公开(公告)号：KR100459767B1

公开(公告)日：2004-12-03

申请号：KR1020020037468

申请日：2002-06-29

Applicant: 한국전자통신연구원

Inventor： 한광택 ,  최대식 ,  강철오 ,  정주영 ,  고재영 ,  김은영

IPC: G06F15/00

Abstract: PURPOSE: A system and a method for detecting intrusion using a hybrid neural network are provided to detect the intrusion including an unknown intrusion pattern and to process the intrusion in real-time. CONSTITUTION: A packet collector(110) collects a packet existed on the network. A packet preprocessor(120) patterns the collected packet through a preprocessing process in order to use the packet collected through the packet collector as an input value of the neural network. An intrusion detection pattern learning part(210) learns the patterned packet by receiving the patterned packet from the packet preprocessor and using the clustering neuron network, and clusters the intrusion detection pattern by using a data distribution and a frequency. An intrusion detection judging part(220) receives a clustering result value and the connection level information of the patterned packet, learns the intrusion detection judgment through the result value and the connection level information by using the learning neuron network, and detects the intrusion.

Abstract translation: 目的：提供一种使用混合神经网络检测入侵的系统和方法，以检测包括未知入侵模式的入侵并实时处理入侵。 构成：分组收集器（110）收集网络上存在的分组。 分组预处理器（120）通过预处理过程对收集的分组进行分组，以便将通过分组收集器收集的分组用作神经网络的输入值。 入侵检测模式学习部分（210）通过从分组预处理器接收图案化分组并使用聚类神经元网络来学习图案化分组，并且通过使用数据分布和频率来聚类入侵检测图案。 入侵检测判断部分（220）接收聚类结果值和图案化分组的连接级别信息，通过使用学习神经元网络的结果值和连接级别信息来学习入侵检测判断，并检测入侵。

公开(公告)号：KR1020030069241A

公开(公告)日：2003-08-27

申请号：KR1020020008663

申请日：2002-02-19

Applicant: 한국전자통신연구원

Inventor： 강철오 ,  최대식 ,  한광택 ,  정주영 ,  고재영 ,  강인곤

IPC: G06F15/00

Abstract: PURPOSE: A device and method for chasing the root of an invader is provided to execute a reverse chase of the root of an invader sequentially without changing components of a network through all networks including the Internet. CONSTITUTION: A detection module(7) detects an invasion and analyzes an invasion-detected system. A reverse chase agent(2) obtains an IP address of a previous system based on traces created in the system caused by an invasion. A server(4) receives an IP address of the system analyzed from the detection module(7) and the reverse chase agent(2), and monitors/manages a chase state of the reverse chase agent(2). An agent installation module(5) installs the reverse chase agent(2) in the system of the IP address being supplied from the server(4). An analysis module(3) communicates the reverse chase agent(2) with the server(4) safely and analyzes the system based on the obtained IP address. A data managing module(6) stores a series of chase and analysis processes being supplied from the server(4) and supplies data necessary for a searching process to the server(4).

Abstract translation: 目的：提供用于追逐入侵者根的设备和方法，以顺序地执行侵入者的根的反向追逐，而不需要通过包括因特网在内的所有网络改变网络的组件。 构成：检测模块（7）检测入侵并分析入侵检测系统。 反向追踪代理（2）基于由入侵引起的在系统中创建的跟踪获得先前系统的IP地址。 服务器（4）从检测模块（7）和反向追踪代理（2）接收分析的系统的IP地址，并监视/管理反向追踪代理（2）的追逐状态。 代理安装模块（5）将逆向追踪代理（2）安装在从服务器（4）提供的IP地址的系统中。 分析模块（3）安全地将反向追踪代理（2）与服务器（4）进行通信，并根据获得的IP地址对系统进行分析。 数据管理模块（6）存储从服务器（4）提供的一系列追逐和分析过程，并向服务器（4）提供搜索过程所需的数据。

公开(公告)号：KR1020040002103A

公开(公告)日：2004-01-07

申请号：KR1020020037468

申请日：2002-06-29

Applicant: 한국전자통신연구원

Inventor： 한광택 ,  최대식 ,  강철오 ,  정주영 ,  고재영 ,  김은영

IPC: G06F15/00

Abstract: PURPOSE: A system and a method for detecting intrusion using a hybrid neural network are provided to detect the intrusion including an unknown intrusion pattern and to process the intrusion in real-time. CONSTITUTION: A packet collector(110) collects a packet existed on the network. A packet preprocessor(120) patterns the collected packet through a preprocessing process in order to use the packet collected through the packet collector as an input value of the neural network. An intrusion detection pattern learning part(210) learns the patterned packet by receiving the patterned packet from the packet preprocessor and using the clustering neuron network, and clusters the intrusion detection pattern by using a data distribution and a frequency. An intrusion detection judging part(220) receives a clustering result value and the connection level information of the patterned packet, learns the intrusion detection judgment through the result value and the connection level information by using the learning neuron network, and detects the intrusion.

Abstract translation: 目的：提供一种使用混合神经网络检测入侵的系统和方法，用于检测包括未知入侵模式的入侵，并实时处理入侵。 构成：数据包收集器（110）收集网络上存在的数据包。 分组预处理器（120）通过预处理过程对收集的分组进行模式化，以便将通过分组收集器收集的分组用作神经网络的输入值。 入侵检测模式学习部分（210）通过从分组预处理器接收图案化分组并使用聚类神经元网络来学习图案化分组，并且通过使用数据分布和频率来聚类入侵检测模式。 入侵检测判断部分（220）接收聚类结果值和图案化分组的连接级信息，通过使用学习神经元网络通过结果值和连接级别信息学习入侵检测判断，并检测入侵。

公开(公告)号：KR1020030056568A

公开(公告)日：2003-07-04

申请号：KR1020010086830

申请日：2001-12-28

Applicant: 한국전자통신연구원

Inventor： 강철오 ,  최대식 ,  한광택 ,  정주영 ,  고재영 ,  우종우 ,  황선태 ,  최진우 ,  박춘식

IPC: H04L9/32

CPC classification number: H04L63/0869

Abstract: PURPOSE: An authentication method for protecting an agent and a message is provided, which defends the attack from a malicious agent and message level, and assures authentication at an initial access trial process. CONSTITUTION: According to the authentication method, a transmitter agent(1) request authentication to a facilitator(2) in order to transfer a message to an unknown agent. The facilitator performs mutual authentication with the transmitter agent and then exchanges a session key. The facilitator finds an agent coinciding with its object and performs mutual authentication, and then exchanges the session key. And the transmitter agent constitutes an independent security channel with a receiver agent(3) selected using the session key.

Abstract translation: 目的：提供一种用于保护代理和消息的认证方法，从而防止恶意代理和消息级别的攻击，并在初始访问试用过程中确保认证。 构成：根据认证方法，发送方代理（1）向促进者（2）请求认证，以便将消息传递给未知代理。 协调者与发射机代理执行相互认证，然后交换会话密钥。 协调人找到与其对象一致的代理，并进行相互认证，然后交换会话密钥。 并且发射机代理构成具有使用会话密钥选择的接收方代理（3）的独立安全信道。