-
公开(公告)号:KR100398044B1
公开(公告)日:2003-09-19
申请号:KR1020010080475
申请日:2001-12-18
Applicant: 한국전자통신연구원
IPC: G06F15/16
Abstract: PURPOSE: A method for detecting a pernicious java applet in a proxy server is provided to prevent a damage caused by a pernicious java applet and to monitor the pernicious java applet without increasing a load of a proxy server. CONSTITUTION: A signature verification is executed with respect to a class file entered in a proxy server(20). A hashing of the class file is executed(22). If a method to be substituted exists(24), the method is substituted(26). In the case that a code for a monitoring is inserted into the substituted method, a monitoring package is inserted in accordance with a set security policy(30). A monitoring code insertion unit discriminates a pernicious code by morning a code transfer or the amount of resources. A new code, which is inserted monitoring code, is signed again(28), and the new code is transmitted to a client(40).
Abstract translation: 目的:提供一种用于在代理服务器中检测有害java小程序的方法,以防止由有害java小程序造成的损害并监视有害Java小程序而不增加代理服务器的负载。 组成:对代理服务器(20)中输入的类文件执行签名验证。 类文件的散列被执行(22)。 如果存在要被替换的方法(24),则该方法被替换(26)。 在用于监视的代码插入替换方法的情况下,根据设置的安全策略插入监视包(30)。 监视代码插入单元在早上通过代码转移或资源量来区分有害代码。 插入监视代码的新代码再次被签名(28),并且新代码被发送到客户端(40)。
-
公开(公告)号:KR100755000B1
公开(公告)日:2007-09-04
申请号:KR1020060030200
申请日:2006-04-03
Applicant: 한국전자통신연구원
Abstract: 본 발명은 보안 위험 관리 시스템 및 방법에 관한 것으로서, 위험 관리 평가 프로세스 단계내에 정성적 위험도 산정 후 피해 영향 및 수준을 산정하는 부분을 포함시키고 보호대책이 수립 되었을 때와 안 되었을 때, 혹은 서로 상이한 보호대책을 선정하였을 때를 비교하여 최적의 위험 감소 결과를 보이는 최적의 솔루션을 선택할 수 있도록 한다. 이러한 일련의 프로세스가 프로젝트 관리 절차에 따라 진행되고 각 프로세스마다 역할이 주어져서 하나의 도구로써 개발되고 이 도구를 사용하게 되는 경우 기존에 수기식에 의한 방법보다 평가 기간을 단축시키면서 기존의 위험 관리 결과를 자동화할 수 있게 되는 것이다. 또한, 본 발명에서는 여러 평가자들에 의해 수행되는 위험분석시 평가자들 간의 온라인으로 정보를 검색하고 타 평가자의 의견을 사전에 검토하여 혼자 잘못된 평가를 내리는 것을 최소화할 수 있도록 시스템화한다. 이를 위해, 본 발명에서는 상위 위험분석 모델 하위 위험분석 모델, 피해 산정 모델, 위험 관리 엔진서버, 설문 서버, 위험도 산정 알고리즘, 피해 산정 알고리즘, 그리고 각 데이터베이스 목록에 대한 데이터베이스 스키마가 포함된다.
정보 보안 위험 관리, 자산분석, 위협분석, 취약성분석, 위험도 계산, 피해산정-
公开(公告)号:KR100516915B1
公开(公告)日:2005-09-26
申请号:KR1020020061668
申请日:2002-10-10
Applicant: 한국전자통신연구원
IPC: H04L7/00
Abstract: 본 발명은 다중 프레임 동기이탈 검출 장치 및 방법에 관한 것으로, 제 1 입력단자를 통해 입력된 클럭을 각각의 프레임 구조에 적합하게 분주하는 다중 프레임 클럭 생성부와, 데이터 열 조정부로부터 입력된 데이터 열에서 다중 프레임 클럭 생성부로부터 입력된 분주된 클럭에 동기된 프레임 동기 정보를 검출하는 다중 FAS 검출부와, 프레임 동기 정보를 미리 정의된 FAS 패턴과 비교하여 일치 여부를 판단하는 동기 이탈 판단부와, 동기 이탈 판단부로부터 불일치 신호를 입력받으면 데이터 열의 순서 제어 카운터를 증가시키고, 일치 신호를 입력받으면 카운터를 고정하는 데이터 열 순서 제어부와, 데이터 열 순서 제어부로부터 제어신호를 입력받아 제 2 입력단자를 통해 입력된 데이터 열을 조정하는 데이터 열 조정부 및 동기 이탈 판단부로부터 입� ��된 불일치 신호의 횟수가 기준값을 초과하면 동기 이탈로 판정하는 동기 이탈 검출부를 포함한다. 따라서, 전송 속도가 적용 범위에 따라 다를 수 있는 링크형 장비의 전송 구간에서 동기 이탈을 검출해야만 하는 통신 시스템에서 모든 전송속도에 대해 동기 이탈을 검출할 수 있는 효과가 있다.
-
公开(公告)号:KR1020040002103A
公开(公告)日:2004-01-07
申请号:KR1020020037468
申请日:2002-06-29
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: A system and a method for detecting intrusion using a hybrid neural network are provided to detect the intrusion including an unknown intrusion pattern and to process the intrusion in real-time. CONSTITUTION: A packet collector(110) collects a packet existed on the network. A packet preprocessor(120) patterns the collected packet through a preprocessing process in order to use the packet collected through the packet collector as an input value of the neural network. An intrusion detection pattern learning part(210) learns the patterned packet by receiving the patterned packet from the packet preprocessor and using the clustering neuron network, and clusters the intrusion detection pattern by using a data distribution and a frequency. An intrusion detection judging part(220) receives a clustering result value and the connection level information of the patterned packet, learns the intrusion detection judgment through the result value and the connection level information by using the learning neuron network, and detects the intrusion.
Abstract translation: 目的:提供一种使用混合神经网络检测入侵的系统和方法,用于检测包括未知入侵模式的入侵,并实时处理入侵。 构成:数据包收集器(110)收集网络上存在的数据包。 分组预处理器(120)通过预处理过程对收集的分组进行模式化,以便将通过分组收集器收集的分组用作神经网络的输入值。 入侵检测模式学习部分(210)通过从分组预处理器接收图案化分组并使用聚类神经元网络来学习图案化分组,并且通过使用数据分布和频率来聚类入侵检测模式。 入侵检测判断部分(220)接收聚类结果值和图案化分组的连接级信息,通过使用学习神经元网络通过结果值和连接级别信息学习入侵检测判断,并检测入侵。
-
公开(公告)号:KR101189441B1
公开(公告)日:2012-10-12
申请号:KR1020110036326
申请日:2011-04-19
Applicant: 한국전자통신연구원
Abstract: PURPOSE: A portable system diagnosis information managing apparatus and a method thereof are provided to perform information management in real time and to manage diagnosis information by using a file name related to location information. CONSTITUTION: A receiving unit(210) receives location information of a diagnosis target system. A mapping table(220) includes local information corresponding to location information. An obtaining unit(230) obtains diagnosis information of the diagnosis target system through a local communication channel. A managing unit(240) generates a file name including local information. An encoding unit(250) encodes the diagnosis information. The encoding unit transmits an encoding result to a center management server. [Reference numerals] (210) GPS satellite; (220) Mapping table; (230) Information obtaining unit; (240) Managing unit; (250) Encoding unit; (260) Public key unit
Abstract translation: 目的:提供一种便携式系统诊断信息管理装置及其方法,用于实时地执行信息管理,并通过使用与位置信息相关的文件名来管理诊断信息。 构成:接收单元(210)接收诊断对象系统的位置信息。 映射表(220)包括对应于位置信息的本地信息。 获取单元(230)通过本地通信信道获取诊断对象系统的诊断信息。 管理单元(240)生成包括本地信息的文件名。 编码单元(250)对诊断信息进行编码。 编码单元将编码结果发送到中央管理服务器。 (附图标记)(210)GPS卫星; (220)映射表; (230)信息获取单元; (240)管理单位; (250)编码单元; (260)公钥单元
-
公开(公告)号:KR1020070061009A
公开(公告)日:2007-06-13
申请号:KR1020060030200
申请日:2006-04-03
Applicant: 한국전자통신연구원
Abstract: A system and a method for managing security risks are provided to enable a plurality of specialized estimators to perform estimation irrespective of time/location, and secure promptness for a protection measure comparison and analysis result by including a damage calculation field and defining a process for enabling the specialized estimators to perform the estimation in a remote place. A risk management processor comprises a high level risk analyzing module(100), a low level risk analyzing module(200), and a damage estimating module(300). A risk management server generates a calculation algorithm to output a result by aggregating the data received from the risk management processor, and estimates the information protection level through statistical calculation of a questionnaire result. The high level risk analyzing module estimates an information protection level by responding to data received from each estimator terminal(601). The low level risk analyzing module analyzes the risk when the information protection level is specified and detail security risk management is planned. The damage estimating module performs a cost-effect and damage level analysis, and quantizes damages while providing the information protection measures.
Abstract translation: 提供了一种用于管理安全风险的系统和方法,以使得多个专门的估计器可以不考虑时间/位置来执行估计,并且通过包括损伤计算字段并定义启用过程来确保保护措施比较和分析结果的及时性 在偏远地区执行估计的专门估算人员。 风险管理处理器包括高级风险分析模块(100),低级风险分析模块(200)和损伤估计模块(300)。 风险管理服务器生成计算算法,通过汇总从风险管理处理器收到的数据来输出结果,并通过问卷调查结果的统计计算来估计信息保护水平。 高级风险分析模块通过响应从每个估计器终端(601)接收的数据来估计信息保护等级。 低级别风险分析模块在规定信息保护等级并分析详细安全风险管理时对风险进行分析。 损害估算模块执行成本效益和损害水平分析,并在提供信息保护措施的同时量化损失。
-
公开(公告)号:KR1020030056568A
公开(公告)日:2003-07-04
申请号:KR1020010086830
申请日:2001-12-28
Applicant: 한국전자통신연구원
IPC: H04L9/32
CPC classification number: H04L63/0869
Abstract: PURPOSE: An authentication method for protecting an agent and a message is provided, which defends the attack from a malicious agent and message level, and assures authentication at an initial access trial process. CONSTITUTION: According to the authentication method, a transmitter agent(1) request authentication to a facilitator(2) in order to transfer a message to an unknown agent. The facilitator performs mutual authentication with the transmitter agent and then exchanges a session key. The facilitator finds an agent coinciding with its object and performs mutual authentication, and then exchanges the session key. And the transmitter agent constitutes an independent security channel with a receiver agent(3) selected using the session key.
Abstract translation: 目的:提供一种用于保护代理和消息的认证方法,从而防止恶意代理和消息级别的攻击,并在初始访问试用过程中确保认证。 构成:根据认证方法,发送方代理(1)向促进者(2)请求认证,以便将消息传递给未知代理。 协调者与发射机代理执行相互认证,然后交换会话密钥。 协调人找到与其对象一致的代理,并进行相互认证,然后交换会话密钥。 并且发射机代理构成具有使用会话密钥选择的接收方代理(3)的独立安全信道。
-
公开(公告)号:KR100459767B1
公开(公告)日:2004-12-03
申请号:KR1020020037468
申请日:2002-06-29
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: A system and a method for detecting intrusion using a hybrid neural network are provided to detect the intrusion including an unknown intrusion pattern and to process the intrusion in real-time. CONSTITUTION: A packet collector(110) collects a packet existed on the network. A packet preprocessor(120) patterns the collected packet through a preprocessing process in order to use the packet collected through the packet collector as an input value of the neural network. An intrusion detection pattern learning part(210) learns the patterned packet by receiving the patterned packet from the packet preprocessor and using the clustering neuron network, and clusters the intrusion detection pattern by using a data distribution and a frequency. An intrusion detection judging part(220) receives a clustering result value and the connection level information of the patterned packet, learns the intrusion detection judgment through the result value and the connection level information by using the learning neuron network, and detects the intrusion.
Abstract translation: 目的:提供一种使用混合神经网络检测入侵的系统和方法,以检测包括未知入侵模式的入侵并实时处理入侵。 构成:分组收集器(110)收集网络上存在的分组。 分组预处理器(120)通过预处理过程对收集的分组进行分组,以便将通过分组收集器收集的分组用作神经网络的输入值。 入侵检测模式学习部分(210)通过从分组预处理器接收图案化分组并使用聚类神经元网络来学习图案化分组,并且通过使用数据分布和频率来聚类入侵检测图案。 入侵检测判断部分(220)接收聚类结果值和图案化分组的连接级别信息,通过使用学习神经元网络的结果值和连接级别信息来学习入侵检测判断,并检测入侵。
-
公开(公告)号:KR1020040032493A
公开(公告)日:2004-04-17
申请号:KR1020020061668
申请日:2002-10-10
Applicant: 한국전자통신연구원
IPC: H04L7/00
CPC classification number: H04L27/2656 , H04L7/0016 , H04L7/042
Abstract: PURPOSE: An apparatus and a method for detecting a multi-frame synchronization failure are provided to detect the synchronization failure for all transmission speeds by deciding a state of the synchronization failure from a received serial data stream without the transmission speed and the synchronization position information. CONSTITUTION: An apparatus for detecting a failure of multi-frame synchronization includes a multi-frame clock generation unit(202), a multiple FAS detection unit(206), a synchronization failure decision unit(208), a data stream order control unit(210), a data stream control unit(204), and a synchronization failure detection unit(212). The multi-frame clock generation unit(202) divides an input clock according to each frame structure. The multiple FAS detection unit(206) detects the frame synchronization information of the multi-frame clock generation unit from a data stream of the data stream control unit. The synchronization failure decision unit(208) compares the frame synchronization information to an FAS pattern. The data stream order control unit(210) increases or maintains an order control counter value of the data stream according to a receiving state of a failure signal from the synchronization failure decision unit. The data stream control unit(204) controls the data stream of the second input terminal according to the control signal of the data stream order control unit. The synchronization failure detection unit(212) decides the failure of the synchronization when the number of failure signals exceeds the reference value.
Abstract translation: 目的:提供一种用于检测多帧同步故障的装置和方法,用于通过从接收到的串行数据流中确定同步故障的状态来检测所有传输速度的同步故障,而不需要传输速度和同步位置信息。 检测多帧同步故障的装置包括多帧时钟生成单元(202),多个FAS检测单元(206),同步失败判定单元(208),数据流顺序控制单元 210),数据流控制单元(204)和同步失败检测单元(212)。 多帧时钟生成部(202)根据各帧结构分割输入时钟。 多个FAS检测单元(206)从数据流控制单元的数据流检测多帧时钟生成单元的帧同步信息。 同步失败判定部(208)将帧同步信息与FAS模式进行比较。 数据流顺序控制单元根据来自同步失败判定单元的故障信号的接收状态增加或维持数据流的顺序控制计数器值。 数据流控制单元(204)根据数据流顺序控制单元的控制信号控制第二输入终端的数据流。 当故障信号的数量超过参考值时,同步故障检测单元(212)确定同步的故障。
-
公开(公告)号:KR1020030069241A
公开(公告)日:2003-08-27
申请号:KR1020020008663
申请日:2002-02-19
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: A device and method for chasing the root of an invader is provided to execute a reverse chase of the root of an invader sequentially without changing components of a network through all networks including the Internet. CONSTITUTION: A detection module(7) detects an invasion and analyzes an invasion-detected system. A reverse chase agent(2) obtains an IP address of a previous system based on traces created in the system caused by an invasion. A server(4) receives an IP address of the system analyzed from the detection module(7) and the reverse chase agent(2), and monitors/manages a chase state of the reverse chase agent(2). An agent installation module(5) installs the reverse chase agent(2) in the system of the IP address being supplied from the server(4). An analysis module(3) communicates the reverse chase agent(2) with the server(4) safely and analyzes the system based on the obtained IP address. A data managing module(6) stores a series of chase and analysis processes being supplied from the server(4) and supplies data necessary for a searching process to the server(4).
Abstract translation: 目的:提供用于追逐入侵者根的设备和方法,以顺序地执行侵入者的根的反向追逐,而不需要通过包括因特网在内的所有网络改变网络的组件。 构成:检测模块(7)检测入侵并分析入侵检测系统。 反向追踪代理(2)基于由入侵引起的在系统中创建的跟踪获得先前系统的IP地址。 服务器(4)从检测模块(7)和反向追踪代理(2)接收分析的系统的IP地址,并监视/管理反向追踪代理(2)的追逐状态。 代理安装模块(5)将逆向追踪代理(2)安装在从服务器(4)提供的IP地址的系统中。 分析模块(3)安全地将反向追踪代理(2)与服务器(4)进行通信,并根据获得的IP地址对系统进行分析。 数据管理模块(6)存储从服务器(4)提供的一系列追逐和分析过程,并向服务器(4)提供搜索过程所需的数据。
-
-
-
-
-
-
-
-
-