-
公开(公告)号:KR1020120037865A
公开(公告)日:2012-04-20
申请号:KR1020110023392
申请日:2011-03-16
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1425 , H04L63/20
Abstract: PURPOSE: An abnormal host detecting device based on session monitoring and a method thereof are provided to detect a host and a process and to update a harmful process and a host list according to a detection result. CONSTITUTION: A host information collecting unit(102) collects host information. A network traffic monitoring unit(106) collects network traffic information. An analyzing unit(104) analyzes a correlation by comparing a host entropy with network traffic information. A detecting unit(108) updates a black list which stores a harmful host list.
Abstract translation: 目的:提供一种基于会话监控的异常主机检测装置及其方法,用于根据检测结果检测主机和进程,并更新有害进程和主机列表。 构成:主机信息收集单元(102)收集主机信息。 网络流量监控单元(106)收集网络流量信息。 分析单元(104)通过将主机熵与网络交通信息进行比较来分析相关性。 检测单元(108)更新存储有害主机列表的黑名单。
-
公开(公告)号:KR1020110048351A
公开(公告)日:2011-05-11
申请号:KR1020090105114
申请日:2009-11-02
Applicant: 한국전자통신연구원
IPC: G06T15/00
CPC classification number: G06T7/70 , G06T17/10 , G06T2219/2004
Abstract: PURPOSE: A method and apparatus for displaying an actual location of a device in a building are provided to easily find a location where an event is generated. CONSTITUTION: A device is arranged within a building. A device location extraction unit(130) calculates the location of the device using a representative coordinates of the 3D building. An event receiving unit(110) receives an event from the device. An event display unit(140) indicates the location of the device in the building to a screen.
Abstract translation: 目的:提供用于在建筑物中显示设备的实际位置的方法和装置,以容易地找到生成事件的位置。 规定:设备安排在建筑物内。 设备位置提取单元(130)使用3D建筑物的代表坐标来计算设备的位置。 事件接收单元(110)从设备接收事件。 事件显示单元(140)将建筑物中的设备的位置指示到屏幕。
-
公开(公告)号:KR101003094B1
公开(公告)日:2010-12-21
申请号:KR1020080100299
申请日:2008-10-13
Applicant: 한국전자통신연구원
Abstract: 본 발명은 도메인 상호간의 협력체계에 의존하지 않고도 해킹을 시도하는 공격자의 위치를 추적하는 스파이 봇 에이전트를 이용한 네트워크 공격 위치 추적 방법, 및 시스템에 관한 것이다. 이를 위해 본 발명은, 호스트 스캐닝을 통해 해킹에 취약한 포트가 오픈 된 위험 호스트를 적어도 하나 검출하는 역추적 서버, 및 검출된 각 위험 호스트로 스파이 봇 에이전트를 전송하여 설치하며, 설치된 스파이 봇 에이전트를 통해 각 위험 호스트를 출입하는 패킷의 패킷정보를 획득하는 스파이 봇 관리 서버를 포함하며, 역추적 서버는, 각 위험 호스트를 통해 획득된 패킷정보를 참조하여 위험 호스트들을 경유하는 해킹 코드의 출발지점을 역 추적한다.
도메인, 호스트, 역추적, 스파이 봇 에이전트, 패킷-
公开(公告)号:KR1020100073125A
公开(公告)日:2010-07-01
申请号:KR1020080131716
申请日:2008-12-22
Applicant: 한국전자통신연구원
CPC classification number: H04W12/12 , H04L63/1416
Abstract: PURPOSE: A security status monitoring device in a mobile network is provided to analyze the correlation of RF signal information and security event information, thereby offering in order to indicate while mapping the RF signal information and security event information. CONSTITUTION: An RF signal collectors(112,114) collect one or more RF signal information. A security event collectors(120,130) collect security event information including one or more information among traffic information and alarm information. A security event information mapping unit(106) analyzes the correlation of the collected RF signal information and the security event information. The security event information mapping unit maps the RF signal information and the security event information. A security event information display unit(108) indicates the mapped security event information.
Abstract translation: 目的:提供移动网络中的安全状态监控设备,以分析RF信号信息和安全事件信息的相关性,从而提供用于在映射RF信号信息和安全事件信息的同时进行指示。 构成:RF信号收集器(112,114)收集一个或多个RF信号信息。 安全事件收集器(120,130)收集包括交通信息和报警信息中的一个或多个信息的安全事件信息。 安全事件信息映射部(106)分析所收集的RF信号信息与安全事件信息的相关性。 安全事件信息映射单元映射RF信号信息和安全事件信息。 安全事件信息显示单元(108)指示映射的安全事件信息。
-
公开(公告)号:KR1020100057352A
公开(公告)日:2010-05-31
申请号:KR1020080116357
申请日:2008-11-21
Applicant: 한국전자통신연구원
Abstract: PURPOSE: A method for authenticating a user terminal and a method for detecting IP spoofing using a web server are provided to verify the IP spoofing by matching an IP address from the origin of a packet and an IP address of a user which is transferred during an authentication process. CONSTITUTION: If a user terminal requires an authentication using an ID and a password, a web server transmits and installs an authentication module to the user terminal. The web server obtains the real IP information of the user terminal through the authentication module. The real IP information is compared to the IP information from the user terminal. The IP spoofing is verified based on the comparison result.
Abstract translation: 目的:提供一种用于认证用户终端的方法和使用Web服务器检测IP欺骗的方法,以通过匹配来自分组的来源的IP地址和在一个分组中传送的用户的IP地址来验证IP欺骗 认证过程。 规定:如果用户终端需要使用ID和密码进行身份验证,则Web服务器将身份验证模块发送并安装到用户终端。 Web服务器通过认证模块获取用户终端的真实IP信息。 将真实IP信息与来自用户终端的IP信息进行比较。 基于比较结果验证IP欺骗。
-
Patent Agency Ranking
公开(公告)号:KR1020100013177A
公开(公告)日:2010-02-09
申请号:KR1020080074727
申请日:2008-07-30
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L67/22 , H04L63/0281 , H04L63/1441 , H04L67/2857
Abstract: PURPOSE: A web based trace back system and a method using a reverse caching proxy are provided to grasp the real network information and location of a user who has penetrated an anonymous proxy server. CONSTITUTION: A reverse caching proxy server(110) determines the usage of the anonymous server of the client(10). A web tracking server(120) creates a response page with a HTTP(Hypertext Transfer Protocol) packet. The web tracking server annexes a tracking signal to the response page. The web tracking server offers the response page through the reverse caching proxy server to a client. The network information of the client is determined by a tracking signal to the web tracking server.
Abstract translation: 目的:提供基于Web的跟踪回溯系统和使用反向缓存代理的方法来掌握已经渗透到匿名代理服务器的用户的真实网络信息和位置。 构成:反向缓存代理服务器(110)确定客户机(10)的匿名服务器的使用。 网页跟踪服务器(120)创建具有HTTP(超文本传输协议)分组的响应页面。 网络跟踪服务器将跟踪信号附加到响应页面。 Web跟踪服务器通过反向缓存代理服务器向客户端提供响应页面。 客户端的网络信息由跟踪服务器的跟踪信号确定。
-
公开(公告)号:KR1020090002889A
公开(公告)日:2009-01-09
申请号:KR1020070067268
申请日:2007-07-04
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1416 , G06Q10/06
Abstract: A security event sampling device and a method thereof based on the contents of the security event received from a network device are provided to maintain the contents characteristic information of sampled security events before sampling the security event. A security event accumulation module(110) collects a security event generated from a network apparatus. The contents of the collected security event are classified into for each type and stored in each memory of the security event storing part(100). A sampling ratio determining module(120) compares the number of maximum process security events and the number of previously determined average receiving security events. A security event analyzing module(130) analyzes the number of security events and calculates port correlation distribution.
Abstract translation: 提供一种基于从网络设备接收的安全事件的内容的安全事件采样设备及其方法,用于在采样安全事件之前维护采样的安全事件的内容特征信息。 安全事件累积模块(110)收集从网络装置生成的安全事件。 收集的安全事件的内容被分类为每种类型并存储在安全事件存储部分(100)的每个存储器中。 采样比确定模块(120)比较最大过程安全事件的数量和先前确定的平均接收安全事件的数量。 安全事件分析模块(130)分析安全事件的数量并计算端口相关分布。
-
公开(公告)号:KR100656369B1
公开(公告)日:2007-02-28
申请号:KR1020050116587
申请日:2005-12-01
Applicant: 한국전자통신연구원
Abstract: An apparatus for displaying a network state by using a flow-n-rectangular and a method thereof are provided to determine an abnormal state of the network which degrades its performance and to detect harmful or abnormal traffic causing the abnormal state of the network by using simple data which can show abnormal features of the traffic like flow rates of each port section in accordance with connected time, octet rates, or packet rates. An apparatus for displaying a network state by using a flow-n-rectangular comprises a traffic feature extractor(110), a traffic state displayer(120) and a traffic abnormality checker(130). The traffic feature extractor(110) calculates an occupation rate in accordance with traffic features generated according to a certain reference port and time by referring to traffic information collected by an external traffic information collector, and stores the calculated result. The traffic state displayer(120) expresses an abnormal state of the current network through one and more regular tetragons displayed by using the occupation rate in accordance with traffic features of a port under a reference port, a port over the reference port, a flow over a reference time, and a flow under the reference time on an occupation rate coordinate plane by referring to the calculated result stored in the traffic feature extractor(110). The traffic abnormality checker(130) determines an abnormal state of the network according to the position or size of a regular tetragon drawn on the occupation rate coordinate plane, detects and reports the type of an abnormal state and harmful or abnormal traffic if the abnormal state occurs.
Abstract translation: 提供了一种通过使用流式矩形显示网络状态的设备及其方法,以确定网络的异常状态,从而降低其性能,并通过使用简单的方法来检测引起网络异常状态的有害或异常业务量 根据连接时间,八位字节速率或分组速率,可以显示诸如每个端口部分的流量的流量的异常特征的数据。 本发明公开了一种利用流量矩形显示网络状态的装置,包括:流量特征提取器,流量状态显示器和流量异常检查器。 交通特征提取器(110)通过参考由外部交通信息收集器收集的交通信息来根据根据特定参考端口和时间生成的交通特征来计算占用率,并存储计算结果。 业务状态显示器(120)通过根据参考端口下的端口,参考端口上的端口,参考端口上的端口的流量特征使用占用率显示的一个或多个正常四边形表示当前网络的异常状态 参考时间和在参考时间下的流量,通过参考存储在交通特征提取器(110)中的计算结果,在占用率坐标平面上进行。 业务异常检查器(130)根据在占用率坐标平面上绘制的正常四边形的位置或大小来确定网络的异常状态,如果异常状态检测并报告异常状态的类型和有害或异常业务 发生。
-
公开(公告)号:KR100656352B1
公开(公告)日:2006-12-11
申请号:KR1020050087024
申请日:2005-09-16
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: A method for displaying event information related to network security is provided to enable a user to visually analyze change of a quantity and connectivity of events of a specific attribute among the events related to the network security, and intuitively recognize a current security situation. The network-related events generated in a managed domain of the network are collected(110). Information including a generation quantity of each application port, the connectivity between a source and destination address, a source and destination address, and an event type to be expressed as a graphic is extracted from the collected event(151,161). The extracted information is displayed as the graphic according to the source and destination address, and interconnectivity among the event types(152,162). An abnormal security state of the managed domain is determined according to a pattern of the displayed graph(170).
Abstract translation: 提供了一种显示与网络安全相关的事件信息的方法,使用户能够直观地分析与网络安全相关的事件中特定属性事件的数量和连通性的变化,直观地识别当前的安全状况。 收集在网络的受管理域中生成的与网络有关的事件(110)。 从所收集的事件(151,161)中提取包括每个应用端口的产生量,源和目的地地址之间的连通性,源和目的地地址以及将被表达为图形的事件类型的信息。 提取的信息根据源地址和目的地址以及事件类型之间的互连性显示为图形(152,162)。 根据所显示的图形的模式来确定管理域的异常安全状态(170)。
-
-
-
-
-
-
-
-
-
Search Results
82
records
(took 0.029 seconds)
