-
公开(公告)号:US20190052663A1
公开(公告)日:2019-02-14
申请号:US15985452
申请日:2018-05-21
Inventor: Jooyoung LEE , Dae-Sung MOON , Kyung-Min PARK , Samuel WOO , Ho HWANG , Ik-Kyun KIM , Seung-Hun JIN
IPC: H04L29/06
CPC classification number: H04L63/1433 , H04L63/1425 , H04L63/20
Abstract: Disclosed herein is an apparatus for enhancing network security, which includes an information collection unit for collecting information about states of hosts that form a network and information about connectivity in the network; an attack surface analysis unit for analyzing attack surfaces by creating an attack graph using the information about the states and the information about connectivity; a security-enhancing strategy establishment unit for establishing a security-enhancing strategy based on the attack graph; and a security-enhancing strategy implementation unit for delivering a measure based on the security-enhancing strategy to a corresponding host, thereby taking a security-enhancing measure.
-
22.发明申请APPARATUS AND METHOD FOR DETECTING ABNORMAL CONNECTION BEHAVIOR BASED ON ANALYSIS OF NETWORK DATA 审中-公开基于网络数据分析检测异常连接行为的装置和方法公开(公告)号:US20170034195A1
公开(公告)日:2017-02-02
申请号:US15004412
申请日:2016-01-22
Inventor: Jong-Hoon LEE , Ik-Kyun KIM
IPC: H04L29/06
CPC classification number: H04L63/1425
Abstract: An apparatus and method for detecting abnormal connection behavior are disclosed. The apparatus for detecting abnormal connection behavior includes a data extraction unit, a data storage unit, and a detection unit. The data extraction unit collects network data transmitted and received over a network including a plurality of hosts, and extracts data required for the detection of abnormal connection behavior from the network data. The data storage unit stores the extracted data required for the detection of abnormal connection behavior. The detection unit detects abnormal connection behavior based on characteristic factors corresponding to the stored data required for the detection of abnormal connection behavior and characteristic factors corresponding to malicious behavior.
Abstract translation: 公开了一种用于检测异常连接行为的装置和方法。 用于检测异常连接行为的装置包括数据提取单元,数据存储单元和检测单元。 数据提取单元收集通过包括多个主机的网络发送和接收的网络数据,并从网络数据中提取检测异常连接行为所需的数据。 数据存储单元存储用于检测异常连接行为所需的提取数据。 检测单元根据对应于检测异常连接行为所需的存储数据和与恶意行为对应的特征因素的特征因素检测异常连接行为。
-
23.发明申请APPARATUS AND METHOD FOR DETECTING A MALICIOUS CODE BASED ON COLLECTING EVENT INFORMATION 审中-公开基于收集事件信息检测恶意代码的装置和方法公开(公告)号:US20150220733A1
公开(公告)日:2015-08-06
申请号:US14603241
申请日:2015-01-22
Inventor: Dae-Sung MOON , Ik-Kyun KIM , Hyun-Sook CHO
IPC: G06F21/56
CPC classification number: G06F21/552
Abstract: The apparatus for detecting a malicious code comprises a feature factor collecting module collecting information of feature factor events from a computing device based on the defined feature factors, a feature factor specification module converting the collected information of feature factor events to feature factor specification data in the form available on the analysis, and a malicious code detection module analyzing if a malicious code is or not by using the specification data.
Abstract translation: 用于检测恶意代码的装置包括:特征因子收集模块,基于所定义的特征因子收集来自计算设备的特征因子事件的信息,特征因子指定模块将所收集的特征因子事件的信息转换为特征因子指定数据 表单可用于分析,恶意代码检测模块通过使用规范数据来分析是否有恶意代码。
-
公开(公告)号:US20230077314A1
公开(公告)日:2023-03-09
申请号:US17842399
申请日:2022-06-16
Inventor: Sang-Woo LEE , Yong-Sung JEON , Ha-Young SEONG , You-Sung KANG , Ik-Kyun KIM
IPC: H04W12/121 , H04L27/26
Abstract: Disclosed herein is a method for detecting a covert channel in wireless communication. The method includes setting a wireless communication specification, detecting a covert timing channel, and detecting a covert storage channel.
-
公开(公告)号:US20220269777A1
公开(公告)日:2022-08-25
申请号:US17518373
申请日:2021-11-03
Inventor: Dong-Wook KANG , Dae-Won KIM , Ik-Kyun KIM , Sang-Su LEE , Jin-Yong LEE , Byeong-Cheol CHOI , Yong-Je CHOI
Abstract: Disclosed herein are an apparatus and method for detecting violation of control flow integrity. The apparatus includes memory for storing a program and a processor for executing the program, wherein the processor multiple branch identifier registers to which identifiers of branch targets are written, a set branch identifier instruction configured to command an identifier of a branch target to be written to a branch identifier register at a predetermined sequence number, among the multiple branch identifier registers, and a check branch identifier instruction configured to command a signal indicating detection of a control flow hijacking attack to be issued based on whether a value written to the branch identifier register at the predetermined sequence number is identical to a value of an identifier of a branch target at the predetermined sequence number, wherein the program detects whether a control flow is hijacked based on the multiple branch identifier registers.
-
Patent Agency Ranking
公开(公告)号:US20200233980A1
公开(公告)日:2020-07-23
申请号:US16742037
申请日:2020-01-14
Inventor: Sang-Jae LEE , You-Sung KANG , Keon-Woo KIM , Byoung-Koo KIM , Ik-Kyun KIM , Ju-Han KIM , Tae-Sung KIM , Mi-Kyung OH , Seung-Yong YOON , Seung-Kwang LEE , Yong-Sung JEON , Doo-Ho CHOI
Abstract: A secret information generation apparatus and a method for operating the secret information generation apparatus. The secret information generation apparatus includes a resistor-capacitor circuit, and a microcontroller unit including a first pin connected to an input terminal of the resistor-capacitor circuit and a second pin connected to an output terminal of the resistor-capacitor circuit, wherein the microcontroller unit is configured to transmit a digital value corresponding to a challenge to the resistor-capacitor circuit through the first pin, receive an output value of the resistor-capacitor circuit corresponding to the digital value through the second pin, convert the received value into a digital value using an analog-to-digital converter, extract one or more valid bits from the converted digital value, and then generate a response.
-
公开(公告)号:US20180234436A1
公开(公告)日:2018-08-16
申请号:US15807425
申请日:2017-11-08
Inventor: Jung-Tae KIM , Ik-Kyun KIM , Koo-Hong KANG
IPC: H04L29/06 , H04L12/751 , H04L12/733 , H04L12/721
Abstract: Disclosed herein are a stepping-stone detection apparatus and method. The stepping-stone detection apparatus includes a target connection information reception unit for receiving information about a target connection from an intrusion detection system (IDS), a fingerprint generation unit for generating a target connection fingerprint based on the information about the target connection, and generating one or more candidate connection fingerprints using information about one or more candidate connections corresponding to one or more flow information collectors, and a stepping-stone detection unit for detecting a stepping stone by comparing the target connection fingerprint, in which a maximum allowable delay time is reflected, with the candidate connection fingerprints.
-
公开(公告)号:US20180217860A1
公开(公告)日:2018-08-02
申请号:US15861792
申请日:2018-01-04
Inventor: Jung-Tae KIM , Ik-Kyun KIM
CPC classification number: G06F9/45558 , G06F2009/45591 , G06F2009/45595 , H04L67/10 , H04L67/1029 , H04L67/14 , H04L67/141
Abstract: Disclosed herein are an integrated network data collection apparatus and method. The integrated network data collection apparatus includes a packet collection unit for collecting packets corresponding to one or more virtual machines included in a cloud server, a flow-processing unit for generating flow information based on the collected packets, a session-processing unit for generating session information based on the generated flow information, and a storage unit for storing network data including at least one of the generated flow information and the generated session information.
-
公开(公告)号:US20180191761A1
公开(公告)日:2018-07-05
申请号:US15823209
申请日:2017-11-27
Inventor: Jong-Hoon LEE , Ik-Kyun KIM
IPC: H04L29/06
Abstract: Disclosed is a method for detecting a cyberthreat through correlation analysis of security events, which includes extracting a false-positive data set by extracting, from source data, information about security events occurring during a predetermined time period based on a time at which erroneous detection occurred; extracting a true-positive data set by extracting, from the source data, information about security events occurring during the predetermined time period based on a time at which an intrusion threat was correctly detected; extracting a current data set by extracting information about security events occurring during the predetermined time period from data to be analyzed; generating event coincidence statistics by extracting a frequency of each security event in the respective data sets and by compiling statistics thereon; generating an event vector based on the event coincidence statistics; and performing intrusion threat detection through a vector space model based on the event vector.
-
公开(公告)号:US20180131717A1
公开(公告)日:2018-05-10
申请号:US15803062
申请日:2017-11-03
Inventor: Jung-Tae KIM , Ik-Kyun KIM
Abstract: Disclosed herein are an apparatus and method for detecting a Distributed Reflection Denial of Service (DRDoS) attack. The DRDoS attack detection apparatus includes a network flow data reception unit for receiving network flow data from network equipment, a session type determination unit for determining a session type of the received network flow data, a host type determination unit for determining a type of host corresponding to the network flow data based on the session type, an attack method determination unit for determining an attack method corresponding to the network flow data, a protocol identification unit for identifying a protocol of the network flow data, and an attack detection unit for detecting a DRDoS attack based on the session type, the host type, the attack method, and the protocol.
-
-
-
-
-
-
-
-
-
Search Results
31
records
(took 0.029 seconds)
