Abstract:
An apparatus and a method for monitor and protect system resources through web browsers are provided to block vicious acts through the web browsers by permitting access to the web browser from allowed system resources. When the web browser performs a program, a file protection module(210) watches the program approaches one or more file resources. The access is given a permission of or is blocked. When a web browser performs a program, a registry protection module(220) watches the program approaches one or more registry resources. The access is given a permission of or is blocked. When a web browser performs a program, a process protection module(230) watches the program terminates one or more process the execution. The execution/termination is permitted or is blocked. The file protection module comprises a basis allowable/refusal file directory(213), a user allowable/refusal file directory(214), a file access monitor(211), and a file access breaker(212).
Abstract:
N categorization of traffics, and a method and a system for detecting/warning an unknown Internet worm attack based on the same are provided to take gradual countermeasures by defining a predictable network or system damage state based on classified traffic property, and predict, forecast, and warn worm risk by quantifying the property of the previously grouped worms. A traffic classifier(500) generates the groups grouping traffic factors causing a similar result by collecting/classifying the traffics, which are generated by executing various worms. The traffic classifier defines the damage by classifying damage factors of the group into a plurality of layers and matching the countermeasure to each layer. A traffic collector(100) collects the new worm traffic generated by using the traffic property of the group defined in the traffic classifier. A forecasting, warning, and managing part(400) forecasts, warns, and manages the countermeasure of each layer of the most similar group by comparing similarity between the new worm traffic and each group.
Abstract:
본 발명은 패치 자동 관리 및 분배 시스템과 이를 이용한 패치 분배 방법에 관한 것으로, 클라이언트 에이전트가 패치 서버에 접속하여 자신의 시스템에 맞는 스캔 리스트를 받아서 설치해야 할 패치 파일의 존재여부를 확인한 후, 그 결과에 따라서 패치 설치 작업을 수행하는 패치 분배 서비스를 제공한다. 이를 통해서 네트워크에 설치된 모든 시스템들에 대한 안전한 패치 자동 분배 및 관리가 가능함으로써 각각의 클라이언트 시스템의 보안성을 향상시키며 궁극적으로는 전체 네트워크의 안정성을 확보할 수 있다. 패치, 패치서버, 패치서버 매니저, 패치 클라이언트 에이전트, 패치 클라이언트 매니저, 패치DB, 패치 저장소
Abstract:
PURPOSE: An authentication method for protecting an agent and a message is provided, which defends the attack from a malicious agent and message level, and assures authentication at an initial access trial process. CONSTITUTION: According to the authentication method, a transmitter agent(1) request authentication to a facilitator(2) in order to transfer a message to an unknown agent. The facilitator performs mutual authentication with the transmitter agent and then exchanges a session key. The facilitator finds an agent coinciding with its object and performs mutual authentication, and then exchanges the session key. And the transmitter agent constitutes an independent security channel with a receiver agent(3) selected using the session key.
Abstract:
An apparatus and a method for managing an authority level violation process are presented to block access if necessary, by searching and monitoring a process with high authority to access to an object with low authority. According to an apparatus(1100) for managing an authority level violation process, a process behavior monitoring module(1110) detecting access to the object from the process. A process information acquisition module(1120) acquires process information. An object information acquisition module(1130) acquires object information. An authority level comparison module(1140) compares authority level between the process and the object, by gathering each process information and each object information acquired by the process information acquisition module and the object information acquisition module. A violation process processing module(1150) blocks the execution of the process or provides a warning message to a user.
Abstract:
PURPOSE: A system and a method for detecting intrusion using a hybrid neural network are provided to detect the intrusion including an unknown intrusion pattern and to process the intrusion in real-time. CONSTITUTION: A packet collector(110) collects a packet existed on the network. A packet preprocessor(120) patterns the collected packet through a preprocessing process in order to use the packet collected through the packet collector as an input value of the neural network. An intrusion detection pattern learning part(210) learns the patterned packet by receiving the patterned packet from the packet preprocessor and using the clustering neuron network, and clusters the intrusion detection pattern by using a data distribution and a frequency. An intrusion detection judging part(220) receives a clustering result value and the connection level information of the patterned packet, learns the intrusion detection judgment through the result value and the connection level information by using the learning neuron network, and detects the intrusion.
Abstract:
PURPOSE: A device and method for chasing the root of an invader is provided to execute a reverse chase of the root of an invader sequentially without changing components of a network through all networks including the Internet. CONSTITUTION: A detection module(7) detects an invasion and analyzes an invasion-detected system. A reverse chase agent(2) obtains an IP address of a previous system based on traces created in the system caused by an invasion. A server(4) receives an IP address of the system analyzed from the detection module(7) and the reverse chase agent(2), and monitors/manages a chase state of the reverse chase agent(2). An agent installation module(5) installs the reverse chase agent(2) in the system of the IP address being supplied from the server(4). An analysis module(3) communicates the reverse chase agent(2) with the server(4) safely and analyzes the system based on the obtained IP address. A data managing module(6) stores a series of chase and analysis processes being supplied from the server(4) and supplies data necessary for a searching process to the server(4).
Abstract:
본 발명은 다양하고 이질적인 구성요소와 복잡한 관리 도메인으로 구성된 대규모 네트워크에서 일어나는 사이버테러에 대응하기 위한 대규모 네트워크의 접근 제어 목록을 통합 관리하는 시스템 및 그 방법에 관한 것이다. 본 발명은 고수준 언어 형식의 정책을 작성하여 중간수준 정책언어로 변환하는 상위관리도구와, 상기 상위관리도구로부터 인증정보가 첨부된 중간수준 정책언어를 전송받아 하부 노드로 전송하는 상위 도메인 서버와, 상기 상위 도메인 서버로부터 전송되는 중간수준 정책언어를 해당 언어에 맞는 접근제어목록으로 변환하여 적용하는 인터프리터로 구성되는 것을 특징으로 한다. 네트워크, 보안관리 시스템, 접근제어목록(ACL), 정책순응
Abstract:
본 발명은 인터넷에서 서비스 하고 있는 웹서버의 가용성 및 생존성을 강화시켜 웹서버 운영시 서비스를 마비시키려는 다양한 사이버테러에도 불구하고 지속적인 서비스를 가능케 하는 웹서버 가용성 및 생존성을 위한 침입 감내 시스템 및 방법에 관한 것이다. 본 발명의 침입 감내 시스템 및 그 방법은 알려진 사이버테러에 대한 차단 기능을 제공하며, 응답에 근간한 탐지를 통하여 알려지지 않은 사이버테러에 대한 차단 기능을 제공하며, 중복된 웹서버의 응답에 근간한 선택을 통하여 적법한 서비스를 제공하며, 해쉬 알고리즘을 이용하여 즉각적인 웹페이지 변조 및 복구 기능을 제공하며, 공격의 탐지에 따른 클라이언트의 분류 및 웹서버의 적응 기능을 제공하여 웹서버 시스템이 중요한 서비스를 지속적으로 수행할 수 있도록 하며, 이를 통해서 다양한 사이버테러에도 불구하고 웹서버의 생존성과 가용성을 향상시킬 수 있다.