-
公开(公告)号:US20190327164A1
公开(公告)日:2019-10-24
申请号:US16206662
申请日:2018-11-30
Inventor: Jung Tae KIM , Youngsoo KIM , Jonghyun KIM , Hyun Joo KIM , Jong Geun PARK , Sang-Min LEE , Jong-Hoon LEE , Sunoh CHOI
IPC: H04L12/26
Abstract: A method, an apparatus, and a system for analyzing traffic through obtaining flow data of a flow from a switch or a router of a network, calculating an average byte per packet rate (BPR) and a TCP flag ratio (TCPFR) for all flows included in a session including the flow using the flow data, and comparing the average BPR and the TCPFR with an average BPR and a TCPFR of previously-known traffic and determining whether the traffic including the flow is normal traffic or abnormal traffic based on the comparison result are provided.
-
公开(公告)号:US20190394215A1
公开(公告)日:2019-12-26
申请号:US16202869
申请日:2018-11-28
Inventor: Jong-Hoon LEE , Youngsoo KIM , Ik Kyun KIM , Jung Tae KIM , Jonghyun KIM , Hyun Joo KIM , Jong Geun PARK , Sang-Min LEE , Sunoh CHOI
Abstract: A method and a computation apparatus detecting cyber threats using a neural network through steps of: generating a learning model by performing machine learning on training data based on baseline data, converting a security event collected in real time into input data for the neural network, and determining, as an output corresponding to the input data based on the learning model, whether the security event is normal or threat are provided.
-
公开(公告)号:US20190012459A1
公开(公告)日:2019-01-10
申请号:US15963906
申请日:2018-04-26
Inventor: Doo Ho CHOI , Ik Kyun KIM , Jonghyun KIM , Taesung KIM , Seung Hun JIN
Abstract: A ransomware detection apparatus and an operation method thereof are provided. The ransomware detection apparatus may include a frequency converter receiving an OP code currently being executed in a CPU and converting a value of the OP code into a frequency domain to generate a first OP code frequency waveform, a memory storing a second OP code frequency waveform, which is a value obtained by converting the OP code corresponding to a ransomware encryption algorithm into a frequency domain, and a ransomware determiner comparing the first OP code frequency waveform with the second OP code frequency waveform to determine whether ransomware operates.
-
4.发明申请公开(公告)号:US20130318609A1
公开(公告)日:2013-11-28
申请号:US13902069
申请日:2013-05-24
Inventor: Ki Young KIM , Sungwon YI , Sun Hee LIM , Jonghyun KIM , Dae-Hee SEO , BYUNG-GIL LEE
IPC: H04L29/06
CPC classification number: H04L63/1441 , H04L63/1425
Abstract: An apparatus for quantifying network threat situations includes a traffic analyzing unit to analyze packet patterns of traffics occurring on a target network being monitored to extract one or more suspicious domains. An IP monitoring unit gives security levels among a plurality of security levels to the suspicious domains according to the number of access IPs accessing the suspicious domains. An activity index computing unit computes activity indices for the suspicious domains from activity indices according to the access times to the suspicious domains of the access IPs. An attack amount anticipation unit analogizes an expected amount of attacks for each suspicious domain according to an expected amount of attacks for each zombie computer, the security level and the activity index of the suspicious domain.
Abstract translation: 用于量化网络威胁情况的装置包括业务分析单元,用于分析在被监视的目标网络上发生的流量的分组模式,以提取一个或多个可疑域。 IP监控单元根据访问可疑域的访问IP的数量,向可疑域提供多个安全级别之间的安全级别。 活动索引计算单元根据访问IP的可疑域的访问时间,从活动索引计算可疑域的活动索引。 攻击量预期单元根据每个僵尸计算机的预期攻击次数,可疑域的安全级别和活动索引类似于每个可疑域的预期攻击次数。
-
-
-
Search Results
4
records
(took 0.014 seconds)
