公开(公告)号：US20160065600A1

公开(公告)日：2016-03-03

申请号：US14748396

申请日：2015-06-24

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Suk won LEE ,  Geun Yong KIM ,  Taek kyu LEE ,  Myeong Ryeol CHOI ,  Soonjwa HONG ,  Seongtaek CHEE

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F16/148 ,  G06F16/9566

Abstract: An apparatus and method for automatically detecting a malicious link. The apparatus includes a threat information collection unit, a priority management unit, a malicious link collection unit, a malicious link analysis unit, and a malicious link tracking unit. The threat information collection unit collects threat information, and identifies whether a malicious link is present in each target site. The priority management unit determines the priorities of the target sites, and performs the assignment and management of the target sites in order to collect and analyze a malicious link. The malicious link collection unit collects the uniform resource locator (URL) of the malicious link from the target sites. The malicious link analysis unit analyzes a call correlation based on the collected URL, and analyzes the malicious link through pattern matching. The malicious link tracking unit tracks the real-time changing state of the malicious link.

Abstract translation: 一种用于自动检测恶意链接的装置和方法。 该装置包括威胁信息收集单元，优先管理单元，恶意链路收集单元，恶意链路分析单元和恶意链路跟踪单元。 威胁信息收集单元收集威胁信息，并识别每个目标站点中是否存在恶意链接。 优先级管理单元确定目标站点的优先级，执行目标站点的分配和管理，以收集和分析恶意链接。 恶意链接收集单元从目标站点收集恶意链接的统一资源定位符（URL）。 恶意链接分析单元根据收集的URL分析呼叫关联，并通过模式匹配分析恶意链接。 恶意链路跟踪单元跟踪恶意链路的实时变化状态。

公开(公告)号：US20150150132A1

公开(公告)日：2015-05-28

申请号：US14470119

申请日：2014-08-27

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Taek kyu LEE ,  Geun Yong KIM ,  Seok won LEE ,  Myeong Ryeol CHOI ,  Hyung Geun OH ,  KiWook SOHN

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0236 ,  H04L63/1408 ,  H04L63/1441

Abstract: Disclosed herein is an Intrusion Detection System (IDS) false positive detection apparatus and method. An IDS false positive detection apparatus includes a payload extraction unit for extracting payloads by dividing each packet corresponding to an IDS detection rule into a header and a payload. A false positive payload information generation unit generates false positive payload information required to identify a false positive payload by extracting a payload of a false positive packet based on results of packet analysis received from a manager. A false positive payload determination unit transmits results of a determination of whether each payload extracted by the payload extraction unit corresponds to a false positive payload, based on the false positive payload information, to the manager.

Abstract translation: 本文公开了入侵检测系统（IDS）假阳性检测装置和方法。 IDS假阳性检测装置包括有效载荷提取单元，用于通过将对应于IDS检测规则的每个分组划分成报头和有效载荷来提取有效载荷。 假正负载信息生成单元基于从管理器接收到的分组结果的结果，提取伪阳性分组的有效载荷，生成用于识别假正负载所需的假正负载信息。 假正负载确定单元向管理者发送确定由有效载荷提取单元提取的每个有效载荷是否基于假正负载信息对应于假正有效载荷的结果。

公开(公告)号：US20150066947A1

公开(公告)日：2015-03-05

申请号：US14336491

申请日：2014-07-21

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Taek kyu LEE ,  Geun Yong KIM ,  Suk won LEE ,  Kyu Cheol JUNG ,  SoonJwa HONG ,  In seog SEO

IPC: G06F17/30

CPC classification number: G06F21/552 ,  H04L63/1425

Abstract: An indexing apparatus and method for search of security monitoring data are provided. The indexing apparatus includes a data collection unit and a data index generation unit. The data collection unit collects data, that is, a basis of search of monitoring information, from a database in which security monitoring data has been stored. The data index generation unit generates file structure-based data in which indices have assigned to multiple search elements of the data collected by the data collection unit.

Abstract translation: 提供了一种用于搜索安全监控数据的索引设备和方法。 索引装置包括数据收集单元和数据索引生成单元。 数据收集单元从已经存储有安全监视数据的数据库中收集数据，即监视信息的搜索的基础。 数据索引生成单元生成基于文件结构的数据，其中索引已经分配给由数据收集单元收集的数据的多个搜索元素。

公开(公告)号：US20150139539A1

公开(公告)日：2015-05-21

申请号：US14467677

申请日：2014-08-25

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Taek kyu LEE ,  Geun Yong KIM ,  Seok won LEE ,  Myeong Ryeol CHOI ,  Hyung Geun OH ,  KiWook SOHN

IPC: G06K9/00 ,  G06K9/62 ,  G06K9/72

CPC classification number: G06K9/00469 ,  G06K9/344 ,  G06K9/723 ,  G06K2209/01

Abstract: An apparatus and method for detecting forgery/falsification of a homepage. The apparatus includes a homepage image shot generation module for generating homepage image shots of an entire screen of an accessed homepage. A character string extraction module extracts character strings from each homepage image shot using an OCR technique. A character string comparison module compares each of the extracted character strings with character strings required for determination of homepage forgery/falsification, thus determining whether the extracted character string is a normal character string or a falsified character string. A homepage falsification determination module determines whether the corresponding homepage has been forged/falsified, based on results of the comparison. A character string learning module learns the character string extracted from the homepage image shot, based on results of the determination, and classifies the character string as the normal character string or the falsified character string.

Abstract translation: 一种用于检测主页伪造/伪造的装置和方法。 该装置包括用于生成访问的主页的整个屏幕的主页图像拍摄的主页图像拍摄生成模块。 字符串提取模块使用OCR技术从每个主页图像提取字符串。 字符串比较模块将每个提取的字符串与确定主页伪造/伪造所需的字符串进行比较，从而确定提取的字符串是正常字符串还是伪造的字符串。 主页伪造确定模块根据比较结果确定相应的主页是否已被伪造/伪造。 字符串学习模块基于确定的结果来学习从主页图像提取的字符串，并将字符串分类为正常字符串或伪造的字符串。