公开(公告)号：US08756685B2

公开(公告)日：2014-06-17

申请号：US13282911

申请日：2011-10-27

申请人： Hyun-Cheol Jeong ,  Seung-Goo Ji ,  Tai Jin Lee ,  Jong-Il Jeong ,  Hong-Koo Kang ,  Byung-Ik Kim

发明人： Hyun-Cheol Jeong ,  Seung-Goo Ji ,  Tai Jin Lee ,  Jong-Il Jeong ,  Hong-Koo Kang ,  Byung-Ik Kim

IPC分类号： G06F21/00 ,  G06F21/51

CPC分类号： G06F21/51 ,  G06F21/563 ,  H04L63/1483

摘要： A detection system of a suspicious malicious website using the analysis of a JavaScript obfuscation strength, which includes: an entropy measuring processor of measuring an entropy of an obfuscated JavaScript present in the website, a special character entropy, and a variable/function name entropy; a frequency measuring processor of measuring a specific function frequency, an encoding mark frequency and a % symbol frequency of the JavaScript; a density measuring processor of measuring the maximum length of a single character string of the JavaScript; and a malicious website confirming processor of determining whether the relevant website is malicious by comparing an obfuscation strength value, measured by the entropy measuring processor, the frequency measuring processor and the density measuring processor, with a threshold value.

摘要翻译： 一种使用JavaScript混淆强度分析的可疑恶意网站的检测系统，其包括：测量网站中存在的模糊JavaScript的熵的熵测量处理器，特殊字符熵和可变/函数名称熵; 测量JavaScript的特定功能频率，编码标记频率和％符号频率的频率测量处理器; 测量JavaScript的单个字符串的最大长度的密度测量处理器; 以及通过将由熵测量处理器，频率测量处理器和密度测量处理器测量的混淆强度值与阈值进行比较来确定相关网站是否是恶意的恶意网站确认处理器。

公开(公告)号：US08438639B2

公开(公告)日：2013-05-07

申请号：US12908673

申请日：2010-10-20

申请人： Tai Jin Lee ,  YongGeun Won ,  ChaeTae Im ,  HyunChul Jeong

发明人： Tai Jin Lee ,  YongGeun Won ,  ChaeTae Im ,  HyunChul Jeong

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L43/16 ,  H04L63/1458 ,  H04L63/168 ,  H04L67/02 ,  H04L2463/141

摘要： Disclosed is a DDoS attack detection and response apparatus. The DDoS attack detection and response apparatus comprises: a receiver unit receiving HTTP requests from a client terminal which is characterized as an IP address; a data measuring unit computing the number of HTTP requests by IP and the number of URIs per HTTP over a certain time period; a DDoS discrimination unit comparing the number of HTTPs per URI with a threshold value and defining an access of the client terminal having the IP address as a DDoS attack when the number of HTTPs per URI is larger than the threshold value; and a blocking unit blocking packets from the IP address when the DDoS discrimination unit detects a DDoS attack.

摘要翻译： 公开了一种DDoS攻击检测和响应设备。 所述DDoS攻击检测和响应装置包括：接收单元，接收来自客户端的HTTP请求，所述客户终端被表征为IP地址; 数据测量单元，通过IP计算HTTP请求的数量，并在一定时间段内计算每个HTTP的URI数量; DDoS鉴别单元，当每个URI的HTTP数量大于阈值时，将每个URI的HTTP数量与阈值进行比较，并定义具有IP地址的客户终端的访问为DDoS攻击; 以及当DDoS鉴别单元检测到DDoS攻击时，阻塞单元阻止来自IP地址的分组。

公开(公告)号：US20090138697A1

公开(公告)日：2009-05-28

申请号：US12181582

申请日：2008-07-29

申请人： Joong Man KIM ,  Hwan Kuk Kim ,  Seok Ung Yoon ,  Chae Tae Im ,  Young Duk Cho ,  Yong Geun Won ,  Tai Jin Lee ,  Yoo Jae Won

发明人： Joong Man KIM ,  Hwan Kuk Kim ,  Seok Ung Yoon ,  Chae Tae Im ,  Young Duk Cho ,  Yong Geun Won ,  Tai Jin Lee ,  Yoo Jae Won

IPC分类号： H04L9/00

CPC分类号： H04L63/04 ,  H04L65/1059 ,  H04L65/1069

摘要： Disclosed are a user agent providing secure VoIP communication and a secure communication method using the same. A user agent of the invention has an additional module for providing a secure function as well as a module for providing general communication, thereby supporting the secure communication. In addition, as a secure communication method using the user agent, a signaling security mechanism negotiation method and a media encryption algorithm negotiation method are provided. Hence, it is possible to provide internet telephone users with a secure VoIP communication service.

摘要翻译： 公开了提供安全VoIP通信的用户代理和使用该通信的安全通信方法。 本发明的用户代理具有用于提供安全功能的附加模块以及用于提供通用通信的模块，从而支持安全通信。 另外，作为使用用户代理的安全通信方式，提供信令安全机制协商方法和媒体加密算法协商方法。 因此，可以为互联网电话用户提供安全的VoIP通信服务。

公开(公告)号：US20130160127A1

公开(公告)日：2013-06-20

申请号：US13657303

申请日：2012-10-22

申请人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong Il Jeong ,  Hong Koo Kang ,  Byung Ik Kim

发明人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong Il Jeong ,  Hong Koo Kang ,  Byung Ik Kim

IPC分类号： G06F21/00

CPC分类号： G06F21/566

摘要： Disclosed herein is a PDF document type malicious code detection system for efficiently detecting a malicious code embedded in a document type and a method thereof. The present invention may perform a dynamic and static analysis on JavaScript within a PDF document, and execute the PDF document to perform a PDF dynamic analysis, thereby achieving an effect of efficiently extracting a malicious code embedded in the PDF document.

摘要翻译： 这里公开了一种用于有效地检测嵌入在文档类型中的恶意代码的PDF文档类型的恶意代码检测系统及其方法。 本发明可以对PDF文档中的JavaScript进行动态和静态分析，并且执行PDF文档来执行PDF动态分析，从而实现有效地提取嵌入PDF文档中的恶意代码的效果。

公开(公告)号：US20120167220A1

公开(公告)日：2012-06-28

申请号：US13304986

申请日：2011-11-28

申请人： Jong-Il Jeong ,  Chae-Tae Im ,  Joo-Hyung Oh ,  Hong-Koo Kang ,  Jin-Kyung Lee ,  Byoung-Ik Kim ,  Seung-Goo Ji ,  Tai-Jin Lee ,  Hyun-Cheol Jeong

发明人： Jong-Il Jeong ,  Chae-Tae Im ,  Joo-Hyung Oh ,  Hong-Koo Kang ,  Jin-Kyung Lee ,  Byoung-Ik Kim ,  Seung-Goo Ji ,  Tai-Jin Lee ,  Hyun-Cheol Jeong

IPC分类号： G06F11/00

CPC分类号： G06F21/563

摘要： Provided is seed information collecting device for detecting malicious code landing/hopping/distribution sites. The device comprises: a seed information collecting module collecting social issue keywords from a seed information collecting channel and collecting address information of potential malicious code landing/hopping/distribution sites using the collected social issue keywords; a web source code collecting module collecting web source code of the potential malicious code landing/hopping/distribution sites using the address information of the potential malicious code landing/hopping/distribution sites collected by the seed information collecting module; and a policy management module managing collection policies of the seed information collecting module and the web source code collecting module.

摘要翻译： 提供了用于检测恶意代码登陆/跳跃/分发站点的种子信息收集装置。 该装置包括：种子信息收集模块，从种子信息采集通道收集社会问题关键词，并使用所收集的社会问题关键词收集潜在的恶意代码登陆/跳出/分发站点的地址信息; 网站源代码收集模块，利用种子信息收集模块收集的潜在恶意代码登陆/跳跃/分发站点的地址信息，收集潜在恶意代码登陆/分发站点的网站源代码; 以及策略管理模块，其管理种子信息收集模块和web源代码收集模块的收集策略。

公开(公告)号：US20120159625A1

公开(公告)日：2012-06-21

申请号：US13282978

申请日：2011-10-27

申请人： Hyun-Cheol JEONG ,  Seung-Goo JI ,  Tai Jin LEE ,  Jong-Il JEONG ,  Hong-Koo KANG ,  Byung-Ik KIM

发明人： Hyun-Cheol JEONG ,  Seung-Goo JI ,  Tai Jin LEE ,  Jong-Il JEONG ,  Hong-Koo KANG ,  Byung-Ik KIM

IPC分类号： G06F21/24

CPC分类号： G06F21/562

摘要： The present invention provides a malicious code detection and classification system using a string comparison technique, including a string extracting unit configured to extract all expressed strings existing in a binary file from the malicious code binary file; a string refining unit configured to refine elements obstructing malicious code detection and classification in the strings extracted from the string extracting unit; and a string comparison unit configured to determine how similar one binary is to another binary by comparing strings refined from the string refining unit.

摘要翻译： 本发明提供了一种使用字符串比较技术的恶意代码检测和分类系统，包括：字符串提取单元，被配置为从恶意代码二进制文件中提取存在于二进制文件中的所有表达的字符串; 字符串精炼单元，被配置为对从字符串提取单元提取的字符串中的恶意代码检测和分类进行细化的元件; 以及字符串比较单元，被配置为通过比较从字符串精炼单元精炼的字符来确定一个二进制是如何与另一个二进制相似的。

公开(公告)号：US20120159621A1

公开(公告)日：2012-06-21

申请号：US13282911

申请日：2011-10-27

申请人： Hyun-Cheol Jeong ,  Seung-Goo Ji ,  Tai Jin Lee ,  Jong-II Jeong ,  Hong-Koo Kang ,  Byung-Ik Kim

发明人： Hyun-Cheol Jeong ,  Seung-Goo Ji ,  Tai Jin Lee ,  Jong-II Jeong ,  Hong-Koo Kang ,  Byung-Ik Kim

IPC分类号： G06F21/00

CPC分类号： G06F21/51 ,  G06F21/563 ,  H04L63/1483

摘要： The present invention provides a detection system of a suspicious malicious website using the analysis of a JavaScript obfuscation strength, which includes: an entropy measuring block of measuring an entropy of an obfuscated JavaScript present in the website, a special character entropy, and a variable/function name entropy; a frequency measuring block of measuring a specific function frequency, an encoding mark frequency and a % symbol frequency of the JavaScript; a density measuring block of measuring the maximum length of a single character string of the JavaScript; and a malicious website confirming block of determining whether the relevant website is malicious by comparing an obfuscation strength value, measured by the entropy measuring block, the frequency measuring block and the density measuring block, with a threshold value.

摘要翻译： 本发明提供了一种使用JavaScript混淆强度分析的可疑恶意网站的检测系统，其包括：测量网站中存在的模糊JavaScript的熵的熵测量块，特殊字符熵和可变/ 函数名熵 测量特定功能频率的频率测量块，JavaScript的编码标记频率和％符号频率; 测量JavaScript的单个字符串的最大长度的密度测量块; 以及通过将熵测量块测量的混淆强度值，频率测量块和密度测量块与阈值进行比较来确定相关网站是否是恶意的恶意网站确认块。

公开(公告)号：US06840747B2

公开(公告)日：2005-01-11

申请号：US10355382

申请日：2003-01-30

申请人： Hyun-Jin Kim ,  Tai-Jin Lee

发明人： Hyun-Jin Kim ,  Tai-Jin Lee

IPC分类号： F04B39/00 ,  F04B9/04 ,  F04B19/02 ,  F04B53/10 ,  F04B53/12 ,  F16C3/14 ,  F01M1/06

CPC分类号： F04B9/047 ,  F04B19/025 ,  F04B53/12

摘要： A positive-displacement oil pump is disclosed. In the oil pump, an insert body is fitted into a central opening of a shaft body to a height of an oil-feeding hole. The insert body is rotated along with the shaft body, and includes a central hole formed in the insert body, a cylindrical lip formed around an outlet of the central hole, a fluid discharge diode provided in an inlet of the central hole, and an inclined groove formed around an outer circumferential surface of the insert body such that the inclined groove forms a closed curve. A piston is movably fitted over the insert body such that the piston is axially moved while changing a volume of a displacement space defined between the insert body and the piston.

摘要翻译： 公开了一种正排量油泵。 在油泵中，将插入体装配到轴体的中心开口至供油孔的高度。 插入体与轴体一起旋转，并且包括形成在插入体中的中心孔，形成在中心孔的出口周围的圆筒形唇部，设置在中心孔的入口中的流体排出二极管和倾斜 所述槽形成在所述插入体的外周表面周围，使得所述倾斜槽形成闭合曲线。 活塞可移动地装配在插入体上，使得活塞轴向移动，同时改变限定在插入体和活塞之间的位移空间的体积。

公开(公告)号：US20130179421A1

公开(公告)日：2013-07-11

申请号：US13676599

申请日：2012-11-14

申请人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong Il Jeong ,  Hong Koo Kang ,  Byung Ik Kim

发明人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong Il Jeong ,  Hong Koo Kang ,  Byung Ik Kim

IPC分类号： G06F17/30

CPC分类号： G06F16/9558 ,  G06F21/51 ,  H04L63/1441 ,  H04L63/168

摘要： A system and method for collecting a URL using a retrieval service of an SNS capable of accurately and effectively extracting and collecting information including a malicious code among information exchanged in an SNS are provided. URL information included in post (a bulletin script, a message, a note, or the like) exchanged in an SNS based on real-time search word information is extracted and collected to be utilized for collecting a malicious code in the SNS, whereby generation of a malicious code in the SNS can be prevented in advance, and thus, damage to users due to infection of a malicious code can be significantly reduced. In addition, the URL information can be effectively collected through crawling.

摘要翻译： 提供了一种使用SNS的检索服务收集URL的系统和方法，其能够在SNS中交换的信息中准确有效地提取和收集包括恶意代码的信息。 提取并收集在SNS中基于实时搜索词信息交换的post（公告脚本，消息，注释等）中包含的URL信息，以收集SNS中的恶意代码，从而生成 可以预先防止SNS中的恶意代码，从而可以显着降低由于恶意代码的感染而对用户造成的损害。 此外，通过抓取可以有效地收集URL信息。

公开(公告)号：US20120311709A1

公开(公告)日：2012-12-06

申请号：US13304981

申请日：2011-11-28

申请人： Hong-Koo Kang ,  Chae-Tae Im ,  Joo-Hyung Oh ,  Jong-Il Jeong ,  Jin-Kyung Lee ,  Byoung-Ik Kim ,  Hyun-Cheol Jeong ,  Seung-Goo Ji ,  Tai-Jin Lee

发明人： Hong-Koo Kang ,  Chae-Tae Im ,  Joo-Hyung Oh ,  Jong-Il Jeong ,  Jin-Kyung Lee ,  Byoung-Ik Kim ,  Hyun-Cheol Jeong ,  Seung-Goo Ji ,  Tai-Jin Lee

IPC分类号： G06F21/00

CPC分类号： G06F21/56 ,  G06F8/75

摘要： An automatic management system includes a malicious code group-mutant storage module that receives a malicious codes analysis result from a malicious code collection-analysis system and extracts group information and mutant information of the malicious codes based on the malicious code analysis result, a malicious code group-mutant DB that stores the extracted group information and mutant information, a malicious code group-mutant management module that provides interface to allow a user to detect the group information and mutant information stored in the malicious code group-mutant DB, and a visualizing module that outputs the detection result to the user, wherein the malicious code group-mutant management module that groups malicious codes having action associations using the group information and mutant information stored in the malicious code group-mutant DB, outputs the group information through the visualizing module and outputs the mutant information based on CFG similarity and string similarity through the visualizing module.

摘要翻译： 自动管理系统包括恶意代码组 - 突变存储模块，其从恶意代码收集分析系统接收恶意代码分析结果，并基于恶意代码分析结果提取恶意代码的组信息和突变信息，恶意代码 存储提取的组信息和突变体信息的组突变体DB，恶意代码组突变体管理模块，其提供接口以允许用户检测存储在恶意代码组突变体DB中的组信息和突变信息，以及可视化 向用户输出检测结果的模块，其中，使用存储在恶意代码组突变体DB中的组信息和突变信息分组具有动作关联的恶意代码的恶意代码组突变体管理模块通过可视化输出组信息 模块并输出基于CFG相似度的突变信息 通过可视化模块进行字符串相似。