利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

31 条记录 (耗时 0.021 秒)

    Method and system for providing network monitoring, security event collection apparatus and service abnormality detection apparatus for network monitoring
    21.
    发明授权
    Method and system for providing network monitoring, security event collection apparatus and service abnormality detection apparatus for network monitoring 有权
    用于网络监控的方法和系统,用于网络监控的安全事件收集装置和业务异常检测装置

    公开(公告)号:US08775613B2

    公开(公告)日:2014-07-08

    申请号:US13272687

    申请日:2011-10-13

    申请人: Beom Hwan Chang Chi Yoon Jeong Seon-Gyoung Sohn

    发明人: Beom Hwan Chang Chi Yoon Jeong Seon-Gyoung Sohn

    IPC分类号: G06F15/173

    CPC分类号: H04L63/1425 H04L43/00 H04L43/045

    摘要: A network monitoring system includes: a traffic information generating apparatus for generating traffic information. Further, the network monitoring system includes a security event collecting apparatus for collecting the traffic information generated by the traffic information generating apparatus by referring to pre-stored traffic information, grouping the collected traffic information, and then extracting service information. Furthermore, the network monitoring system includes a service abnormal condition detecting apparatus for detecting a port number of a transport layer of service information extracted from the security event collecting apparatus and the occurrence frequency of the transport layer, determining the continuity of the port number and the uniformity of the occurrence frequency, and displaying a service abnormal condition.

    摘要翻译: 网络监控系统包括:交通信息生成装置,用于产生交通信息。 此外,网络监视系统包括:安全事件收集装置,用于通过参考预先存储的交通信息,分组所收集的交通信息,然后提取服务信息来收集由交通信息产生装置产生的交通信息。 此外,网络监视系统包括:服务异常状况检测装置,用于检测从安全事件收集装置提取的服务信息的传输层的端口号和传输层的出现频率,确定端口号的连续性和 发生频率的均匀性,并显示服务异常状况。

    Log-based traceback system and method using centroid decomposition technique
    22.
    发明授权
    Log-based traceback system and method using centroid decomposition technique 有权
    基于Log的追溯系统和使用重心分解技术的方法

    公开(公告)号:US08307441B2

    公开(公告)日:2012-11-06

    申请号:US12669633

    申请日:2007-11-21

    申请人: Jong Hyun Kim Geon Lyang Kim Seon Gyoung Sohn Beom Hwan Chang Chi Yoon Jeong Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    发明人: Jong Hyun Kim Geon Lyang Kim Seon Gyoung Sohn Beom Hwan Chang Chi Yoon Jeong Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    IPC分类号: G06F11/34

    CPC分类号: H04L45/00 H04L45/12 H04L63/1416 H04L63/1425 H04L63/1441 H04L2463/146

    摘要: There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack.

    摘要翻译: 提供了一种通过使用质心分解技术跟踪攻击者的系统和方法,该系统包括:日志数据输入模块,从入侵检测系统收集入侵警报的日志数据; 质心节点检测模块,通过对网络管理服务器收集的网络路由器连接信息应用最短路径算法,生成最短路径树,通过应用质心分解技术检测质心节点,去除叶节点到最短路径树,并生成 每个级别的节点是检测到的质心节点的质心树; 以及回溯处理模块,请求与质心树的每个级别的节点匹配的路由器的日志数据,并且通过比较来跟踪与收集的入侵警报器的日志数据相同的路由器作为连接到攻击者的源的路由器 路由器的日志数据与收集的入侵报警的日志数据。 根据系统和方法,可以快速地检测到导致安全入侵事件的攻击者,系统上的负载减少,并且易于识别暴露于危险或具有弱点的通道主机,从而容易地应对攻击。

    METHOD AND SYSTEM FOR PROVIDING INTELLIGENT ACCESS MONITORING, INTELLIGENT ACCESS MONITORING APPARATUS
    23.
    发明申请
    METHOD AND SYSTEM FOR PROVIDING INTELLIGENT ACCESS MONITORING, INTELLIGENT ACCESS MONITORING APPARATUS 审中-公开
    提供智能接入监控的智能接入监控装置的方法和系统

    公开(公告)号:US20120147179A1

    公开(公告)日:2012-06-14

    申请号:US13314421

    申请日:2011-12-08

    申请人: Geon Lyang KIM Beom Hwan CHANG

    发明人: Geon Lyang KIM Beom Hwan CHANG

    IPC分类号: H04N7/18

    CPC分类号: H04N7/18 G06F16/70 G07C9/00087 H04L67/02 H04L67/18 H04L67/306 H04N5/76

    摘要: A system for intelligent access monitoring includes: an access control apparatus for detecting and managing an access of a visitor, the access control apparatus generating a access event information when detecting the access; a video security apparatus for managing an video information and a location information of the visitor; and an access monitoring apparatus for receiving the access event information, the video information and the location information via a network, generating a access monitoring profile information based on the access event information, and generating a mapping information where the access monitoring profile information is mapped with the video information and the location information.

    摘要翻译: 一种用于智能访问监控的系统,包括:用于检测和管理访问者访问的访问控制装置,所述访问控制装置在检测访问时产生访问事件信息; 用于管理视频信息和访问者的位置信息的视频安全装置; 以及访问监视装置,用于经由网络接收访问事件信息,视频信息和位置信息,基于访问事件信息生成访问监控简档信息,并且生成映射信息,其中访问监视简档信息被映射到 视频信息和位置信息。

    APPARATUS AND METHOD OF MANAGING OBJECTS AND EVENTS WITH VECTOR-BASED GEOGRAPHIC INFORMATION SYSTEM
    25.
    发明申请
    APPARATUS AND METHOD OF MANAGING OBJECTS AND EVENTS WITH VECTOR-BASED GEOGRAPHIC INFORMATION SYSTEM 审中-公开
    使用基于矢量的地理信息系统管理物体和事件的装置和方法

    公开(公告)号:US20110122132A1

    公开(公告)日:2011-05-26

    申请号:US12782891

    申请日:2010-05-19

    申请人: Geon Lyang KIM Beom Hwan Chang Chi Yoon Jeong

    发明人: Geon Lyang KIM Beom Hwan Chang Chi Yoon Jeong

    IPC分类号: G08B5/22 G06T17/00

    CPC分类号: G06T17/05

    摘要: Provided are an apparatus and method of managing objects and events for easily enabling intuitive management and the recognition of cases in linkage with geographic information. The apparatus links objects and events to geographic information with a vector-based GIS to display them on a vector-based digital map, thereby providing an intuitive and realistic interface to a manager. Accordingly, the apparatus can display a more accurate location than an image-based map, and can select a kind of map information that is desired by a user to configure a map screen.

    摘要翻译: 提供了一种管理对象和事件的装置和方法,用于容易地实现与地理信息相关联的直观管理和识别。 该装置使用基于矢量的GIS将对象和事件链接到地理信息,以在基于矢量的数字地图上显示它们,从而为管理者提供直观和逼真的界面。 因此,该装置可以显示比基于图像的地图更准确的位置,并且可以选择用户期望配置地图画面的一种地图信息。

    APPARATUS AND METHOD FOR DETECTING NETWORK ATTACK BASED ON VISUAL DATA ANALYSIS
    26.
    发明申请
    APPARATUS AND METHOD FOR DETECTING NETWORK ATTACK BASED ON VISUAL DATA ANALYSIS 审中-公开
    基于视觉数据分析检测网络攻击的装置和方法

    公开(公告)号:US20110016525A1

    公开(公告)日:2011-01-20

    申请号:US12630672

    申请日:2009-12-03

    申请人: Chi Yoon Jeong Beom-Hwan Chang Seon-Gyoung Sohn Johg Ho Ryu Geon Lyang Kim Jonghyun Kim Jung-Chan Na Hyun sook Cho

    发明人: Chi Yoon Jeong Beom-Hwan Chang Seon-Gyoung Sohn Johg Ho Ryu Geon Lyang Kim Jonghyun Kim Jung-Chan Na Hyun sook Cho

    IPC分类号: G06F21/00 G06K9/68

    CPC分类号: H04L63/1425

    摘要: An apparatus for detecting a network attack includes a traffic image generator for generating a traffic image using traffic information and additional IP information extracted from the traffic information; a network attack detector for comparing similarities between the traffic image and a previously generated traffic image based on a predetermined similarity threshold to detect the presence of the network attack; and a network attack analyzer for analyzing the traffic image at a time when the network attack is detected to detect network attack information and pattern information of the network attack. A representation unit for visualizing the network attack information and the pattern information of the network attack.

    摘要翻译: 用于检测网络攻击的装置包括业务图像生成器,用于使用从业务信息提取的业务信息和附加IP信息来生成业务图像; 网络攻击检测器,用于基于预定的相似性阈值来比较业务图像和先前生成的业务图像之间的相似性,以检测网络攻击的存在; 以及网络攻击分析器,用于在检测到网络攻击时分析流量图像,以检测网络攻击信息和网络攻击的模式信息。 用于可视化网络攻击信息和网络攻击的模式信息的表示单元。

    Network status display device and method using traffic pattern map
    27.
    发明授权
    Network status display device and method using traffic pattern map 有权
    网络状态显示设备和使用流量模式图的方法

    公开(公告)号:US07849187B2

    公开(公告)日:2010-12-07

    申请号:US11527850

    申请日:2006-09-26

    申请人: Beom Hwan Chang Jung Chan Na Geon Lyang Kim Dong Young Kim Jin Oh Kim Hyun Joo Kim Hyo Chan Bang Soo Hyung Lee Seon Gyoung Shon Jong Soo Jang Sung Won Sohn

    发明人: Beom Hwan Chang Jung Chan Na Geon Lyang Kim Dong Young Kim Jin Oh Kim Hyun Joo Kim Hyo Chan Bang Soo Hyung Lee Seon Gyoung Shon Jong Soo Jang Sung Won Sohn

    IPC分类号: G06F15/16

    CPC分类号: H04L43/028 H04L43/062 H04L43/16 H04L63/1408

    摘要: A network status display device using a traffic pattern map is provided. The device includes: a traffic feature extractor extracting a port number of a port having the maximum occupancy of micro-flows and macro-flows for each network address section and host address section with reference to traffic information collected by an external traffic information collector, calculating and storing an occupancy rate of the port; a traffic status display unit making a network traffic pattern map expressed by destination-source network addresses and a host traffic pattern map expressed by destination-source host addresses and displaying the port information stored in the traffic feature extractor on the network traffic pattern map and the host traffic pattern map; and a traffic anomaly determination unit determining whether a network status is abnormal with reference to the network traffic pattern map and the host traffic pattern map and detecting and reporting a harmful or abnormal traffic which causes the abnormal network status. The device can determine whether the anomaly deteriorating the network performance exists and can easily and quickly detect the harmful or abnormal traffic which causes the anomaly by the use of the port information of the port having the maximum occupancy of the micro-flows and the macro-flows for each network address section and each host address section.

    摘要翻译: 提供了使用业务模式图的网络状态显示设备。 该设备包括:流量特征提取器,参考由外部交通信息收集器收集的交通信息,提取每个网络地址部分和主机地址部分具有最大占用微流量和宏流量的端口的端口号,计算 并存储所述端口的占用率; 形成由目的地源网络地址表示的网络流量模式图的流量状态显示单元和由目的地 - 源主机地址表示的主机流量模式图,并且在网络流量模式图上显示存储在流量特征提取器中的端口信息,并且 主机流量模式图; 以及流量异常判定单元,基于网络流量模式图和主机流量模式图来判断网络状态是否异常,并检测并报告导致异常网络状态的有害或异常流量。 该设备可以确定异常是否存在网络性能恶化,并可以通过使用具有微流量最大占用端口的端口信息和宏观流量来轻松快速地检测导致异常的有害或异常流量, 每个网络地址部分和每个主机地址部分的流程。

    Network status display device and method using traffic flow-radar
    28.
    发明授权
    Network status display device and method using traffic flow-radar 有权
    网络状态显示装置及方法采用交通流雷达

    公开(公告)号:US07787394B2

    公开(公告)日:2010-08-31

    申请号:US11599909

    申请日:2006-11-15

    申请人: Beom Hwan Chang Jung Chan Na Geon Lyang Kim Dong Young Kim Jin Oh Kim Hyun Joo Kim Hyo Chan Bang Soo Hyung Lee Seon Gyoung Sohn Jong Soo Jang Sung Won Sohn

    发明人: Beom Hwan Chang Jung Chan Na Geon Lyang Kim Dong Young Kim Jin Oh Kim Hyun Joo Kim Hyo Chan Bang Soo Hyung Lee Seon Gyoung Sohn Jong Soo Jang Sung Won Sohn

    IPC分类号: H04L12/66 G01R31/08 H04W36/00

    CPC分类号: H04L43/045 H04L43/0817 H04L43/16

    摘要: A network status display device using a traffic flow-radar is provided. The network status display device includes: a traffic feature extractor calculating flow occupancy rates for total flows, micro-flows and macro-flows with respect to each of a plurality of traffic features with reference to traffic information for each traffic feature such as a network address, a port, a transmitting/receiving host address or a protocol collected by an external traffic information collector, and storing the calculation result; a traffic status display unit displaying the flow occupancy rates for each traffic feature calculated and stored in the traffic feature extractor on a radar with dots for each traffic feature; and a traffic anomaly determination unit determining whether a network status is abnormal with reference to the radar for each traffic feature, detecting and reporting the type of the abnormal network status and harmful or abnormal traffic that generates the abnormal network status, when the abnormal status occurs.

    摘要翻译: 提供了使用交通流量雷达的网络状态显示装置。 网络状态显示装置包括:业务特征提取器,参考每个业务特征(例如网络地址)的业务信息来计算关于多个业务特征中的每一个的总流量,微流量和宏流量的流量占用率 ,端口,发送/接收主机地址或由外部交通信息收集器收集的协议,并存储计算结果; 交通状态显示单元,其显示针对每个交通特征点的雷达上计算并存储在交通特征提取器中的每个交通特征的流量占用率; 以及交通异常判定单元,针对每个流量特征,参照雷达确定网络状态是否异常,检测和报告异常网络状态的类型以及产生异常网络状态的有害或异常流量,当发生异常状态时 。

    LOG-BASED TRACEBACK SYSTEM AND METHOD USING CENTROID DECOMPOSITION TECHNIQUE
    29.
    发明申请
    LOG-BASED TRACEBACK SYSTEM AND METHOD USING CENTROID DECOMPOSITION TECHNIQUE 有权
    基于LOG的跟踪系统和使用中心分解技术的方法

    公开(公告)号:US20100212013A1

    公开(公告)日:2010-08-19

    申请号:US12669633

    申请日:2007-11-21

    申请人: Jong Hyun Kim Geon Lyang Kim Seon Gyoung Sohn Beom Hwan Chang Chi Yoon Jeong Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    发明人: Jong Hyun Kim Geon Lyang Kim Seon Gyoung Sohn Beom Hwan Chang Chi Yoon Jeong Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    IPC分类号: G06F11/34

    CPC分类号: H04L45/00 H04L45/12 H04L63/1416 H04L63/1425 H04L63/1441 H04L2463/146

    摘要: There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack.

    摘要翻译: 提供了一种通过使用质心分解技术跟踪攻击者的系统和方法,该系统包括:日志数据输入模块,从入侵检测系统收集入侵警报的日志数据; 质心节点检测模块,通过对网络管理服务器收集的网络路由器连接信息应用最短路径算法,生成最短路径树,通过应用质心分解技术检测质心节点,去除叶节点到最短路径树,并生成 每个级别的节点是检测到的质心节点的质心树; 以及回溯处理模块,请求与质心树的每个级别的节点匹配的路由器的日志数据,并且通过比较来跟踪与收集的入侵警报器的日志数据相同的路由器作为连接到攻击者的源的路由器 路由器的日志数据与收集的入侵报警的日志数据。 根据系统和方法,可以快速地检测到导致安全入侵事件的攻击者,系统上的负载减少,并且易于识别暴露于危险或具有弱点的通道主机,从而容易地应对攻击。