Abstract:
PURPOSE: A method for delivering a policy of a Ladon-SGS(Security Gateway System) and managing a database for alarms is provided to reflect countermeasures on the database for alarms according to types of generated terrors, and to update the countermeasures in a cache interworking with an analyzer of the Ladon-SGS, thereby rapidly processing a monitoring system as well as being applied to detecting or breaking polices. CONSTITUTION: A policy and system manager of an optional Ladon-SGS receives packet data from a Ladon-CPCS through a network(301), to discriminate the packet data with reference to breaking information(302). If the packet data are included in the breaking information, the policy and system manager provides the packet data to a breaker through a message queue(303), and the breaker breaks the packet data(304). If the packet data are not included in the breaking information, the policy and system manager abbreviates the packet data to an event and provides the event to an analyzer through the message queue(305). The analyzer stores the event in a cache(306), and analyzes the event by using an analysis function according to types(307). The analyzer reads a pattern class to check whether a 'start' state exists(308). If so, the analyzer inserts the pattern class in a stack class(309), and if not, the analyzer decides whether a state is a 'final' state(310). If so, the analyzer copes with an invasion according to a defined invasion pattern(311), and if not, the analyzer checks whether a certain time stamp passes(312). If so, the analyzer deletes the pattern class(313), and if not, the analyzer checks whether all patterns included in a corresponding thread are inspected(314). If so, the step 307 is returned, and if not, the step 308 is returned.
Abstract:
본 발명은 분산된 가입자 엑세스 망(DANS) 관리 메니저 시스템(DOMS)에서 공통관리 인터페이스 프로토콜(CMIP)통신을 이용하여 각 DANS의 에이전트를 통한 가입자 관리방법에 관한 것으로서, 현재 지형적으로 분산 설치 및 운영되고 있는 비동기식 가입자 엑세스 망(DANS)을 통해 제공되는 서비스의 가입자를 운용자가 원거리에서 통합적으로 관리하는 방법을 제공하는데 있다. 이를 위하여 본 발명은 표준 관리 정보 베이스(MIB)를 기초로 하고, CMIP을 사용한 에이전트와의 인터페이스를 통하여 DOMS에서 서비스 가입자에 대한 운용자의 등록 기능과 각 DANS에서 발생되는 가입자 관리 이벤트를 에이전트를 통하여 전달받아 이를 처리하는 기능을 수행한다.
Abstract:
PURPOSE: A hidden-type intrusion detection and cutoff controlling system and a controlling method thereof are provided to detect illegal intrusion of hackers through a network by using a line speed, so as to cut off packets of the illegal intrusion in advance. CONSTITUTION: An RISC(Reduced Instruction Set Computer) processor(110) provides a management function and instructs a security policy. An external MAC(Media Access Controller)(150) transceives packets by being connected with an external connection unit(200). An internal MAC(160) transceives packets by being connected with an internal connection unit(300). A packet memory(120) temporarily stores the packets received through the external MAC(150) and the packets received through the internal MAC(160). A packet control engine(130) temporarily stores the packets received through the external and internal MACs(150,160) in the packet memory(120), and checks whether the packets are harmful, if the packets are normal, to deliver the packets to the external and internal connection units(200,300) through the external and internal MACs(150,160) or to the RISC processor(110) at need, and if harmful, to cut off the packets or generate an alarm to the RISC processor(110). A CAM(Contents Address Memory)(140) extracts stored contents by using contents rather than an address of a memory. And a statistical value memory(170) stores statistical values.
Abstract:
PURPOSE: A Ladon-SGS(Security Gateway System), its security policy setting method and a harmful traffic detection alarm generating method are provided to control an illegal intrusion or a harmful traffic by analyzing a large scale network traffic and packet information. CONSTITUTION: A communication processor(21) sets connection with a security policy server and a Ladon-SGS and transfers and receives information according to security policy. A system controller(22) performs operations related to initialization of the Ladon-SGS and controls an overall system. A security policy processor(23) converts the security policy transferred from a security policy server into a form applicable to the Ladon-SGS. An intrusion detection analyzer(24) analyzes an intrusion as occurred through a network and transfers an analysis result to an intrusion detection alarm processor. An intrusion detection alarm processor(25) analyzes an intrusion alarm importance according to a pre-set security policy on the basis of information related to the intrusion type analyzed by the intrusion detection analyzer(24), compares the importance with a reference value, and determines whether to cope with it by a system or transfer it to the security policy server. A security policy storing unit(26) stores the security policy which has been converted by the security policy processor(23), the intrusion detection and corresponding results of the detected intrusion. A firewall processor(27) cuts off an illegal intrusion defined by a firewall policy and a harmful traffic.
Abstract:
PURPOSE: A method for delivering a policy of a Ladon-SGS(Security Gateway System) and managing a database for alarms is provided to reflect countermeasures on the database for alarms according to types of generated terrors, and to update the countermeasures in a cache interworking with an analyzer of the Ladon-SGS, thereby rapidly processing a monitoring system as well as being applied to detecting or breaking polices. CONSTITUTION: A policy and system manager of an optional Ladon-SGS receives packet data from a Ladon-CPCS through a network(301), to discriminate the packet data with reference to breaking information(302). If the packet data are included in the breaking information, the policy and system manager provides the packet data to a breaker through a message queue(303), and the breaker breaks the packet data(304). If the packet data are not included in the breaking information, the policy and system manager abbreviates the packet data to an event and provides the event to an analyzer through the message queue(305). The analyzer stores the event in a cache(306), and analyzes the event by using an analysis function according to types(307). The analyzer reads a pattern class to check whether a 'start' state exists(308). If so, the analyzer inserts the pattern class in a stack class(309), and if not, the analyzer decides whether a state is a 'final' state(310). If so, the analyzer copes with an invasion according to a defined invasion pattern(311), and if not, the analyzer checks whether a certain time stamp passes(312). If so, the analyzer deletes the pattern class(313), and if not, the analyzer checks whether all patterns included in a corresponding thread are inspected(314). If so, the step 307 is returned, and if not, the step 308 is returned.
Abstract:
PURPOSE: A method for controlling a dynamic combined use timer based call connection in an ATM(asynchronous transfer mode) adaptive layer 2 is provided to minimize a consumption of a bandwidth by dynamically controlling a Time_CU value to reduce the time out number and use a remained bandwidth in a traffic for an available bit rate/unspecified bit rat service. CONSTITUTION: When a call is requested(S501), a cell assembly delay time is tested(S503). A Time_CU is increased(S505) and the cell assembly delay time is again tested(S507). The Time_CU is reduced to a previous value(S509) and a call request is received(S511). The Time_CU is compared with a MAX_TCU(S513). When the Time_CU is greater than the MAX_TCU, the call request is received(S511). When the Time_CU is less than the MAX_TCU, steps S505 to S513 are sequentially performed. The Time_CU is reduced(S515) and the cell assembly delay time is again tested(S517). The Time_CU is compared with a MIN_TCU(S519). When the Time_CU is greater than the MIN_TCU, the call request is rejected(S521). When the Time_CU is less than the MIN_TCU, steps S515 to S519 are sequentially performed.
Abstract:
1. 청구범위에 기재된 발명이 속한 기술분야 본 발명은 라우팅 기능 분산 기법을 이용하여 복수망간 연동을 지원하는 시스템의 성능을 향상시키는 장치 및 그 방법에 관한 것임. 2. 발명이 해결하려고 하는 기술적 과제 본 발명은, 이더넷 접속 기능부에 IP(Internet Protocol) 전달 테이블을 적재하여 라우터 기능을 분산시켜 기존의 연동 지원시스템에 구비된 라우터의 부담을 경감시킴으로써, 시스템 성능을 향상시키는 라우팅 기능 분산 기법을 이용한 복수망간 연동 지원시스템 성능 향상 장치 및 그 방법과, 그를 실현시키기 위한 프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체를 제공하고자 함. 3. 발명의 해결방법의 요지 본 발명은, 제1 IP(Internet Protocol) 전달테이블을 포함하는 라우팅 기능부를 구비하고 있으며, 이더넷 접속기능을 수행하는 적어도 하나의 제1 접속기능부와, 비동기전달모드(ATM) 접속기능을 포함하는 적어도 하나의 제2 접속기능부를 구비하여, 복수망간의 연동을 지원하는 공지의 시스템에서 라우팅 기능 분산을 통한 연동 지원 성능 향상 방법에 있어서, 상기 라우팅 기능부의 기능을 분산시키기 위하여, 상기 적어도 하나의 제1 접속기능부에 각각 제2 IP 전달테이블을 구비시키는 제 1 단계; 상기 제1 IP 전달테이블의 연결정보와 상기 적어도 하나의 제1 접속기능부에 각각 구비된 제2 IP 전달테이블의 연결정보를 일치시키는 제 2 단계; 상기제2 IP 전달테이블의 연결정보에 따라, 상기 제1 접속기능부를 통해 다른 영역으로 전달되어야 할 이더넷 데이터를 상기 라우팅 기능부를 거치지 않고 착신측으로 직접 전달하는 제 3 단계를 포함함. 4. 발명의 중요한 용도 본 발명은 이더넷 접속기능부를 구비한 동종 또는 이종 연동 지원시스템 등에 이용됨.
Abstract:
PURPOSE: An apparatus and a method for enhancing performance of system applying link between plural networks using a routing distribution method are provided to distribute the routing function and reduce a burden of routing by loading IP(Internet Protocol) transmission table, thereby enhancing the performance of system. CONSTITUTION: In the case of the data to be transmitted to other region, in order to make the existing complex routing processes in which each data is transmitted/received to/from a routing function unit(601) exclude, IP transmission tables(61,62) are loaded to the respective Ethernet connection function units(604,605). So, it is unnecessary to transmit the Ethernet data to the routing function unit(601) for referencing the contents of the IP transmission table(602). The Ethernet data transmitted from a LAN(606) is analyzed and if the data must be transmitted toward the other region, the data are directly transmitted to the corresponding destination in reference to the managed IP table(61).
Abstract:
PURPOSE: A method is provided to manage subscribers through an agent of each distributed access node system (DANS) by using a common management interface protocol communication(CMIP) in a DANS operation and management system(DOMS). CONSTITUTION: Information of all subscribers stored in each telecommunication management network agent block(TAGB) is collected and initialized. Thereafter, the control process receives and analyzes an operator request event, and manages a subscriber if the request is a subscriber manage request. Then, the process receives the operator request event from the TAGB and processes the TAGB event.