公开(公告)号：US07417951B2

公开(公告)日：2008-08-26

申请号：US10934545

申请日：2004-09-03

申请人： Gaeil An ,  Ki Young Kim ,  Jong Soo Jang

发明人： Gaeil An ,  Ki Young Kim ,  Jong Soo Jang

IPC分类号： H04L12/28

CPC分类号： H04L47/10 ,  H04L47/11 ,  H04L47/12 ,  H04L47/29 ,  H04L63/1458

摘要： Provided are an apparatus and method for limiting bandwidths of burst aggregate flows according to the present invention. The apparatus comprises: a bandwidth measuring unit measuring a bandwidth of at least one input aggregate flow; a grade determining unit determining abnormal grades according to abnormal levels of the input aggregate flows; a bandwidth limit determining unit determining a bandwidth volume and aggregate flow to be limited; a bandwidth limiting unit inputting a result determined by the bandwidth limit determining unit, limiting or releasing a bandwidth of a aggregate flow selected among the input aggregate flows and outputting the selected aggregate flow; and a status information storage unit storing status information including a usage bandwidth, an abnormal grade, and a limited bandwidth volume of the input aggregate flow. Accordingly, the apparatus and method provide an effect of dropping attack aggregate flows corresponding to excessive traffic while not influencing normal aggregate flows.

摘要翻译： 提供了根据本发明的用于限制突发集束流的带宽的装置和方法。 该装置包括：带宽测量单元，测量至少一个输入聚合流的带宽; 等级确定单元根据输入的总流的异常水平确定异常等级; 带宽限制确定单元，确定要限制的带宽量和聚合流; 带宽限制单元，输入由所述带宽限制确定单元确定的结果，限制或释放在所述输入聚合流中选择的聚合流的带宽并输出所选择的聚合流; 以及状态信息存储单元，其存储包括输入聚合流的使用带宽，异常等级和有限带宽量的状态信息。 因此，该装置和方法提供了在不影响正常聚合流的情况下，减少对应于过多流量的攻击聚合流的效果。

公开(公告)号：US20120167163A1

公开(公告)日：2012-06-28

申请号：US13324482

申请日：2011-12-13

申请人： Sun Hee Lim ,  Gaeil An ,  Sungwon Yi ,  Ki Young Kim ,  Jonghyun Kim ,  Dong il Seo

发明人： Sun Hee Lim ,  Gaeil An ,  Sungwon Yi ,  Ki Young Kim ,  Jonghyun Kim ,  Dong il Seo

IPC分类号： G06F21/00

CPC分类号： G06F21/577

摘要： An apparatus for quantitatively evaluating security policy includes: a security policy analyzing unit for analyzing a security policy of a network; an evaluation criterion defining unit for defining an evaluation criterion for categorizing security features and evaluating each of the security features; an evaluation result calculating unit for calculating an evaluation result of each of security components based on the evaluation criterion; an indicator calculating unit for grouping the security components according to a security function and calculating an indicator by considering a security function of each group; and a quantitative evaluating unit for evaluating a security policy of the each group by using the indicator.

摘要翻译： 一种用于定量评估安全策略的装置包括：安全策略分析单元，用于分析网络的安全策略; 评估标准定义单元，用于定义用于对安全特征进行分类并评估每个安全特征的评估标准; 评估结果计算单元，用于基于评估标准来计算每个安全成分的评估结果; 指示器计算单元，用于根据安全功能对安全组件进行分组，并通过考虑每个组的安全功能来计算指标; 以及通过使用指标来评估每个组的安全策略的定量评估单元。

公开(公告)号：US20120110633A1

公开(公告)日：2012-05-03

申请号：US13182972

申请日：2011-07-14

申请人： Gaeil An ,  Sungwon Yi ,  Ki Young Kim ,  Jonghyun Kim

发明人： Gaeil An ,  Sungwon Yi ,  Ki Young Kim ,  Jonghyun Kim

IPC分类号： G06F17/00 ,  H04L29/06

CPC分类号： H04L63/0263 ,  H04L63/1408

摘要： Provided are a security information sharing apparatus capable of sharing security information among network domains and a method thereof. The security information sharing apparatus includes a primitive security information storage unit configured to store primitive security information to be shared with other network domains, an information sharing policy storage unit configured to store an information sharing policy for information to be shared, an information masking policy storage unit configured to store an information masking policy for information not to be opened to the other network domain, a domain selector configured to select the other network domain to receive the shared security information, a shared security information generator configured to generate shared security information for the selected other network domain by applying the information sharing policy to the primitive security information, an information masking unit configured to mask information not to be opened in the generated security information according to the information masking policy, a protocol message generator configured to generate a protocol message for the shared security information subjected to the information masking, to be transmitted, and a protocol message transmitter configured to transmit the protocol message to the selected other network domain.

摘要翻译： 提供能够在网络域之间共享安全信息的安全信息共享装置及其方法。 安全信息共享装置包括：原始安全信息存储单元，被配置为存储要与其他网络域共享的原始安全信息;信息共享策略存储单元，被配置为存储用于要共享的信息的信息共享策略，信息屏蔽策略存储 被配置为存储用于不被打开的信息的信息屏蔽策略的单元，被配置为选择其他网络域以接收所述共享安全信息的域选择器，被配置为生成所述共享安全信息的共享安全信息生成器， 通过将信息共享策略应用于原始安全信息来选择其他网络域，信息掩蔽单元，被配置为根据信息屏蔽策略屏蔽所生成的安全信息中不被打开的信息;协议消息生成器，被配置为生成 用于被发送的信息屏蔽的共享安全信息的协议消息以及被配置为将协议消息发送到所选择的其他网络域的协议消息发送器。

公开(公告)号：US20120137361A1

公开(公告)日：2012-05-31

申请号：US13198215

申请日：2011-08-04

申请人： Sungwon YI ,  Ki Young Kim ,  Gaeil An ,  Jonghyun Kim

发明人： Sungwon YI ,  Ki Young Kim ,  Gaeil An ,  Jonghyun Kim

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： G06F21/554 ,  G06T11/206 ,  H04L41/0213 ,  H04L41/22 ,  H04L63/1408 ,  H04W4/021

摘要： A network security control system includes: a network event generator for generating network events; a security event processing apparatus for collecting the network events from the network event generator via a network and processing the collected network events as a target data for visualization; and a visualization processing apparatus for visualizing the target data to display a security status as a third-dimensional (3D) visualization information on an organization basis.

摘要翻译： 网络安全控制系统包括：网络事件发生器，用于生成网络事件; 安全事件处理装置，用于经由网络从网络事件发生器收集网络事件，并将所收集的网络事件作为目标数据进行可视化处理; 以及可视化处理装置，用于将目标数据可视化，以在组织的基础上显示作为第三维（3D）可视化信息的安全状态。

公开(公告)号：US07571477B2

公开(公告)日：2009-08-04

申请号：US11088975

申请日：2005-03-24

申请人： Jintae Oh ,  Seung Won Shin ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Jintae Oh ,  Seung Won Shin ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F21/00

CPC分类号： H04L63/1408

摘要： In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.

摘要翻译： 在实时网络攻击模式检测系统和方法中，从被怀疑是网络攻击（如蠕虫）的数据包实时检测到一个共同的模式，以有效地阻止攻击。 该系统包括：可疑包检测器，用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元，用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元，用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器，用于接收可疑包检测器的输出数据，第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表，用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。

公开(公告)号：US07933403B2

公开(公告)日：2011-04-26

申请号：US11634480

申请日：2006-12-06

申请人： Sang Woo Lee ,  Yong Sung Jeon ,  Ki Young Kim ,  Jong Soo Jang

发明人： Sang Woo Lee ,  Yong Sung Jeon ,  Ki Young Kim ,  Jong Soo Jang

IPC分类号： H04L9/06

CPC分类号： H04L9/0631 ,  H04L2209/122

摘要： Disclosed is an Academy, Research Institute, and Agency (ARIA) encryption/decryption apparatus for encrypting and decrypting input data by repeating a plurality of rounds. The ARIA encryption/decryption apparatus includes a first register storing input data or an intermediate calculation value according to a first control signal; a second register storing a input round key for every round; an exclusive OR operation unit performing an exclusive OR operation on values stored in the first and second registers; a substitution unit substituting a result of the exclusive OR operation on a basis of an ARIA substitution algorithm; a diffusion unit diffusing a result of the substitution in the substitution unit on a basis of an ARIA diffusion algorithm if a current round is not a final round; and a control unit outputting the first control signal so that an output of the diffusion unit is used as the intermediate calculation value if the current round is the final round or an output of the substitution unit is used as the intermediate calculation value if the current round is the final round, and outputting an output of the exclusive OR operation unit as a result of the ARIA encryption/decryption.

摘要翻译： 公开了一种用于通过重复多次轮加密和解密输入数据的Academy，Research Institute和Agency（ARIA）加密/解密装置。 ARIA加密/解密装置包括根据第一控制信号存储输入数据或中间计算值的第一寄存器; 存储每轮的输入循环密钥的第二寄存器; 异或运算单元对存储在第一和第二寄存器中的值执行异或运算; 替代单元基于ARIA替换算法代替异或运算的结果; 如果当前轮次不是最后一轮，则扩散单元基于ARIA扩散算法在取代单元中扩散取代的结果; 以及控制单元，如果当前轮次是最后一轮，则使用扩散单元的输出作为中间计算值，或者如果当前轮次使用替代单位的输出作为中间计算值，则输出第一控制信号 是最后一轮，并且作为ARIA加密/解密的结果输出异或运算单元的输出。

公开(公告)号：US20070177728A1

公开(公告)日：2007-08-02

申请号：US11634480

申请日：2006-12-06

申请人： Sang Woo Lee ,  Yong Sung Jeon ,  Ki Young Kim ,  Jong Soo Jang

发明人： Sang Woo Lee ,  Yong Sung Jeon ,  Ki Young Kim ,  Jong Soo Jang

IPC分类号： H04K1/06

CPC分类号： H04L9/0631 ,  H04L2209/122

摘要： Disclosed is an Academy, Research Institute, and Agency (ARIA) encryption/decryption apparatus for encrypting and decrypting input data by repeating a plurality of rounds. The ARIA encryption/decryption apparatus includes a first register storing input data or an intermediate calculation value according to a first control signal; a second register storing a input round key for every round; an exclusive OR operation unit performing an exclusive OR operation on values stored in the first and second registers; a substitution unit substituting a result of the exclusive OR operation on a basis of an ARIA substitution algorithm; a diffusion unit diffusing a result of the substitution in the substitution unit on a basis of an ARIA diffusion algorithm if a current round is not a final round; and a control unit outputting the first control signal so that an output of the diffusion unit is used as the intermediate calculation value if the current round is the final round or an output of the substitution unit is used as the intermediate calculation value if the current round is the final round, and outputting an output of the exclusive OR operation unit as a result of the ARIA encryption/decryption.

摘要翻译： 公开了一种用于通过重复多次轮加密和解密输入数据的Academy，Research Institute和Agency（ARIA）加密/解密装置。 ARIA加密/解密装置包括根据第一控制信号存储输入数据或中间计算值的第一寄存器; 存储每轮的输入循环密钥的第二寄存器; 异或运算单元对存储在第一和第二寄存器中的值执行异或运算; 替代单元基于ARIA替换算法代替异或运算的结果; 如果当前轮次不是最后一轮，则扩散单元基于ARIA扩散算法在取代单元中扩散取代的结果; 以及控制单元，如果当前轮次是最后一轮，则使用扩散单元的输出作为中间计算值，或者如果当前轮次使用替代单位的输出作为中间计算值，则输出第一控制信号 是最后一轮，并且作为ARIA加密/解密的结果输出异或运算单元的输出。

公开(公告)号：US07433357B2

公开(公告)日：2008-10-07

申请号：US10993606

申请日：2004-11-19

申请人： Jintae Oh ,  Seung Won Shin ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Jintae Oh ,  Seung Won Shin ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： H04L12/50

CPC分类号： H04L45/00 ,  H04L45/54 ,  H04L45/62

摘要： An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.

摘要翻译： 提供了一种用于基于顺序查找来执行分组报头查找的装置和方法。 报头分析器将报头与经由网络接收的分组分离，并输出查找序列。 单元查找单元根据从标题分析器输入的查找序列查找与标题组合规则与要分析的每个字段和从标题分析器输入的匹配，并输出匹配信号和匹配地址。 规则组合存储器存储标题组合规则的标识信息。 序列组合存储器存储查找序列信息和序列组合信息。 规则组合单元基于从单元查找单元输入的匹配信号和从规则组合存储器和序列组合存储器读取的数据产生匹配结果。

公开(公告)号：US07386733B2

公开(公告)日：2008-06-10

申请号：US10448414

申请日：2003-05-30

申请人： Seung Yong Yoon ,  Gae II Ahn ,  Ki Young Kim ,  Jong Soo Jang

发明人： Seung Yong Yoon ,  Gae II Ahn ,  Ki Young Kim ,  Jong Soo Jang

IPC分类号： G06F11/00 ,  G06F12/14 ,  H04B17/00 ,  H04L29/06 ,  G06F11/30

CPC分类号： H04L63/1408

摘要： An alert transmission apparatus for a policy-based intrusion detection and response has a central policy server (CPS) and an intrusion detection and response system (IDRS). In the CPS, a policy management tool generates security policy information and then stores the generated security policy information in a policy repository. A COPS-IDR server sends the information to the IDRS and an IDMEF-XML-type alert transmission message to a high-level module. An IDMEF-XML message parsing and translation module stores a parsed and translated IDMEF-XML-type alert transmission message in an alert DB or provides the message to an alert viewer. In the IDRS, a COPS-IDR client generates the IDMEF-XML-type alert transmission message and provides the message to the CPS. An intrusion detection module detects an intrusion. An intrusion response module responds to the intrusion. An IDMEF-XML message building module generates an IDMEF-XML alert message and provides the message to the COPS-IDR client.

摘要翻译： 用于基于策略的入侵检测和响应的警报传输装置具有中央策略服务器（CPS）和入侵检测和响应系统（IDRS）。 在CPS中，策略管理工具生成安全策略信息，然后将生成的安全策略信息存储在策略存储库中。 COPS-IDR服务器将信息发送到IDRS和IDMEF-XML型警报传输消息到高级模块。 IDMEF-XML消息解析和翻译模块将解析和翻译的IDMEF-XML类型警报传输消息存储在警报DB中，或者将消息提供给警报查看器。 在IDRS中，COPS-IDR客户端生成IDMEF-XML类型的警报传输消息，并将消息提供给CPS。 入侵检测模块检测入侵。 入侵响应模块响应入侵。 IDMEF-XML消息构建模块生成IDMEF-XML警报消息，并将消息提供给COPS-IDR客户端。

公开(公告)号：US07565693B2

公开(公告)日：2009-07-21

申请号：US11023384

申请日：2004-12-29

申请人： Seung Won Shin ,  Jintae Oh ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Seung Won Shin ,  Jintae Oh ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/00

CPC分类号： H04L63/1416 ,  H04L63/12 ,  H04L69/22

摘要： The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.

摘要翻译： 本发明涉及网络入侵检测和预防系统。 该系统包括：基于签名的检测装置; 基于异常行为的检测装置; 以及设置在基于签名的检测装置和基于异常行为的检测装置之间的新的签名创建和验证装置，其中如果基于异常行为的检测装置检测到网络攻击可疑包，则新的签名创建和验证装置收集并搜索 检测出公用信息的可疑包，然后根据搜索到的公共信息创建新的签名，同时验证创建的新签名是否适用于基于签名的检测装置，然后注册创建的新的 如果确定所创建的新签名是可应用的，则签名到基于签名的检测设备。