information bits include at least one of a bit representing whether the stored attack pattern is a no-case sensitive pattern, a bit representing whether the stored attack pattern is a case sensitive pattern, and a bit representing whether the final letter is capital or small.
Abstract translation: 提供了一种攻击格式处理系统及其方法,用于通过在有限的存储器资源上有效地布置和存储不敏感的攻击模式和区分大小写的攻击模式来监视各种恶意流量,并且管理不区分大小写的攻击模式 和同一个内存上相同字符串的区分大小写攻击模式。 攻击模式处理系统包括存储器(53),根据预定模式转换规则转换要存储在存储器中的攻击模式的模式转换器(51,55)以及获得散列值的散列函数处理器(52) 的转换的攻击模式,并将转换的攻击模式信息存储在与所获得的哈希值相对应的存储器的区域。 攻击模式信息由除了攻击模式和信息位的最后一个字母之外的攻击模式组成。 所述信息位包括表示所存储的攻击模式是否为无区分大小写的位中的至少一个,表示所存储的攻击模式是否为区分大小写的模式的位以及表示最终字母是大写还是小的位 。
-
公开(公告)号:KR1020080029687A
公开(公告)日:2008-04-03
申请号:KR1020060096590
申请日:2006-09-29
Applicant: 한국전자통신연구원
CPC classification number: G06F21/602 , G06F21/72 , G06F21/85 , H04L9/08
Abstract: An encryption apparatus of high capacity and speed utilizing a memory unit having an encryption function, and an implementation method thereof are provided to prevent a bottleneck state of a bus by performing the encryption within the memory unit directly. A general memory(110) stores data required to be encrypted according to a requirement of a user application program. An encryption processing memory(120) is inserted into a slot having the same I/O standards to the general memory, performs encryption operations and encryption key control operations independently by an embedded encryption function unit(125) by copying the data as general speed between memory units, and copies the data into the general memory. The encryption function unit is realized in the encryption processing memory unit as a separated chip, and performs encryption operations for the data based on an encryption key assigned according to the encryption key management policy.
Abstract translation: 提供了利用具有加密功能的存储单元的高容量和高速度的加密装置及其实现方法,以通过直接在存储器单元内执行加密来防止总线的瓶颈状态。 通用存储器(110)根据用户应用程序的要求存储要加密的数据。 将加密处理存储器(120)插入到具有相同I / O标准的插槽中,作为一般存储器,通过嵌入式加密功能单元(125)独立地执行加密操作和加密密钥控制操作, 存储单元,并将数据复制到通用存储器中。 加密功能单元作为分离的芯片在加密处理存储器单元中实现,并且基于根据加密密钥管理策略分配的加密密钥对数据执行加密操作。
-
公开(公告)号:KR100819049B1
公开(公告)日:2008-04-02
申请号:KR1020060123413
申请日:2006-12-06
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1416 , H04L43/045
Abstract: An apparatus for analyzing and coping with an intrusion situation and a method for expressing attack detection alarms as an N-dimensional correlation graph are provided to enable a manager to intuitively recognize and cope with an intrusion situation by expressing an attack situation, its stages, and correlated attacks as a two or three-dimensional graph. An apparatus for analyzing and coping with an intrusion situation comprises the first analysis part(107) and the second analysis part(109). The first analysis part collects attack detection alarms from network alarm devices, classifies them, and expresses results as a three-dimensional graph. The second analysis part receives the results, executes vector conversion to project the three-dimensional graph onto a two-dimensional graph, and analyzes the correlations of attacks. The first analysis part comprises an attack detection alarm collection part, a classification part, and an N-dimensional express analysis part. The attack detection alarm collection part collects attack detection alarms. The classification part classifies the collected attack detection alarms according to attack stages and attack situations. The N-dimensional express analysis part outputs each classified attack stage as a three-dimensional graph.
Abstract translation: 提供一种用于分析和应对入侵情况的装置以及用于将攻击检测报警表示为N维关联图的方法,以使管理者能够直观地识别和处理入侵情况,通过表达攻击情况,其阶段和 相关攻击为二维或三维图。 用于分析和处理入侵情况的装置包括第一分析部分(107)和第二分析部分(109)。 第一个分析部分从网络报警装置收集攻击检测报警,对其进行分类,并将结果表示为三维图。 第二分析部分接收结果,执行向量转换,将三维图投影到二维图上,并分析攻击的相关性。 第一分析部分包括攻击检测报警收集部分,分类部分和N维表达分析部分。 攻击检测报警采集部分收集攻击检测报警。 分类部分根据攻击阶段和攻击情况对收集的攻击检测报警进行分类。 N维表达分析部分将每个分类的攻击阶段输出为三维图。
-
69.发明授权
公开(公告)号:KR100753820B1
公开(公告)日:2007-08-31
申请号:KR1020050121236
申请日:2005-12-10
Applicant: 한국전자통신연구원
CPC classification number: H04L9/0844 , H04L9/321 , H04L61/203 , H04L61/6059 , H04L63/0272 , H04L63/062 , H04L63/08 , H04L63/0892 , H04L63/164 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W80/04
Abstract: 모바일 IPv6 이동노드의 초기구동을 지원하기 위해 다이어미터 AAA 인프라를 이용하는 네트워크 시스템이 제공된다. 이 시스템은, 모바일 IPv6 프로토콜을 탑재한 이동노드, 이동노드가 새로운 네트워크에 이동 시 접근하는 수행원, 로컬네트워크에서의 이동노드의 인증/인가/권한검증 처리를 지원하는 AAA로컬서버, 홈 네트워크에서의 이동노드의 인증/인가/권한검증 처리를 지원하며 이동노드의 초기구동 시 초기 설정을 지원하는 AAA홈서버, 및 이동노드와의 바인딩업데이트 및 바인딩확인을 처리하는 홈에이전트를 포함한다. 그러므로, AAA로컬서버에 의해 인증된 이동노드에 대해, AAA홈서버는 그 이동노드의 초기구동을 위한 초기설정을 행할 수 있고, 이러한 초기설정에 기초하여 이동노드와 홈에이전트는 서로 간에 IPSec SA를 분배하고 바인딩업데이트 및 바인딩확인을 수행할 수 있다. 따라서, 본 발명은 모바일 IPv6 초기구동에 있어, 이동노드와 홈에이전트 사이에 안전한 초기구동을 보장할 수 있다.
Mobile IPv6, AAA(Authentication Authorization and Accounting), DIAMETER, Mobile Internet, Wireless Internet, Mobile ComputingAbstract translation: 提供了一种使用直径认证,授权和计费(AAA)基础设施来支持移动互联网协议版本6(IPv6)移动节点的引导的网络系统。 该网络系统包括移动节点,该移动节点配备有移动IPv6,当移动节点向新网络移动时由移动节点接入的话务员;支持本地网络中的移动节点的AAA进程的AAA本地服务器,AAA 家庭服务器,其支持归属网络中的移动节点的AAA进程,并且在移动节点的引导期间支持初始设置,以及处理关于移动节点的绑定更新(BU)和绑定确认(BA)的归属代理。 AAA家庭服务器可以配置由AAA本地服务器认证的移动节点的初始设置,从而可以有效地引导移动节点。 然后,AAA家庭服务器可以将IPsec SA分发到移动节点和归属代理,并且基于初始设置来执行BU和BA。
-
公开(公告)号:KR100744544B1
公开(公告)日:2007-08-01
申请号:KR1020050120994
申请日:2005-12-09
Applicant: 한국전자통신연구원
CPC classification number: H04N7/163 , H04N21/25875 , H04N21/4415 , H04N21/4532 , H04N21/84
Abstract: 본 발명은 모바일 RFID 환경에서의 성인 인증 시스템 및 그 방법에 관한 것으로, 보다 상세하게는 개인정보보호 기능이 강화된 성인 인증 시스템 및 그 방법에 관한 것이다.
본 명세서에서 개시하는 모바일 RFID 환경에서의 성인 인증 시스템은 RFID 태그, 사용자 단말, 성인 인증 요청 처리기, 그리고 CP(Contents Provider)로 구성되며, 성인 컨텐츠의 RFID 태그에 기록된 성인인증 등급 정보를 독출하는 등급 정보 독출부; 상기 독출된 등급 정보의 최종 등급을 결정하는 성인인증 등급 결정부; 및 상기 결정된 최종 등급과 상기 단말 사용자의 연령을 근거로 상기 최종 등급에 해당하는 성인 컨텐츠를 상기 단말의 사용자에게 제공해도 되는지의 여부를 판단하는 서비스 등급 인증 유효성 검사부를 포함하여 본 발명의 기술적 사상을 구체화하고 본 발명의 목적 및 기술적 과제를 달성한다.
-
-
-
-
-
-
-
-
-
Search Results
334
records
(took 0.031 seconds)
