公开(公告)号：US20080092237A1

公开(公告)日：2008-04-17

申请号：US11553196

申请日：2006-10-26

申请人： Jun YOON ,  Kyoung Hee Ko ,  Tae In Jung ,  Won Tae Sim ,  Woo Han Kim

发明人： Jun YOON ,  Kyoung Hee Ko ,  Tae In Jung ,  Won Tae Sim ,  Woo Han Kim

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： H04L41/00 ,  G06F21/577 ,  H04L41/046 ,  H04L41/0893 ,  H04L41/22 ,  H04L63/1433

摘要： An integrative analysis system and method of network vulnerability utilizing multiple heterogeneous vulnerability scanners to enhance the accuracy of the network vulnerability analysis are provided. The method comprises a scanning policy setting-up step of setting-up a common scanning policy able to be adapted to the multiple heterogeneous vulnerability scanners and specifying the policy for the respective vulnerability scanners, a vulnerability scanning and result collecting step of performing for the multiple heterogeneous vulnerability scanners to scan, to collect a result thereof, and to store the same in a database and a scanning result integrative analysis step of performing a relevance analysis and an integrative analysis on the scanning results collected, thereby obtaining a complementary vulnerability scanning utilizing multiple heterogeneous vulnerability scanners, enhancing the accuracy and the comprehension of the scanning results, and obtaining a comprehensive vulnerability analysis on a network.

摘要翻译： 提供了利用多种异构漏洞扫描器的网络漏洞综合分析系统和方法，提高了网络漏洞分析的准确性。 该方法包括：扫描策略设置步骤，用于设置能够适应于多个异构的脆弱性扫描器的公共扫描策略，并指定相应的漏洞扫描器的策略;脆弱性扫描和结果收集步骤，用于执行多个 异构脆弱性扫描器进行扫描，收集其结果并将其存储在数据库中，以及扫描结果综合分析步骤，对所收集的扫描结果执行相关性分析和综合分析，从而获得利用多个 异构漏洞扫描器，提高扫描结果的准确性和理解性，并在网络上获得全面的脆弱性分析。

公开(公告)号：US20090122721A1

公开(公告)日：2009-05-14

申请号：US11941203

申请日：2007-11-16

申请人： Kyoung-Hee Ko ,  Won-Tae Sim ,  Woo-Han Kim

发明人： Kyoung-Hee Ko ,  Won-Tae Sim ,  Woo-Han Kim

IPC分类号： H04L12/26

CPC分类号： H04L43/50 ,  H04L41/0213 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/10 ,  Y04S40/168

摘要： A hybrid network discovery method for detecting client applications. The method has the steps of: (a) applying test traffic packets to a network which is to be measured, and analyzing responses so as to check target nodes; (b) transmitting a protocol request packet to each of the checked target nodes; and (c) when the URL of the header of the protocol request packet coincides with a site for a specific application of the target node, extracting the URL and the IP address of the target node.

摘要翻译： 一种用于检测客户端应用程序的混合网络发现方法。 该方法具有以下步骤：（a）将测试业务分组应用于要测量的网络，并分析响应以检查目标节点; （b）向每个所检查的目标节点发送协议请求分组; 和（c）当协议请求分组的报头的URL与目标节点的特定应用的站点一致时，提取目标节点的URL和IP地址。

公开(公告)号：US20090106843A1

公开(公告)日：2009-04-23

申请号：US11941193

申请日：2007-11-16

申请人： Pil-Yong Kang ,  Won-Tae Sim ,  Woo-Han Kim

发明人： Pil-Yong Kang ,  Won-Tae Sim ,  Woo-Han Kim

IPC分类号： H04L9/00

CPC分类号： H04L63/1433

摘要： Provided is a security risk evaluation method for threat management. According to the present invention, new threats or vulnerabilities for a network which should be protected (target network) are collected, and a threat management environment is assessed by checking whether or not to apply attack-attempt detection rules and vulnerability assessment rules for assets related to the threats or vulnerabilities. Based on the assessment result, the range and level of response are previously checked and complemented, and corresponding risk evaluation is provided. Therefore, the threat management environment can be managed effectively.

摘要翻译： 提供威胁管理的安全风险评估方法。 根据本发明，收集应当保护的网络（目标网络）的新的威胁或漏洞，并通过检查是否应用攻击尝试检测规则和资产相关的漏洞评估规则来评估威胁管理环境 威胁或漏洞。 根据评估结果，对检测范围和响应水平进行了检查和补充，并提供了相应的风险评估。 因此，可以有效管理威胁管理环境。

公开(公告)号：US20090100077A1

公开(公告)日：2009-04-16

申请号：US11941135

申请日：2007-11-16

申请人： Tae-In Jung ,  Won-Tae Sim ,  Woo-Han Kim

发明人： Tae-In Jung ,  Won-Tae Sim ,  Woo-Han Kim

IPC分类号： G06F17/30

CPC分类号： H04L63/1433 ,  H04L43/00

摘要： A network risk analysis method using an information hierarchy structure is divided into 7 steps and results derived from each of the process steps are stored in a database to get a hierarchy structure for the respective steps. By using the information hierarchy structure, a network manager can easily comprehend the relationship between the derived results from each step to make a risk analysis in an efficient manner.

摘要翻译： 使用信息层次结构的网络风险分析方法被分为7个步骤，并且从每个处理步骤导出的结果存储在数据库中以获得各个步骤的层次结构。 通过使用信息层次结构，网络管理员可以轻松了解每个步骤的派生结果之间的关系，以有效的方式进行风险分析。

公开(公告)号：US20090099885A1

公开(公告)日：2009-04-16

申请号：US11941209

申请日：2007-11-16

申请人： Yune-Gie Sung ,  Won-Tae Sim ,  Woo-Han Kim

发明人： Yune-Gie Sung ,  Won-Tae Sim ,  Woo-Han Kim

IPC分类号： G06Q10/00

CPC分类号： G06Q10/06

摘要： A method for risk analysis using information asset modeling. The method has the steps of: (a) identifying an information asset which uses or provides a network service; (b) identifying a threat on the information asset through a computer network; (c) identifying a vulnerability of the information asset; (d) calculating an AL (attack likelihood) by using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value; (e) computing the value of the information asset so as to calculate an IM (impact analysis); and (f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.

摘要翻译： 一种利用信息资产建模进行风险分析的方法。 该方法具有以下步骤：（a）识别使用或提供网络服务的信息资产; （b）通过计算机网络识别信息资产的威胁; （c）确定信息资产的脆弱性; （d）通过使用通过将由脆弱性攻击的成功引起的严重性转化为标准化值而获得的CVSS（通用漏洞评分系统）得分来计算AL（攻击可能性）; （e）计算信息资产的价值以计算IM（影响分析）; 和（f）将所计算的AL和IM相乘以便确定信息资产的RL（风险水平）。

公开(公告)号：US20080092207A1

公开(公告)日：2008-04-17

申请号：US11553227

申请日：2006-10-26

申请人： Hyung-Jong Kim ,  Jun Yoon ,  Won Tae Sim ,  Woo-Han Kim

发明人： Hyung-Jong Kim ,  Jun Yoon ,  Won Tae Sim ,  Woo-Han Kim

IPC分类号： H04L9/32

CPC分类号： G06N5/00 ,  H04L63/00

摘要： Disclosed is a system integration method based on a system entity structure (SES). The method comprises steps of (a) analyzing an integration target system to extract a technology attribute and to represent the integration target system as a system entity structure (SES); and (b) carrying out a pruning operation for constitution elements of the integration target system represented as the system entity structure (SES) in the step (a), in consideration of the technology attribute extracted in the step (a), an environmental factor and a pruning rule, which being a basis for selection of constitutional technological elements. The invention is particularly effective for an integration target system having various element technologies such as information security system.

摘要翻译： 公开了一种基于系统实体结构（SES）的系统集成方法。 该方法包括以下步骤：（a）分析集成目标系统以提取技术属性并将整合目标系统表示为系统实体结构（SES）; 和（b）考虑到在步骤（a）中提取的技术属性，对步骤（a）中表示为系统实体结构（SES）的整合目标系统的构成要素进行修剪操作，环境因素 和修剪规则，这是选择宪法技术要素的基础。 本发明对于具有信息安全系统等各种要素技术的集成对象系统特别有效。

公开(公告)号：US20090106844A1

公开(公告)日：2009-04-23

申请号：US11941226

申请日：2007-11-16

申请人： Jun Yoon ,  Won-Tae Sim ,  Woo-Han Kim

发明人： Jun Yoon ,  Won-Tae Sim ,  Woo-Han Kim

IPC分类号： G06F11/00

CPC分类号： H04L41/08 ,  H04L41/082 ,  H04L41/0859 ,  H04L63/1433

摘要： Provided are a system and a method for vulnerability assessment of a network based on a business model. In the system and method, services of each node existing in a monitoring target network are monitored, and a business model is generated on the basis of the monitored services so as to perform vulnerability assessment on the business model. Accordingly, it is possible to guarantee the safety and availability of the system and the network while the vulnerability assessment is performed.

摘要翻译： 提供了基于商业模式的网络的脆弱性评估的系统和方法。 在系统和方法中，对监控目标网络中存在的每个节点的业务进行监控，并根据被监控业务生成业务模型，对业务模型进行脆弱性评估。 因此，可以在执行脆弱性评估时保证系统和网络的安全性和可用性。

公开(公告)号：US20090106839A1

公开(公告)日：2009-04-23

申请号：US11941215

申请日：2007-11-16

申请人： Myeong-Seok Cha ,  Won-Tae Sim ,  Woo-Han Kim

发明人： Myeong-Seok Cha ,  Won-Tae Sim ,  Woo-Han Kim

IPC分类号： G06F21/00

CPC分类号： H04L63/1425 ,  G06F21/552 ,  G06F2221/2151 ,  H04L63/1416

摘要： Method for detecting network attack based on time series model using the trend filtering. The method has the steps of: a) removing a trend component from the time series data to extract a residual component; and b) detecting an anomaly by applying a time series model to the residual component.

摘要翻译： 基于时间序列模型的网络攻击检测方法。 该方法具有以下步骤：a）从时间序列数据中去除趋势分量以提取残余分量; 以及b）通过对残余分量应用时间序列模型来检测异常。

公开(公告)号：US20080095187A1

公开(公告)日：2008-04-24

申请号：US11553253

申请日：2006-10-26

申请人： Tae In JUNG ,  Myeong-Seok Cha ,  Hyung-Jong Kim ,  Won Tae Sim ,  Woo-Han Kim

发明人： Tae In JUNG ,  Myeong-Seok Cha ,  Hyung-Jong Kim ,  Won Tae Sim ,  Woo-Han Kim

IPC分类号： H04J3/22

CPC分类号： H04L43/0882 ,  H04L41/0896 ,  H04L43/10 ,  H04L43/106 ,  H04L69/28

摘要： Disclosed is a method for estimating an available bandwidth of a network link by transmitting small-sized probing packets using a time stamp function of an Internet control message protocol (ICMP) and using time information of the probing packet returned. According to the invention, even when the separate program or function is not activated in the router, it is possible to easily estimate and monitor the available bandwidth of the exterior network link connected to the network being managed. Accordingly, it is possible to operate the network more stably and to detect the abnormal sign of the network at early stage, thereby quickly coping with it. In addition, it is possible to prevent the excessive traffic or load from being caused in the network.

摘要翻译： 公开了一种通过使用因特网控制消息协议（ICMP）的时间戳功能并使用返回的探测分组的时间信息来发送小型探测分组来估计网络链路的可用带宽的方法。 根据本发明，即使在路由器中没有激活单独的程序或功能的情况下，也可以容易地估计和监视连接到被管理的网络的外部网络链路的可用带宽。 因此，可以更稳定地操作网络，并且能够早期检测网络的异常信号，从而快速应对网络。 另外，可以防止在网络中引起过多的流量或负载。