-
公开(公告)号:KR100544674B1
公开(公告)日:2006-01-23
申请号:KR1020030079581
申请日:2003-11-11
Applicant: 한국전자통신연구원
IPC: G06F15/00
CPC classification number: H04L63/0263 , G06F21/55 , H04L63/1416 , H04L63/1441
Abstract: 1. 청구범위에 기재된 발명이 속하는 기술분야
본 발명은, 커널 기반의 침입탐지시스템에서의 침입탐지규칙 동적 변경 방법 에 관한 것임.
2. 발명이 해결하려고 하는 기술적 과제
본 발명은, 커널 내에서 침입탐지 과정에 이용되는 침입탐지규칙의 복사본을 동적으로 관리하여, 사용자(User) 영역으로부터의 침입탐지규칙 변경 요청에 따라 먼저 상기 복사본에 대하여 변경 작업을 수행한 후, 현재 적용중인 침입탐지규칙과 교체(포인터 교환)함으로써, 침입탐지규칙의 변경시에도 침입탐지 과정의 연속성을 보장하기 위한, 커널 기반의 침입탐지시스템에서의 침입탐지규칙 동적 변경 방법을 제공하는데 그 목적이 있음.
3. 발명의 해결 방법의 요지
본 발명은, 커널 기반의 침입탐지시스템에서의 침입탐지규칙 동적 관리 방법에 있어서, 커널 영역에서 침입탐지규칙의 복사본을 생성하는 제 1 단계; 사용자 영역으로부터의 침입탐지규칙의 변경 요청에 따라 상기 침입탐지규칙의 복사본을 변경하는 제 2 단계; 및 상기 침입탐지규칙을 가리키는 포인터의 값과 상기 변경된 침입탐지규칙의 복사본을 가리키는 포인터의 값을 서로 교환하여 현재 적용중인 침입탐지규칙을 변경하는 제 3 단계를 포함함.
4. 발명의 중요한 용도
본 발명은 침입탐지시스템 등에 이용됨.
침입탐지시스템, 커널 기반, 침입탐지규칙 동적 변경, 전역변수, 복사본-
公开(公告)号:KR1020050061745A
公开(公告)日:2005-06-23
申请号:KR1020030093100
申请日:2003-12-18
Applicant: 한국전자통신연구원
IPC: H04L12/24
CPC classification number: H04L63/1408 , H04L63/1441
Abstract: 네트워크 공격상황 분석방법이 개시된다. 네트워크 침입탐지 경보를 소정의 네트워크 공격상황으로 분류하고 타임슬롯 기반의 카운팅 알고리즘을 이용하여 각각의 네트워크 공격상황의 발생빈도를 카운팅한 후, 발생빈도, 네트워크 침입탐지 경보의 발생빈도에 대한 각각의 네트워크 공격상황의 발생빈도의 비율 또는 발생빈도와 비율의 AND/OR 조합을 기초로 네트워크 공격상황을 분석한다. 이로써, 네트워크의 규모나 침입탐지 경보의 발생량에 비교적 영향을 받지 않고 네트워크 공격 상황을 실시간으로 정확하게 탐지할 수 있다.
-
83.发明授权
公开(公告)号:KR100468232B1
公开(公告)日:2005-01-26
申请号:KR1020020008654
申请日:2002-02-19
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/1425 , G06F21/552 , H04L2463/146
Abstract: Disclosed is a network-based attack tracing system and method using a distributed attack detection agent and manager system that can detect and trace an attack path of a hacker in real time on the whole network using distributed network-based attack detection agent, request manager, and reply manager. The agent detects an attack using a network-based intrusion detection system (NIDS), analyzes an alarm log that is judged to be the attack, changes the analyzed alarm log into attack information, and transmits the attack information to the request manager. The request manager performs a search of an attack IP based on the attack information received from the agent, stores a result of search in a tree structure, and if a final search is completed, extracts a hacking path using a binary search tree (BST) algorithm. The reply manager searches an alarm log DB located in the agent of its own network in response to the attack information search request from the request manager, and transmits a result of search to the request manager. The system and method can use the detection function of the existing NIDS at maximum, control unnecessary tracing requests during the process of judging many alarm logs as the attack logs, and broaden its application range in case of the authenticated network.
Abstract translation: 公开了一种使用分布式攻击检测代理和管理器系统的基于网络的攻击跟踪系统和方法,该系统和方法能够使用基于分布式网络的攻击检测代理,请求管理器来实时在整个网络上检测和跟踪黑客的攻击路径, 和回复经理。 代理使用基于网络的入侵检测系统(NIDS)检测攻击,分析被判定为攻击的警报日志,将分析的警报日志更改为攻击信息,并将攻击信息发送给请求管理器。 请求管理器基于从代理接收的攻击信息执行攻击IP的搜索,将搜索结果存储在树结构中,并且如果最终搜索完成,则使用二叉搜索树(BST)提取黑客路径, 算法。 响应管理器响应于来自请求管理器的攻击信息搜索请求,搜索位于其自己网络的代理中的警报日志DB,并将搜索结果发送给请求管理器。 该系统和方法可以最大限度地利用现有NIDS的检测功能,在将多个告警日志判断为攻击日志的过程中控制不必要的跟踪请求,并且在认证网络的情况下扩大其应用范围。
-
公开(公告)号:KR100460843B1
公开(公告)日:2004-12-09
申请号:KR1020030012352
申请日:2003-02-27
Applicant: 한국전자통신연구원
IPC: H04N7/167
CPC classification number: G09C5/00
Abstract: Provided are an apparatus and method for cryptographing and/or deciphering an image. The apparatus includes an image segmenting unit, a random image generating unit, a cryptographing unit, and a phase card generating unit. The image segmenting unit segments an input binary image into images. The random image generating unit generates as many random images as the segmented images. The cryptographing unit performs XOR operations on the segmented images and the random images on a one-to-one basis to produce as many cryptographed images as the segmented images. The phase card generating unit assigns phase values of pi and 0 to black and white pixels of the cryptographed images to generate phase cards corresponding to the cryptographed images.
Abstract translation: 提供了一种用于对图像进行加密和/或解密的装置和方法。 该装置包括图像分割单元,随机图像生成单元,加密单元和相位卡生成单元。 图像分割单元将输入的二值图像分割成图像。 随机图像生成单元生成与分割图像一样多的随机图像。 加密单元以一对一的方式对分割图像和随机图像执行异或运算以产生与分割图像一样多的密码图像。 阶段卡生成单元将pi和0的相位值分配给密码图像的黑白像素以生成对应于密码图像的相位卡。
-
公开(公告)号:KR100458516B1
公开(公告)日:2004-12-03
申请号:KR1020010086482
申请日:2001-12-28
Applicant: 한국전자통신연구원
Abstract: The invention relates to an apparatus and method for detecting an illegitimate change of web resources, which is capable of detecting whether or not HTML, XHTML and XML documents, general text documents, binary data of graphic files linked to HTML document and the like are illegitimately changed using XML digital signature and XML encryption when inquiring corresponding web page. It is characteristic of the present invention to confirm in real time whether or not the web page is illegitimately changed by inserting an illegitimate change detecting information into the web page by a web server administrator and executing corresponding web page through a web browser by a user.
Abstract translation: 本发明涉及用于检测网络资源的非法改变的设备和方法,其能够检测HTML,XHTML和XML文档,一般文本文档,链接到HTML文档等的图形文件的二进制数据是否被非法地 查询相应的网页时,使用XML数字签名和XML加密进行更改。 本发明的特征在于通过网络服务器管理员将非法改变检测信息插入到网页中并通过用户通过网络浏览器执行相应的网页来实时确认网页是否被非法改变。
-
Patent Agency Ranking
公开(公告)号:KR100445422B1
公开(公告)日:2004-08-25
申请号:KR1020010072224
申请日:2001-11-20
Applicant: 한국전자통신연구원
IPC: H04L29/08
Abstract: PURPOSE: A method for setting up transport security layer using a TLS(Transport Layer Security) in a diameter-based AAA system is provided to build an efficient and stable system by managing efficiently a time for TLS connection process and a computing resource. CONSTITUTION: A connection setup message of a transport layer is requested to the opposite party through a network in order to start a communication process(S41,S42). The connection setup message is processed by the opposite party(S43,S44). A response message is received from the opposite party(S45,S46). A CER(Capabilities-Exchange-Request) message is transmitted to the opposite party after the response message is received from the opposite party(S47,S48). The CER message is processed and an outgoing connection is released by performing a selection processor(S49,S50). A TLS handshake protocol is operated if a CEA(Capabilities-Exchange-Answer) message is received from the opposite party(S51-S53).
Abstract translation: 目的:提供一种在基于直径的AAA系统中使用TLS(传输层安全性)建立传输安全层的方法,通过有效地管理TLS连接过程和计算资源的时间来构建高效稳定的系统。 构成:通过网络向对方请求传输层的连接建立消息,以便开始通信过程(S41,S42)。 连接建立消息由对方处理(S43,S44)。 从对方接收响应消息(S45,S46)。 在从对方接收到响应消息之后,CER(Capabilities-Exchange-Request)消息被发送到对方(S47,S48)。 通过执行选择处理器来处理CER消息并释放传出连接(S49,S50)。 如果从对方接收到CEA(能力 - 交换 - 应答)消息,则操作TLS握手协议(S51-S53)。
-
公开(公告)号:KR100427449B1
公开(公告)日:2004-04-14
申请号:KR1020010079179
申请日:2001-12-14
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/0227 , G06F21/55 , H04L63/0263 , H04L63/1416
Abstract: An intrusion detection method by adaptive rule estimation in a network-based intrusion detection system (NDS) is disclosed. The method includes collecting a packet on a network and searching for an original rule most similar to the collected packet from a rule database in which a rule for intrusion detection is stored, and judging whether a hacker intrudes by estimating a changed position of the collected packet from the original rule. Accordingly, it is possible to prevent an indirect attack of a hacker using a packet whose number of bits is changed due to deletion/insertion of characters from/into the packet.
Abstract translation: 公开了基于网络的入侵检测系统(NDS)中的自适应规则估计的入侵检测方法。 该方法包括收集网络上的分组并且从其中存储入侵检测规则的规则数据库中搜索与收集到的分组最为相似的原始规则,并且通过估计收集到的分组的改变的位置来判断黑客是否入侵 从原来的规则。 因此,可以防止使用由于从分组中删除/插入字符而改变了比特数的分组的黑客的间接攻击。
-
公开(公告)号:KR1020030046581A
公开(公告)日:2003-06-18
申请号:KR1020010076442
申请日:2001-12-05
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: G06F21/566 , G06F9/544 , G06F21/50 , G06F21/57
Abstract: PURPOSE: A real time buffer overflow hacking detecting method is provided to detect and prevent a buffer overflow hacking attempt to a system by analyzing a system call generation position on a real time basis and detecting an unknown hacking form. CONSTITUTION: It is judged whether a system call paging has occurred(S401). If the system call paging has occurred, a system call generation address is extracted(S402). The extracted address is compared to a normal process memory region(S403). It is judged whether the system call paging has occurred in a stack region of a memory(S404). If the system call paging has occurred in the stack region of the memory, the system call paging is compared with a system call list(S405), to judge whether it is on the system call list(S406). If the system call paging has not occurred in the stack region of the memory, the system call is normally processed(S407). If the system call is on the system call list, a corresponding process is stopped and an alarm is provided to a system manager(S408).
Abstract translation: 目的:提供实时缓冲区溢出黑客检测方法,通过实时分析系统呼叫生成位置和检测未知的黑客攻击形式来检测和防止对系统的缓冲区溢出黑客攻击。 构成:判断是否发生了系统呼叫寻呼(S401)。 如果发生系统呼叫寻呼,则提取系统呼叫生成地址(S402)。 提取的地址与正常的处理存储器区域进行比较(S403)。 判断是否在存储器的堆栈区域中发生了系统呼叫寻呼(S404)。 如果在存储器的堆栈区域中发生了系统呼叫寻呼,则将系统呼叫寻呼与系统呼叫列表进行比较(S405),以判断其是否在系统呼叫列表上(S406)。 如果在存储器的堆栈区域没有发生系统呼叫寻呼,则通常对系统调用进行处理(S407)。 如果系统呼叫在系统呼叫列表上,则相应的进程停止并向系统管理器提供警报(S408)。
-
公开(公告)号:KR100388061B1
公开(公告)日:2003-06-18
申请号:KR1020010003223
申请日:2001-01-19
Applicant: 한국전자통신연구원
IPC: G06K1/12
CPC classification number: G06K7/1473 , B07C3/10 , G06K7/14 , G06K19/063 , G07B2017/00588 , G07B2017/00717
Abstract: A 4-state bar code printing and reading system for use in physical distribution-related services such as mail pieces, receptacles, reception and management forms or the like, and a method for controlling the system are disclosed. The 4-state bar code printing system comprises a bar code information acquiring section for acquiring, storing and determining a mail piece sorting information; an information recorded density enhancing section for evaluating a value of a character, by using of a compression method depending upon a type of the information and digit, which are determined by the bar code information acquiring section; an input information encoding section for arranging the values of the bars produced by the information recorded density enhancing section in order of values of bars of the 4-state bar code, and dividing the values into groups each consisting of 3 bars; an error correcting codeword producing section for producing an error correcting codeword based on the result of the information encoding section the input value of an error correcting level; and a print frame producing section for arranging the error correcting codeword produced from the error correcting codeword producing section and the data produced from the information recorded density improving section in order of a start bar, a data, an error correcting codeword, and a stop bar, to print a 4-state bar code print font on a mail piece.
Abstract translation: 公开了用于诸如邮件,容器,接收和管理形式等物理分配相关服务的4状态条形码打印和读取系统,以及用于控制该系统的方法。 该4状态条形码打印系统包括用于获取,存储和确定邮件分拣信息的条形码信息获取部分; 信息记录密度增强部分,用于通过根据由条形码信息获取部分确定的信息和数字的类型的压缩方法来评估字符的值; 输入信息编码部分,用于按照4状态条形码的值的顺序排列由信息记录密度增强部分产生的条的值,并将这些值分成每个包括3个条的组; 纠错码字产生部分,用于根据信息编码部分的结果产生纠错码字;纠错电平的输入值; 以及打印帧产生部分,用于按照开始条,数据,纠错码字和停止条的顺序排列从错误校正码字产生部分产生的错误校正码字和从信息记录密度改善部分产生的数据 ,在邮件上打印4状态条码打印字体。
-
公开(公告)号:KR1020030040601A
公开(公告)日:2003-05-23
申请号:KR1020010070946
申请日:2001-11-15
Applicant: 한국전자통신연구원
IPC: H04L12/66
CPC classification number: H04L63/0272 , H04L63/0442 , H04L63/0869 , H04L63/0892 , H04L67/04 , H04W80/00 , H04W80/04 , Y10S707/99942 , Y10S707/99943 , Y10S707/99944
Abstract: PURPOSE: An accessing method between wireless Internet networks is provided to design and apply an application scenario based on a wireless Internet gateway of a home network, thereby enabling all mobile communication providers to freely select wireless Internet portal sites to receive services. CONSTITUTION: A wireless channel is requested and a packet network is set up(S101). A wireless network decides whether a subscriber accesses the wireless network(S102). If so, the wireless network performs authentication and accesses a WAP gateway to receive an access menu(S103). An AAA(Authentication, Authorization, Accounting) server is requested to access a WAP gateway of an external wireless Internet network(S104). The AAA server performs registration authentication including negotiation procedures and registration authentication of the subscriber(S105). The AAA server requests the WAP gateway of the external network to transmit a service(S106). The WAP gateway performs an authentication procedure(S107). When the authentication procedure is completed(S108), the AAA server negotiates an accounting method between a home network and the external network, permits network access, and receives a service portal menu, then supplies the service(S109).
Abstract translation: 目的:提供无线因特网网络之间的访问方法,以设计和应用基于家庭网络的无线因特网网关的应用场景,从而使所有移动通信提供商能够自由地选择无线因特网门户网站来接收服务。 构成:请求无线信道,建立分组网络(S101)。 无线网络决定用户是否接入无线网络(S102)。 如果是,则无线网络执行认证并访问WAP网关以接收访问菜单(S103)。 请求AAA(认证,授权,计费)服务器访问外部无线因特网的WAP网关(S104)。 AAA服务器执行包括用户的协商过程和注册认证的注册认证(S105)。 AAA服务器请求外部网络的WAP网关发送业务(S106)。 WAP网关执行认证过程(S107)。 当认证过程完成(S108)时,AAA服务器协商家庭网络和外部网络之间的计费方法,允许网络接入,并接收服务门户菜单,然后提供服务(S109)。
-
-
-
-
-
-
-
-
-
Search Results
143
records
(took 0.028 seconds)
