利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

31 条记录 (耗时 0.016 秒)

    Web-based traceback system and method using reverse caching proxy
    1.
    发明授权
    Web-based traceback system and method using reverse caching proxy 有权
    基于Web的追溯系统和使用反向缓存代理的方法

    公开(公告)号:US08341721B2

    公开(公告)日:2012-12-25

    申请号:US12467462

    申请日:2009-05-18

    申请人: Jong Hyun Kim Geon Lyang Kim Jong Ho Ryu Chi Yoon Jeong Seon Gyoung Sohn Beom Hwan Chang Jung-Chan Na Hyun Sook Cho

    发明人: Jong Hyun Kim Geon Lyang Kim Jong Ho Ryu Chi Yoon Jeong Seon Gyoung Sohn Beom Hwan Chang Jung-Chan Na Hyun Sook Cho

    IPC分类号: G06F15/16 G06F15/173

    CPC分类号: H04L67/22 H04L63/0281 H04L63/1441 H04L67/2857

    摘要: Provided are a web-based traceback system and method using reverse caching proxy, which can effectively protect a web server against various attacks launched by illegitimate user by acquiring network information and location information of users who attempt to access the web server through an anonymous server, without a requirement of installing any agent program in the users' clients. The web-based traceback system may include a reverse caching proxy server receiving a hypertext transfer protocol (HTTP) packet transmitted to a web server by a client, analyzing the header of the HTTP packet and determining whether the client has attempted to access the web server through an anonymous server based on the results of the analysis; and a web tracking server generating a response page for the HTTP packet upon receiving the results of the determination performed by the reverse caching proxy server, inserting a tracking code in the response page, and providing the response page to the client through the reverse caching proxy server, wherein the tracking code is automatically executed in a web browser of the client and thus provides network information of the client to the web tracking server.

    摘要翻译: 提供了一种使用反向缓存代理的基于web的追溯系统和方法,可以通过获取尝试通过匿名服务器访问Web服务器的用户的网络信息和位置信息,有效地保护Web服务器免受非法用户发起的各种攻击, 而不需要在用户的客户端中安装任何代理程序。 基于web的追溯系统可以包括反向高速缓存代理服务器,其接收由客户端发送到web服务器的超文本传输​​协议(HTTP)分组,分析HTTP分组的报头并确定客户端是否尝试访问web服务器 通过匿名服务器根据分析结果; 以及网页跟踪服务器,在接收到反向高速缓存代理服务器执行的确定结果时,为HTTP分组生成响应页面,在响应页面中插入跟踪代码,并通过反向缓存代理向客户端提供响应页面 服务器,其中跟踪代码在客户端的web浏览器中自动执行,从而将该客户端的网络信息提供给web跟踪服务器。

    METHOD AND SYSTEM FOR PROVIDING NETWORK MONITORING, SECURITY EVENT COLLECTION APPARATUS AND SERVICE ABNORMALITY DETECTION APPARATUS FOR NETWORK MONITORING
    2.
    发明申请
    METHOD AND SYSTEM FOR PROVIDING NETWORK MONITORING, SECURITY EVENT COLLECTION APPARATUS AND SERVICE ABNORMALITY DETECTION APPARATUS FOR NETWORK MONITORING 有权
    提供网络监控的方法和系统,安全事件收集装置和服务异常检测装置网络监控

    公开(公告)号:US20120096150A1

    公开(公告)日:2012-04-19

    申请号:US13272687

    申请日:2011-10-13

    申请人: Beom Hwan CHANG Chi Yoon JEONG Seon-Gyoung SOHN

    发明人: Beom Hwan CHANG Chi Yoon JEONG Seon-Gyoung SOHN

    IPC分类号: G06F15/173

    CPC分类号: H04L63/1425 H04L43/00 H04L43/045

    摘要: A network monitoring system includes: a traffic information generating apparatus for generating traffic information. Further, the network monitoring system includes a security event collecting apparatus for collecting the traffic information generated by the traffic information generating apparatus by referring to pre-stored traffic information, grouping the collected traffic information, and then extracting service information. Furthermore, the network monitoring system includes a service abnormal condition detecting apparatus for detecting a port number of a transport layer of service information extracted from the security event collecting apparatus and the occurrence frequency of the transport layer, determining the continuity of the port number and the uniformity of the occurrence frequency, and displaying a service abnormal condition.

    摘要翻译: 网络监控系统包括:交通信息生成装置,用于产生交通信息。 此外,网络监视系统包括:安全事件收集装置,用于通过参考预先存储的交通信息,分组所收集的交通信息,然后提取服务信息来收集由交通信息产生装置产生的交通信息。 此外,网络监视系统包括:服务异常状况检测装置,用于检测从安全事件收集装置提取的服务信息的传输层的端口号和传输层的出现频率,确定端口号的连续性和 发生频率的均匀性,并显示服务异常状况。

    Apparatus and method for extracting user information using client-based script
    3.
    发明申请
    Apparatus and method for extracting user information using client-based script 审中-公开
    使用基于客户端脚本提取用户信息的装置和方法

    公开(公告)号:US20100169479A1

    公开(公告)日:2010-07-01

    申请号:US12603010

    申请日:2009-10-21

    申请人: Chi Yoon JEONG Beom-Hwan CHANG Seon-Gyoung SOHN Geon Lyang KIM Jong Ho RYU Jong Hyun KIM Jung-Chan NA Hyun Sook CHO Chae Kyu KIM

    发明人: Chi Yoon JEONG Beom-Hwan CHANG Seon-Gyoung SOHN Geon Lyang KIM Jong Ho RYU Jong Hyun KIM Jung-Chan NA Hyun Sook CHO Chae Kyu KIM

    IPC分类号: G06F15/16

    CPC分类号: H04L63/1416

    摘要: Provided are an apparatus and method for extracting user information using a client-based script in which user information including the internet protocol (IP) addresses of an attacking host and an anonymous proxy server used by the attacking host can be collected using a client-based script that can be automatically executed in the web browser of the attacking host. According to the apparatus and the method, it is possible to detect the location of an attacking host without alerting the attacking host by using a script that can be automatically executed in a web browser of the attacking host without any program installation. In addition, according to the apparatus and the method, it is possible to collect the IP addresses of an attacking host and an anonymous proxy server, if any, used by the attacking host by directly connecting the attacking host and a monitoring server.

    摘要翻译: 提供了一种使用基于客户端的脚本来提取用户信息的装置和方法,其中可以使用基于客户端的脚本来收集包括攻击主机的互联网协议(IP)地址和由攻击主机使用的匿名代理服务器的用户信息 脚本可以在攻击主机的Web浏览器中自动执行。 根据该装置和方法,可以通过使用可以在攻击主机的网络浏览器中自动执行的脚本,而无需任何程序安装,来检测攻击主机的位置,而不会提示攻击主机。 此外,根据该装置和方法,可以通过直接连接攻击主机和监视服务器来收集攻击主机使用的攻击主机和匿名代理服务器的IP地址(如果有的话)。

    WEB-BASED TRACEBACK SYSTEM AND METHOD USING REVERSE CACHING PROXY
    5.
    发明申请
    WEB-BASED TRACEBACK SYSTEM AND METHOD USING REVERSE CACHING PROXY 有权
    基于WEB的跟踪系统和使用反向缓存代理的方法

    公开(公告)号:US20100030891A1

    公开(公告)日:2010-02-04

    申请号:US12467462

    申请日:2009-05-18

    申请人: Jong Hyun KIM Geon Lyang KIM Jong Ho RYU Chi Yoon JEONG Seon Gyoung SOHN Beom Hwan CHANG Jung-Chan NA Hyun Sook CHO

    发明人: Jong Hyun KIM Geon Lyang KIM Jong Ho RYU Chi Yoon JEONG Seon Gyoung SOHN Beom Hwan CHANG Jung-Chan NA Hyun Sook CHO

    IPC分类号: G06F15/173 G06F15/16

    CPC分类号: H04L67/22 H04L63/0281 H04L63/1441 H04L67/2857

    摘要: Provided are a web-based traceback system and method using reverse caching proxy, which can effectively protect a web server against various attacks launched by illegitimate user by acquiring network information and location information of users who attempt to access the web server through an anonymous server, without a requirement of installing any agent program in the users' clients. The web-based traceback system may include a reverse caching proxy server receiving a hypertext transfer protocol (HTTP) packet transmitted to a web server by a client, analyzing the header of the HTTP packet and determining whether the client has attempted to access the web server through an anonymous server based on the results of the analysis; and a web tracking server generating a response page for the HTTP packet upon receiving the results of the determination performed by the reverse caching proxy server, inserting a tracking code in the response page, and providing the response page to the client through the reverse caching proxy server, wherein the tracking code is automatically executed in a web browser of the client and thus provides network information of the client to the web tracking server.

    摘要翻译: 提供了一种使用反向缓存代理的基于web的追溯系统和方法,可以通过获取尝试通过匿名服务器访问Web服务器的用户的网络信息和位置信息,有效地保护Web服务器免受非法用户发起的各种攻击, 而不需要在用户的客户端中安装任何代理程序。 基于web的追溯系统可以包括反向高速缓存代理服务器,其接收由客户端发送到web服务器的超文本传输​​协议(HTTP)分组,分析HTTP分组的报头并确定客户端是否尝试访问web服务器 通过匿名服务器根据分析结果; 以及网页跟踪服务器,在接收到反向高速缓存代理服务器执行的确定结果时,为HTTP分组生成响应页面,在响应页面中插入跟踪代码,并通过反向缓存代理向客户端提供响应页面 服务器,其中跟踪代码在客户端的web浏览器中自动执行,从而将该客户端的网络信息提供给web跟踪服务器。

    APPARATUS AND METHOD FOR RECOGNIZING SECURITY SITUATION AND GENERATING SITUATION INFORMATION BASED ON SPATIAL LINKAGE OF PHYSICAL AND IT SECURITY
    6.
    发明申请
    APPARATUS AND METHOD FOR RECOGNIZING SECURITY SITUATION AND GENERATING SITUATION INFORMATION BASED ON SPATIAL LINKAGE OF PHYSICAL AND IT SECURITY 审中-公开
    基于物理和IT安全的空间链接识别安全状况和产生状况信息的装置和方法

    公开(公告)号:US20120159650A1

    公开(公告)日:2012-06-21

    申请号:US13327334

    申请日:2011-12-15

    申请人: Hyeon Koo CHO Beom Hwan CHANG Chi Yoon JEONG

    发明人: Hyeon Koo CHO Beom Hwan CHANG Chi Yoon JEONG

    IPC分类号: G06F11/00

    CPC分类号: G06Q10/06 G06F21/554 G06F2221/2111

    摘要: An apparatus for recognizing security situation and generating situation information based on spatial linkage of physical and IT security, the apparatus includes: a security event collection unit for mapping, when a security event is detected from a security device, unique information of the security device to a location or an object in a real space, and collecting correlated security events based on the mapped information; a security situation awareness unit for determining a type of a security situation and a degree of threat based on the correlated security events; and a situation information generation unit for analyzing a correlation between the correlated security events and the security event to generate security situation information.

    摘要翻译: 一种用于识别安全状况并基于物理和IT安全性的空间连接生成状况信息的装置,所述装置包括:安全事件收集单元,用于当从安全设备检测到安全事件时,将安全设备的唯一信息映射到 在实际空间中的位置或对象,以及基于所映射的信息收集相关的安全事件; 用于基于相关的安全事件确定安全状况的类型和威胁程度的安全状况感知单元; 以及情景信息生成单元,用于分析所述相关安全事件与所述安全事件之间的相关性,以生成安全情况信息。

    APPARATUS AND METHOD FOR DETECTING ABNORMAL HOST BASED ON SESSION MONITORING
    7.
    发明申请
    APPARATUS AND METHOD FOR DETECTING ABNORMAL HOST BASED ON SESSION MONITORING 审中-公开
    基于会话监测检测异常主体的装置和方法

    公开(公告)号:US20120090027A1

    公开(公告)日:2012-04-12

    申请号:US13271598

    申请日:2011-10-12

    申请人: Seon-Gyoung SOHN Beom Hwan CHANG

    发明人: Seon-Gyoung SOHN Beom Hwan CHANG

    IPC分类号: G06F21/20 G06F11/30

    CPC分类号: G06F11/079 G06F21/55 G06F21/552 G06F21/554 H04L63/1425 H04L2463/146

    摘要: An apparatus for detecting an abnormal host based on session monitoring includes: a host information collection unit for collecting information of processes being executed in hosts and information of sessions connected by the hosts; a network traffic monitoring unit for collecting network traffic information; an analysis unit for calculating an entropy of each host based on the collected session information to analyze correlation between hosts based on the calculated entropy and the network traffic information; and a detection unit for detecting an abnormal host and a process causing harmful traffic in the abnormal host based on the correlation and updating a black list based on the detected host and process.

    摘要翻译: 一种用于基于会话监控来检测异常主机的装置,包括:主机信息收集单元,用于收集主机中正在执行的进程的信息和由主机连接的会话的信息; 网络流量监控单元,用于收集网络流量信息; 分析单元,用于基于所收集的会话信息来计算每个主机的熵,以基于所计算的熵和所述网络交通信息来分析主机之间的相关性; 以及检测单元,用于基于所述相关性检测异常主机和引起异常主机中的有害业务的过程,并且基于检测到的主机和处理更新黑名单。

    Apparatus and method for sampling security events based on contents of the security events
    8.
    发明授权
    Apparatus and method for sampling security events based on contents of the security events 有权
    基于安全事件内容对安全事件进行采样的装置和方法

    公开(公告)号:US08140671B2

    公开(公告)日:2012-03-20

    申请号:US12667130

    申请日:2007-11-19

    申请人: Chi Yoon Jeong Beom Hwan Chang Seon Gyoung Sohn Geon Lyang Kim Jong Hyun Kim Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    发明人: Chi Yoon Jeong Beom Hwan Chang Seon Gyoung Sohn Geon Lyang Kim Jong Hyun Kim Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    IPC分类号: G06F15/173

    CPC分类号: H04L63/1416 G06Q10/06

    摘要: There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

    摘要翻译: 提供了一种基于安全事件的内容对安全事件进行采样的装置和方法,该装置包括:安全事件累积模块,其收集网络系统中发生的安全事件,并根据所述安全事件的内容存储每种类型的安全事件 安全事件; 安全事件分析模块,通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。 该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

    APPARATUS AND METHOD FOR TRACING WEB USER USING SIGNED CODE
    10.
    发明申请
    APPARATUS AND METHOD FOR TRACING WEB USER USING SIGNED CODE 审中-公开
    使用签名代码跟踪WEB用户的设备和方法

    公开(公告)号:US20110047623A1

    公开(公告)日:2011-02-24

    申请号:US12691654

    申请日:2010-01-21

    申请人: Beom Hwan Chang Chi Yoon Jeong A Ra Jo Jung Chan Na Hyun Sook Cho

    发明人: Beom Hwan Chang Chi Yoon Jeong A Ra Jo Jung Chan Na Hyun Sook Cho

    IPC分类号: G06F15/173 G06F21/00

    CPC分类号: H04L63/123 G06F21/552 G06F2221/0737 G06F2221/2111 H04L63/1416 H04L63/1483

    摘要: Provided are an apparatus and method for tracing web user using signed code. The apparatus for tracing web user includes at least one access terminal, a web server, and a monitoring server. The at least one access terminal requests a web page. The web server provides the web page including a signed code to the each access terminal according to the request. The monitoring server receives and analyzes access information which is extracted from the each access terminal according to execution of the signed code.

    摘要翻译: 提供了使用签名代码跟踪web用户的装置和方法。 用于跟踪web用户的装置包括至少一个接入终端,web服务器和监视服务器。 所述至少一个接入终端请求网页。 Web服务器根据请求向每个接入终端提供包括签名代码的网页。 监视服务器根据签名代码的执行接收并分析从每个接入终端提取的接入信息。