-
公开(公告)号:KR100979200B1
公开(公告)日:2010-08-31
申请号:KR1020080074726
申请日:2008-07-30
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1416 , H04L63/1441
Abstract: 본 발명은 보안정보, 및 네트워크 구성정보를 GIS(Grographic Information System) 기반의 지리정보와 매핑하여 표시함으로써 정확한 위치에 네트워크 정보를 표현 가능하며, 네트워크 관리자가 별도의 작업을 통해 지도상에 네트워크 장치, 및 상황을 표시할 필요가 없도록 하는 GIS 기반의 네트워크 정보 표시장치에 관한 것이다. 이를 위해 본 발명은, 외부 네트워크 장치로부터 네트워크 정보를 수신하며, GIS 기반의 지리정보를 구비하고, 위치정보에 응답하여 위치정보에 해당하는 지리정보를 생성하는 지리정보 처리모듈, 및 위치정보에 대응되는 지리정보에 네트워크 정보를 매핑하여 표현하며, 보안 문제를 유발하는 패킷의 공격 위치, 경유지, 및 목표위치를 라인으로 연결하고, 패킷의 공격 유형과 위험 수준에 따라 라인의 폭과 색상을 미리 정해진 폭과 색상으로 가변하여 네트워크 정보를 직관적으로 표현하는 네트워크 정보 처리모듈을 포함한다.
GIS, 네트워크 정보, 보안 이벤트, 트래픽, 지리정보-
公开(公告)号:KR1020090113745A
公开(公告)日:2009-11-02
申请号:KR1020080100299
申请日:2008-10-13
Applicant: 한국전자통신연구원
Abstract: PURPOSE: A network attack location searching method and system using a spy-bot agent is provided to detect and trace the attacker over wide place by obtaining the packet information of the packet which accesses the each host from a remote place. CONSTITUTION: A back tracking server(300) detects one or more dangerous host through host scanning. A spy-bot management server(200) transmits the spy-bot agents(100) to the detected dangerous host. The spy-bot management server obtains packet information of the packet which accesses the each dangerous host through spy-bot agents. The back tracking server references the obtained packet information and reversely traces the starting point of the hacking code.
Abstract translation: 目的:提供使用间谍机构代理的网络攻击位置搜索方法和系统,通过从远程地点获取每个主机访问的数据包的数据包信息,在广泛的位置检测和跟踪攻击者。 构成:后跟踪服务器(300)通过主机扫描来检测一个或多个危险的主机。 间谍机器人管理服务器(200)将间谍机构代理(100)发送到检测到的危险主机。 间谍机器人管理服务器通过间谍机构代理获取访问每个危险主机的数据包的数据包信息。 后跟踪服务器引用获取的数据包信息,并反向跟踪黑客代码的起点。
-
公开(公告)号:KR100856924B1
公开(公告)日:2008-09-05
申请号:KR1020070022971
申请日:2007-03-08
Applicant: 한국전자통신연구원
IPC: H04L12/26
CPC classification number: H04L41/22 , H04L43/045 , H04L63/1408
Abstract: An apparatus and a method for displaying a network state are provided to determine an abnormal state which deteriorates the performance of a network by using information about distinct dispersion, entropy, and clustering as a result of a combination of important properties in a traffic event, and detect a harmful traffic or an abnormal traffic. A method for displaying a network state comprises the following steps of: grouping traffics according to a protocol(S100); selecting and combining three of a resource address, a resource port, a destination address, and a destination port, and calculating distinct dispersion and entropy for a remaining element(S200); displaying the calculated distinct dispersion and entropy on a security radar that an angle of a circle is divided into N and a radius of the circle is divided into M(S300); and detecting the abnormality of a network by referring to a displayed radar state and detecting and reporting a harmful traffic or an abnormal traffic which causes an abnormal state(S400).
Abstract translation: 提供一种用于显示网络状态的装置和方法,用于通过使用关于交通事件中的重要属性的组合的结果,通过使用关于不同色散,熵和聚类的信息来确定恶化网络性能的异常状态,以及 检测到有害的流量或异常流量。 一种用于显示网络状态的方法包括以下步骤:根据协议对流量进行分组(S100); 选择和组合资源地址,资源端口,目的地地址和目的地端口中的三个,并为剩余元素计算不同的色散和熵(S200); 在安全雷达上显示计算出的不同色散和熵,将圆的角度分为N和圆的半径分为M(S300); 以及通过参照所显示的雷达状态来检测和检测网络的异常,并检测并报告导致异常状态的有害通信或异常业务(S400)。
-
公开(公告)号:KR100786392B1
公开(公告)日:2007-12-17
申请号:KR1020060096570
申请日:2006-09-29
Applicant: 한국전자통신연구원
CPC classification number: G06F17/30283 , G06F17/30401 , G06F17/30539 , G06Q50/26
Abstract: A method for deciding a policy enforcement target of a policy client in a policy-based management framework is provided to rightly and efficiently decide an applicable object resource in case of executing a policy provided from a policy server. A method for deciding a policy enforcement target of a policy client in a policy-based management framework includes the following steps: a step that the policy client confirms capability set of policy information base received from policy serer(101); a step to confirm role-combination of the policy information base received from a policy server(103); a step to search resource satisfying the confirmed capability set and role-combination(105,106); and a step to apply and execute policy received on the searched resource(107).
Abstract translation: 提供了一种用于在基于策略的管理框架中决定策略客户端的策略执行目标的方法,以在执行从策略服务器提供的策略的情况下正确有效地确定适用的对象资源。 一种用于在基于策略的管理框架中决定策略客户端的策略执行目标的方法包括以下步骤:策略客户端确认从策略策略器(101)接收的策略信息库的功能集合的步骤; 确认从策略服务器(103)接收的策略信息库的角色组合的步骤; 搜索满足确认能力集和角色组合的资源的一个步骤(105,106); 以及在搜索到的资源(107)上应用和执行收到的策略的步骤。
-
公开(公告)号:KR101003094B1
公开(公告)日:2010-12-21
申请号:KR1020080100299
申请日:2008-10-13
Applicant: 한국전자통신연구원
Abstract: 본 발명은 도메인 상호간의 협력체계에 의존하지 않고도 해킹을 시도하는 공격자의 위치를 추적하는 스파이 봇 에이전트를 이용한 네트워크 공격 위치 추적 방법, 및 시스템에 관한 것이다. 이를 위해 본 발명은, 호스트 스캐닝을 통해 해킹에 취약한 포트가 오픈 된 위험 호스트를 적어도 하나 검출하는 역추적 서버, 및 검출된 각 위험 호스트로 스파이 봇 에이전트를 전송하여 설치하며, 설치된 스파이 봇 에이전트를 통해 각 위험 호스트를 출입하는 패킷의 패킷정보를 획득하는 스파이 봇 관리 서버를 포함하며, 역추적 서버는, 각 위험 호스트를 통해 획득된 패킷정보를 참조하여 위험 호스트들을 경유하는 해킹 코드의 출발지점을 역 추적한다.
도메인, 호스트, 역추적, 스파이 봇 에이전트, 패킷-
Patent Agency Ranking
公开(公告)号:KR1020100073125A
公开(公告)日:2010-07-01
申请号:KR1020080131716
申请日:2008-12-22
Applicant: 한국전자통신연구원
CPC classification number: H04W12/12 , H04L63/1416
Abstract: PURPOSE: A security status monitoring device in a mobile network is provided to analyze the correlation of RF signal information and security event information, thereby offering in order to indicate while mapping the RF signal information and security event information. CONSTITUTION: An RF signal collectors(112,114) collect one or more RF signal information. A security event collectors(120,130) collect security event information including one or more information among traffic information and alarm information. A security event information mapping unit(106) analyzes the correlation of the collected RF signal information and the security event information. The security event information mapping unit maps the RF signal information and the security event information. A security event information display unit(108) indicates the mapped security event information.
Abstract translation: 目的:提供移动网络中的安全状态监控设备,以分析RF信号信息和安全事件信息的相关性,从而提供用于在映射RF信号信息和安全事件信息的同时进行指示。 构成:RF信号收集器(112,114)收集一个或多个RF信号信息。 安全事件收集器(120,130)收集包括交通信息和报警信息中的一个或多个信息的安全事件信息。 安全事件信息映射部(106)分析所收集的RF信号信息与安全事件信息的相关性。 安全事件信息映射单元映射RF信号信息和安全事件信息。 安全事件信息显示单元(108)指示映射的安全事件信息。
-
公开(公告)号:KR1020100057352A
公开(公告)日:2010-05-31
申请号:KR1020080116357
申请日:2008-11-21
Applicant: 한국전자통신연구원
Abstract: PURPOSE: A method for authenticating a user terminal and a method for detecting IP spoofing using a web server are provided to verify the IP spoofing by matching an IP address from the origin of a packet and an IP address of a user which is transferred during an authentication process. CONSTITUTION: If a user terminal requires an authentication using an ID and a password, a web server transmits and installs an authentication module to the user terminal. The web server obtains the real IP information of the user terminal through the authentication module. The real IP information is compared to the IP information from the user terminal. The IP spoofing is verified based on the comparison result.
Abstract translation: 目的:提供一种用于认证用户终端的方法和使用Web服务器检测IP欺骗的方法,以通过匹配来自分组的来源的IP地址和在一个分组中传送的用户的IP地址来验证IP欺骗 认证过程。 规定:如果用户终端需要使用ID和密码进行身份验证,则Web服务器将身份验证模块发送并安装到用户终端。 Web服务器通过认证模块获取用户终端的真实IP信息。 将真实IP信息与来自用户终端的IP信息进行比较。 基于比较结果验证IP欺骗。
-
公开(公告)号:KR1020100013177A
公开(公告)日:2010-02-09
申请号:KR1020080074727
申请日:2008-07-30
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L67/22 , H04L63/0281 , H04L63/1441 , H04L67/2857
Abstract: PURPOSE: A web based trace back system and a method using a reverse caching proxy are provided to grasp the real network information and location of a user who has penetrated an anonymous proxy server. CONSTITUTION: A reverse caching proxy server(110) determines the usage of the anonymous server of the client(10). A web tracking server(120) creates a response page with a HTTP(Hypertext Transfer Protocol) packet. The web tracking server annexes a tracking signal to the response page. The web tracking server offers the response page through the reverse caching proxy server to a client. The network information of the client is determined by a tracking signal to the web tracking server.
Abstract translation: 目的:提供基于Web的跟踪回溯系统和使用反向缓存代理的方法来掌握已经渗透到匿名代理服务器的用户的真实网络信息和位置。 构成:反向缓存代理服务器(110)确定客户机(10)的匿名服务器的使用。 网页跟踪服务器(120)创建具有HTTP(超文本传输协议)分组的响应页面。 网络跟踪服务器将跟踪信号附加到响应页面。 Web跟踪服务器通过反向缓存代理服务器向客户端提供响应页面。 客户端的网络信息由跟踪服务器的跟踪信号确定。
-
公开(公告)号:KR1020090002889A
公开(公告)日:2009-01-09
申请号:KR1020070067268
申请日:2007-07-04
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1416 , G06Q10/06
Abstract: A security event sampling device and a method thereof based on the contents of the security event received from a network device are provided to maintain the contents characteristic information of sampled security events before sampling the security event. A security event accumulation module(110) collects a security event generated from a network apparatus. The contents of the collected security event are classified into for each type and stored in each memory of the security event storing part(100). A sampling ratio determining module(120) compares the number of maximum process security events and the number of previously determined average receiving security events. A security event analyzing module(130) analyzes the number of security events and calculates port correlation distribution.
Abstract translation: 提供一种基于从网络设备接收的安全事件的内容的安全事件采样设备及其方法,用于在采样安全事件之前维护采样的安全事件的内容特征信息。 安全事件累积模块(110)收集从网络装置生成的安全事件。 收集的安全事件的内容被分类为每种类型并存储在安全事件存储部分(100)的每个存储器中。 采样比确定模块(120)比较最大过程安全事件的数量和先前确定的平均接收安全事件的数量。 安全事件分析模块(130)分析安全事件的数量并计算端口相关分布。
-
公开(公告)号:KR101219538B1
公开(公告)日:2013-01-08
申请号:KR1020090069418
申请日:2009-07-29
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1425
Abstract: 본발명은비주얼데이터분석기반의네트워크공격탐지장치및 그방법에관한것으로, 대량의트래픽데이터를실시간으로처리할 수있고, 트래픽이미지를생성할때 트래픽의볼륨, 국가정보, ISP 정보, 사용되는포트정보등의다양한정보들을삽입하여기존의트래픽볼륨기반의네트워크공격탐지기법들이탐지하지못했던공격들을탐지할수 있다. 또한, 본발명은비주얼데이터분석기법을사용하여네트워크트래픽을분석함으로써분석된결과가이미지패턴으로나타나기때문에공격의탐지결과를보고네트워크공격여부를직관적으로인지하고, 네트워크공격탐지정보와네트워크공격에대한이미지패턴과원본데이터등을표현하는사용자인터페이스를제공하기때문에네트워크관리자측면에서탐지된공격을신속하게검증할수 있다.
-
-
-
-
-
-
-
-
-
Search Results
42
records
(took 0.023 seconds)
