-
公开(公告)号:US20210165752A1
公开(公告)日:2021-06-03
申请号:US17104409
申请日:2020-11-25
Inventor: Dong Wook KANG , Dae Won KIM , Jin Yong LEE , Boo Sun JEON , Bo Heung CHUNG , Hong Il JU , Joong Yong CHOI , Ik Kyun KIM , Byeong Cheol CHOI
IPC: G06F13/24
Abstract: An electronic device includes a peripheral device, a processor, an interrupt controller configured to manage interrupts generated by the peripheral device and the processor on the basis of a register, and a virtualizer, wherein the virtualizer may be configured to virtualize a portion of the processor and a portion of the at least one peripheral device to generate a first partition, generate first interrupt information corresponding to an interrupt usable in the first partition, generate first processor information corresponding to a portion of the processor usable in the first partition, check whether a configuration of the register is related to at least one of the first interrupt information and the first processor information when the register is configured by the first partition, and allow the configuration of the register when the configuration of the register is related to the at least one information.
-
公开(公告)号:US20200099704A1
公开(公告)日:2020-03-26
申请号:US16578511
申请日:2019-09-23
Inventor: Joo Young LEE , Ki Jong KOO , Ik Kyun KIM , Dae Sung MOON , Kyung Min PARK , Samuel WOO , Ho HWANG
Abstract: Disclosed are a method and apparatus for searching for an attack path. The apparatus generates an attack graph, generates an attack graph ontology, generates a semantic attack graph by imparting semantics to the attack graph on the basis of the attack graph ontology, and searches for the attack path on the basis of the semantic attack graph.
-
公开(公告)号:US20190394215A1
公开(公告)日:2019-12-26
申请号:US16202869
申请日:2018-11-28
Inventor: Jong-Hoon LEE , Youngsoo KIM , Ik Kyun KIM , Jung Tae KIM , Jonghyun KIM , Hyun Joo KIM , Jong Geun PARK , Sang-Min LEE , Sunoh CHOI
Abstract: A method and a computation apparatus detecting cyber threats using a neural network through steps of: generating a learning model by performing machine learning on training data based on baseline data, converting a security event collected in real time into input data for the neural network, and determining, as an output corresponding to the input data based on the learning model, whether the security event is normal or threat are provided.
-
公开(公告)号:US20190065776A1
公开(公告)日:2019-02-28
申请号:US16113530
申请日:2018-08-27
Inventor: Nam-Su JHO , Taek-Young YOUN , Dae Sung MOON , Ik Kyun KIM , Seung Hun JIN
IPC: G06F21/62
Abstract: In the present invention, by providing an apparatus for securing data comprising a memory for storing information for data processing, a processor configured to partition original data into a plurality of partial data and generate a plurality of divided data by randomly determining positions of each of the plurality of partial data within the original data, and a communication interface configured to transmit each of the plurality of divided data to each of a plurality of servers, respectively, if an attacker obtains a portion of the divided data, it prevents the entire original data from being restored, and the legitimate user can restore the original data accurately even if some divided data is corrupted, and provides an efficient data polymorphic dividing technique that can minimize the amount of calculation required to secure data.
-
公开(公告)号:US20190012459A1
公开(公告)日:2019-01-10
申请号:US15963906
申请日:2018-04-26
Inventor: Doo Ho CHOI , Ik Kyun KIM , Jonghyun KIM , Taesung KIM , Seung Hun JIN
Abstract: A ransomware detection apparatus and an operation method thereof are provided. The ransomware detection apparatus may include a frequency converter receiving an OP code currently being executed in a CPU and converting a value of the OP code into a frequency domain to generate a first OP code frequency waveform, a memory storing a second OP code frequency waveform, which is a value obtained by converting the OP code corresponding to a ransomware encryption algorithm into a frequency domain, and a ransomware determiner comparing the first OP code frequency waveform with the second OP code frequency waveform to determine whether ransomware operates.
-
Patent Agency Ranking
16.发明申请公开(公告)号:US20170257386A1
公开(公告)日:2017-09-07
申请号:US15251134
申请日:2016-08-30
Inventor: Jung Tae KIM , Koo Hong KANG , Ik Kyun KIM
IPC: H04L29/06
CPC classification number: H04L63/1425 , H04L63/1458
Abstract: Disclosed is an apparatus of detecting a distributed reflection denial of service attack, including: a monitoring unit obtaining flow information including an IP and a port number of a source, an IP and a port number of a destination of data, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit detecting the DRDoS attack by using at least one of the number and the size of packets of the first entry and the flow information of the first entry.
-
17.发明申请公开(公告)号:US20170134413A1
公开(公告)日:2017-05-11
申请号:US15345354
申请日:2016-11-07
Inventor: Jung Tae KIM , Koo Hong KANG , Ik Kyun KIM
CPC classification number: H04L63/1425 , H04L43/026 , H04L43/04 , H04L43/10 , H04L2463/146
Abstract: The method for tracking a cyber hacking is provided. The method of connection fingerprint generation and stepping-stone traceback based on NetFlow includes receiving a traceback request including IP packet attribute information of a victim and an attacker which corresponds to a target connection that is the last connection on a connection chain, generating a fingerprint for an associated connection based on the IP packet attribute information and requesting a NetFlow collector for relevant information, detecting a stepping-stone connection to the target connection which is generated at the time of generation of the fingerprint and instructing to check whether sorted candidate connections are present on the same connection chain as the target connection, and determining an order of the candidate connections based on an attacker host when the candidate connections are determined to be present on the same connection chain as the target connection.
-
18.发明申请SYSTEM AND METHOD FOR REAL-TIME MALWARE DETECTION BASED ON WEB BROWSER PLUGIN 有权基于WEB浏览器插件的实时恶意软件检测系统及方法公开(公告)号:US20150188936A1
公开(公告)日:2015-07-02
申请号:US14249811
申请日:2014-04-10
Inventor: Jung Tae KIM , Min Ho HAN , Jong Hoon LEE , Ik Kyun KIM , Hyun Sook CHO
IPC: H04L29/06
CPC classification number: H04L63/1416 , H04L67/2842
Abstract: According to a method and system for real-time malware detection based on web browser plugin, the method and system may connect a web server of a web site through a web browser module, execute a security module through a browser plugin of the web site, update a database for a browser cache of the web site from the web server by the security module, cache a web content of the web site from the web server, match cache data of the web content with the database, and warn about the web content if data matched with the cache data of the web content does not exist in the database.
Abstract translation: 根据基于web浏览器插件的实时恶意软件检测方法和系统,该方法和系统可以通过Web浏览器模块连接网站的Web服务器,通过网站的浏览器插件执行安全模块, 通过安全模块从Web服务器更新网站的浏览器缓存的数据库,从Web服务器缓存网站的网页内容,将网页内容的缓存数据与数据库匹配,并提醒Web内容 如果数据库中不存在与Web内容的缓存数据匹配的数据。
-
公开(公告)号:US20140304817A1
公开(公告)日:2014-10-09
申请号:US14154888
申请日:2014-01-14
Inventor: Byoung-Koo KIM , Yangseo CHOI , Ik Kyun KIM
IPC: H04L29/06
CPC classification number: H04L63/1408 , H04L63/1458 , H04L63/1466 , H04L67/02 , H04W12/00502
Abstract: A method for detecting a slow read DoS attack in a virtualized environment, the method comprising: receiving a connection request packet transmitted from a client to a server using a web protocol; checking whether the received packet is a TCP SYN packet or a packet of an HTTP GET request message; when it is checked that the received packet is the packet of the HTTP GET request message, detecting whether the received packet is a packet for the slow read DoS attack by analyzing a window size of the HTTP GET request message.
Abstract translation: 一种用于在虚拟化环境中检测慢速读取DoS攻击的方法,所述方法包括:使用web协议从所述客户端发送到服务器的连接请求包; 检查接收的分组是否是TCP SYN分组或HTTP GET请求消息的分组; 当检查接收到的分组是HTTP GET请求消息的分组时,通过分析HTTP GET请求消息的窗口大小来检测接收到的分组是否是用于慢速读取DoS攻击的分组。
-
公开(公告)号:US20140297004A1
公开(公告)日:2014-10-02
申请号:US13933822
申请日:2013-07-02
Inventor: Byoung-Koo KIM , Dong Ho KANG , Seon-Gyoung SOHN , Youngjun HEO , Jung-Chan NA , Ik Kyun KIM
IPC: G05B15/02
CPC classification number: G05B15/02 , H04L63/0263 , H04L63/1408 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L2012/40228
Abstract: A method for detecting an abnormal traffic on a control system protocol, includes: checking whether session information exists in a management table; adding a new entry to the management table; checking whether a transaction ID in a table entry is the same as that of the received MODBUS request message; and checking whether data and length thereof of the received MODBUS request message are the same as those in the table entry. Further, the method includes detecting an abnormal traffic; and updating the table entry with packet information of the MODBUS request message.
Abstract translation: 一种用于检测控制系统协议上的异常业务的方法,包括:检查会话信息是否存在于管理表中; 在管理表中添加新条目; 检查表条目中的事务ID是否与接收的MODBUS请求消息的事务ID相同; 并检查其接收到的MODBUS请求消息的数据和长度是否与表条目中的相同。 此外,该方法包括检测异常业务; 以及使用所述MODBUS请求消息的分组信息更新所述表条目。
-
-
-
-
-
-
-
-
-
Search Results
20
records
(took 0.023 seconds)
