公开(公告)号：US11115202B2

公开(公告)日：2021-09-07

申请号：US16654738

申请日：2019-10-16

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sang Jae Lee ,  Mi Kyung Oh ,  You Sung Kang ,  Ik Kyun Kim ,  Doo Ho Choi

IPC: H04L9/00 ,  H04L9/08 ,  H03K19/096 ,  H03L7/099 ,  H04L9/32 ,  H04L17/02

Abstract: Disclosed is a method of generating secret information on the basis of a ring oscillator. According to an embodiment of the present disclosure, there is provided an apparatus for generating secret information on the basis of a ring oscillator, the apparatus including: multiple PUF information generation units each including at least one ring oscillator cell and generating physically unclonable function (PUF) information generated by the at least one ring oscillator cell; a phase checking unit cross-checking phases for the multiple pieces of the PUF information that are output from the multiple PUF information generation units, respectively; and a secret key generation unit outputting secret key information based on a result of comparing the multiple phases received from the phase checking unit.

公开(公告)号：US10264004B2

公开(公告)日：2019-04-16

申请号：US15345354

申请日：2016-11-07

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung Tae Kim ,  Koo Hong Kang ,  Ik Kyun Kim

IPC: H04L12/26 ,  H04L29/06

Abstract: The method for tracking a cyber hacking is provided. The method of connection fingerprint generation and stepping-stone traceback based on NetFlow includes receiving a traceback request including IP packet attribute information of a victim and an attacker which corresponds to a target connection that is the last connection on a connection chain, generating a fingerprint for an associated connection based on the IP packet attribute information and requesting a NetFlow collector for relevant information, detecting a stepping-stone connection to the target connection which is generated at the time of generation of the fingerprint and instructing to check whether sorted candidate connections are present on the same connection chain as the target connection, and determining an order of the candidate connections based on an attacker host when the candidate connections are determined to be present on the same connection chain as the target connection.

公开(公告)号：US09374381B2

公开(公告)日：2016-06-21

申请号：US14249811

申请日：2014-04-10

Applicant: Electronics and Telecommunications Research Institute

Inventor： Jung Tae Kim ,  Min Ho Han ,  Jong Hoon Lee ,  Ik Kyun Kim ,  Hyun Sook Cho

IPC: G06F11/00 ,  G08B23/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1416 ,  H04L67/2842

Abstract: According to a method and system for real-time malware detection based on web browser plugin, the method and system may connect a web server of a web site through a web browser module, execute a security module through a browser plugin of the web site, update a database for a browser cache of the web site from the web server by the security module, cache a web content of the web site from the web server, match cache data of the web content with the database, and warn about the web content if data matched with the cache data of the web content does not exist in the database.

Abstract translation: 根据基于web浏览器插件的实时恶意软件检测方法和系统，该方法和系统可以通过Web浏览器模块连接网站的Web服务器，通过网站的浏览器插件执行安全模块， 通过安全模块从Web服务器更新网站的浏览器缓存的数据库，从Web服务器缓存网站的网页内容，将网页内容的缓存数据与数据库匹配，并提醒Web内容 如果数据库中不存在与Web内容的缓存数据匹配的数据。

公开(公告)号：US09298175B2

公开(公告)日：2016-03-29

申请号：US13933822

申请日：2013-07-02

Applicant: Electronics and Telecommunications Research Institute

Inventor： Byoung-Koo Kim ,  Dong Ho Kang ,  Seon-Gyoung Sohn ,  Youngjun Heo ,  Jung-Chan Na ,  Ik Kyun Kim

IPC: H04L12/26 ,  G05B15/02 ,  H04L29/06 ,  H04L12/40

CPC classification number: G05B15/02 ,  H04L63/0263 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20 ,  H04L2012/40228

Abstract: A method for detecting an abnormal traffic on a control system protocol, includes: checking whether session information exists in a management table; adding a new entry to the management table; checking whether a transaction ID in a table entry is the same as that of the received MODBUS request message; and checking whether data and length thereof of the received MODBUS request message are the same as those in the table entry. Further, the method includes detecting an abnormal traffic; and updating the table entry with packet information of the MODBUS request message.

Abstract translation: 一种用于检测控制系统协议上的异常业务的方法，包括：检查会话信息是否存在于管理表中; 在管理表中添加新条目; 检查表条目中的事务ID是否与接收的MODBUS请求消息的事务ID相同; 并检查其接收到的MODBUS请求消息的数据和长度是否与表条目中的相同。 此外，该方法包括检测异常业务; 以及使用所述MODBUS请求消息的分组信息更新所述表条目。