利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

19 条记录 (耗时 0.034 秒)

    Web-based traceback system and method using reverse caching proxy
    1.
    发明授权
    Web-based traceback system and method using reverse caching proxy 有权
    基于Web的追溯系统和使用反向缓存代理的方法

    公开(公告)号:US08341721B2

    公开(公告)日:2012-12-25

    申请号:US12467462

    申请日:2009-05-18

    申请人: Jong Hyun Kim Geon Lyang Kim Jong Ho Ryu Chi Yoon Jeong Seon Gyoung Sohn Beom Hwan Chang Jung-Chan Na Hyun Sook Cho

    发明人: Jong Hyun Kim Geon Lyang Kim Jong Ho Ryu Chi Yoon Jeong Seon Gyoung Sohn Beom Hwan Chang Jung-Chan Na Hyun Sook Cho

    IPC分类号: G06F15/16 G06F15/173

    CPC分类号: H04L67/22 H04L63/0281 H04L63/1441 H04L67/2857

    摘要: Provided are a web-based traceback system and method using reverse caching proxy, which can effectively protect a web server against various attacks launched by illegitimate user by acquiring network information and location information of users who attempt to access the web server through an anonymous server, without a requirement of installing any agent program in the users' clients. The web-based traceback system may include a reverse caching proxy server receiving a hypertext transfer protocol (HTTP) packet transmitted to a web server by a client, analyzing the header of the HTTP packet and determining whether the client has attempted to access the web server through an anonymous server based on the results of the analysis; and a web tracking server generating a response page for the HTTP packet upon receiving the results of the determination performed by the reverse caching proxy server, inserting a tracking code in the response page, and providing the response page to the client through the reverse caching proxy server, wherein the tracking code is automatically executed in a web browser of the client and thus provides network information of the client to the web tracking server.

    摘要翻译: 提供了一种使用反向缓存代理的基于web的追溯系统和方法,可以通过获取尝试通过匿名服务器访问Web服务器的用户的网络信息和位置信息,有效地保护Web服务器免受非法用户发起的各种攻击, 而不需要在用户的客户端中安装任何代理程序。 基于web的追溯系统可以包括反向高速缓存代理服务器,其接收由客户端发送到web服务器的超文本传输​​协议(HTTP)分组,分析HTTP分组的报头并确定客户端是否尝试访问web服务器 通过匿名服务器根据分析结果; 以及网页跟踪服务器,在接收到反向高速缓存代理服务器执行的确定结果时,为HTTP分组生成响应页面,在响应页面中插入跟踪代码,并通过反向缓存代理向客户端提供响应页面 服务器,其中跟踪代码在客户端的web浏览器中自动执行,从而将该客户端的网络信息提供给web跟踪服务器。

    GIS BASED NETWORK INFORMATION MONITORING-SYSTEM
    2.
    发明申请
    GIS BASED NETWORK INFORMATION MONITORING-SYSTEM 审中-公开
    基于GIS的网络信息监控系统

    公开(公告)号:US20100030892A1

    公开(公告)日:2010-02-04

    申请号:US12471005

    申请日:2009-05-22

    申请人: Chi Yoon Jeong Beom Hwan Chang Seon Gyoung Sohn Geon Lyang Kim Jong Hyun Kim Jong Ho Ryu Jung Chan Na Hyun Sook Cho

    发明人: Chi Yoon Jeong Beom Hwan Chang Seon Gyoung Sohn Geon Lyang Kim Jong Hyun Kim Jong Ho Ryu Jung Chan Na Hyun Sook Cho

    IPC分类号: G06F15/173

    CPC分类号: H04L63/1416 H04L63/1441

    摘要: Disclosed is a GIS based network information monitoring system that intuitively combines GIS based geographic information with traffic information and a security event, expresses the combined geographic information on a display, and does not need position calibration of network information when the traffic information and the security event are expressed. The GIS based network information monitoring system includes: a geographic information processing module receiving network information from an external network device, containing GIS based geographic information, and creating geographic information corresponding to location information in response to the location information; and a network information processing module mapping the network information to geographic information corresponding to the location information to express the mapped network information, connecting an attack site of a packet causing a security problem, an intermediate site, and a target site using lines, and intuitively expressing the network information by varying the widths and colors of the lines according to the attack type and danger level of the packet.

    摘要翻译: 公开了一种基于GIS的网络信息监控系统,其将基于GIS的地理信息与交通信息和安全事件直观结合,在显示器上表示组合的地理信息,并且当交通信息和安全事件不需要网络信息的位置校准 被表达。 基于GIS的网络信息监控系统包括:地理信息处理模块,从外部网络设备接收包含GIS的地理信息的网络信息,并响应于位置信息创建与位置信息对应的地理信息; 以及网络信息处理模块,将网络信息映射到与位置信息对应的地理信息,以表示映射的网络信息,使用线连接引起安全问题的分组的攻击位置,中间站点和目标站点,并且直观地 通过根据分组的攻击类型和危险等级改变线路的宽度和颜色来表达网络信息。

    APPARATUS AND METHOD FOR DISPLAYING STATE OF NETWORK
    3.
    发明申请
    APPARATUS AND METHOD FOR DISPLAYING STATE OF NETWORK 审中-公开
    用于显示网络状态的装置和方法

    公开(公告)号:US20100150008A1

    公开(公告)日:2010-06-17

    申请号:US12530193

    申请日:2008-03-07

    申请人: Seon Gyoung Sohn Chi Yoon Jeong Beom Hwan Chang Soo Hyung Lee Hyo Chan Bang Geon Lyang Kim Hyun Joo Kim Won Joo Park Jong Ho Ryu Jong Hyun Kim Jung Chan Na Jong Soo Jang Sung Won Sohn

    发明人: Seon Gyoung Sohn Chi Yoon Jeong Beom Hwan Chang Soo Hyung Lee Hyo Chan Bang Geon Lyang Kim Hyun Joo Kim Won Joo Park Jong Ho Ryu Jong Hyun Kim Jung Chan Na Jong Soo Jang Sung Won Sohn

    IPC分类号: H04L12/26

    CPC分类号: H04L41/22 H04L43/045 H04L63/1408

    摘要: There are provided a network state display apparatus and method capable of easily determining a present network security state in real time by analyzing an abnormality and harmful traffic deteriorating performance of a network in software by using a result of combining essential characteristics of traffic, a distinct dispersion, and an entropy and displaying the network state to be intuitionally recognized, the method including selecting and combining three of a source address, a source port, a destination address, and a destination port of collected traffic and calculating a distinct dispersion and an entropy of a residual one therefrom; displaying the calculated distinct dispersion and entropy on a security radar where the distinct dispersion and the entropy are assigned to an angle and a radius; determining whether a network state is abnormal, based on a result displayed on the security radar; and detecting reporting detailed information on abnormal traffic causing the abnormal network state.

    摘要翻译: 提供了一种网络状态显示装置和方法,其能够通过使用组合业务的基本特征的结果分析软件中的网络的异常和有害的业务恶化的性能来实时地容易地确定当前的网络安全状态,不同的分散 以及熵并显示要直观识别的网络状态,所述方法包括选择和组合收集的业务的源地址,源端口,目的地地址和目的地端口中的三个,并计算不同的色散和熵 剩余的一个; 在安全雷达上显示计算出的不同色散和熵,其中明确的色散和熵分配给角度和半径; 基于安全雷达上显示的结果,确定网络状态是否异常; 检测异常网络状态异常报告的详细信息。

    APPARATUS AND METHOD FOR SAMPLING SECURITY EVENT BASED ON CONTENTS OF THE SECURITY EVENT
    5.
    发明申请
    APPARATUS AND METHOD FOR SAMPLING SECURITY EVENT BASED ON CONTENTS OF THE SECURITY EVENT 有权
    基于安全事件内容采集安全事件的装置和方法

    公开(公告)号:US20110016208A1

    公开(公告)日:2011-01-20

    申请号:US12667130

    申请日:2007-11-19

    申请人: Chi Yoon Jeong Beom Hwan Chang Seon Gyoung Sohn Geon Lyang Kim Jong Hyun Kim Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    发明人: Chi Yoon Jeong Beom Hwan Chang Seon Gyoung Sohn Geon Lyang Kim Jong Hyun Kim Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    IPC分类号: G06F15/173

    CPC分类号: H04L63/1416 G06Q10/06

    摘要: There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

    摘要翻译: 提供了一种基于安全事件的内容对安全事件进行采样的装置和方法,该装置包括:安全事件累积模块,其收集网络系统中发生的安全事件,并根据所述安全事件的内容存储每种类型的安全事件 安全事件; 安全事件分析模块,通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。 该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

    Apparatus and method for sampling security events based on contents of the security events
    6.
    发明授权
    Apparatus and method for sampling security events based on contents of the security events 有权
    基于安全事件内容对安全事件进行采样的装置和方法

    公开(公告)号:US08140671B2

    公开(公告)日:2012-03-20

    申请号:US12667130

    申请日:2007-11-19

    申请人: Chi Yoon Jeong Beom Hwan Chang Seon Gyoung Sohn Geon Lyang Kim Jong Hyun Kim Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    发明人: Chi Yoon Jeong Beom Hwan Chang Seon Gyoung Sohn Geon Lyang Kim Jong Hyun Kim Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    IPC分类号: G06F15/173

    CPC分类号: H04L63/1416 G06Q10/06

    摘要: There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

    摘要翻译: 提供了一种基于安全事件的内容对安全事件进行采样的装置和方法,该装置包括:安全事件累积模块,其收集网络系统中发生的安全事件,并根据所述安全事件的内容存储每种类型的安全事件 安全事件; 安全事件分析模块,通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。 该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

    Log-based traceback system and method using centroid decomposition technique
    8.
    发明授权
    Log-based traceback system and method using centroid decomposition technique 有权
    基于Log的追溯系统和使用重心分解技术的方法

    公开(公告)号:US08307441B2

    公开(公告)日:2012-11-06

    申请号:US12669633

    申请日:2007-11-21

    申请人: Jong Hyun Kim Geon Lyang Kim Seon Gyoung Sohn Beom Hwan Chang Chi Yoon Jeong Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    发明人: Jong Hyun Kim Geon Lyang Kim Seon Gyoung Sohn Beom Hwan Chang Chi Yoon Jeong Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    IPC分类号: G06F11/34

    CPC分类号: H04L45/00 H04L45/12 H04L63/1416 H04L63/1425 H04L63/1441 H04L2463/146

    摘要: There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack.

    摘要翻译: 提供了一种通过使用质心分解技术跟踪攻击者的系统和方法,该系统包括:日志数据输入模块,从入侵检测系统收集入侵警报的日志数据; 质心节点检测模块,通过对网络管理服务器收集的网络路由器连接信息应用最短路径算法,生成最短路径树,通过应用质心分解技术检测质心节点,去除叶节点到最短路径树,并生成 每个级别的节点是检测到的质心节点的质心树; 以及回溯处理模块,请求与质心树的每个级别的节点匹配的路由器的日志数据,并且通过比较来跟踪与收集的入侵警报器的日志数据相同的路由器作为连接到攻击者的源的路由器 路由器的日志数据与收集的入侵报警的日志数据。 根据系统和方法,可以快速地检测到导致安全入侵事件的攻击者,系统上的负载减少,并且易于识别暴露于危险或具有弱点的通道主机,从而容易地应对攻击。

    LOG-BASED TRACEBACK SYSTEM AND METHOD USING CENTROID DECOMPOSITION TECHNIQUE
    9.
    发明申请
    LOG-BASED TRACEBACK SYSTEM AND METHOD USING CENTROID DECOMPOSITION TECHNIQUE 有权
    基于LOG的跟踪系统和使用中心分解技术的方法

    公开(公告)号:US20100212013A1

    公开(公告)日:2010-08-19

    申请号:US12669633

    申请日:2007-11-21

    申请人: Jong Hyun Kim Geon Lyang Kim Seon Gyoung Sohn Beom Hwan Chang Chi Yoon Jeong Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    发明人: Jong Hyun Kim Geon Lyang Kim Seon Gyoung Sohn Beom Hwan Chang Chi Yoon Jeong Jong Ho Ryu Jung Chan Na Jong Soo Jang Sung Won Sohn

    IPC分类号: G06F11/34

    CPC分类号: H04L45/00 H04L45/12 H04L63/1416 H04L63/1425 H04L63/1441 H04L2463/146

    摘要: There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack.

    摘要翻译: 提供了一种通过使用质心分解技术跟踪攻击者的系统和方法,该系统包括:日志数据输入模块,从入侵检测系统收集入侵警报的日志数据; 质心节点检测模块,通过对网络管理服务器收集的网络路由器连接信息应用最短路径算法,生成最短路径树,通过应用质心分解技术检测质心节点,去除叶节点到最短路径树,并生成 每个级别的节点是检测到的质心节点的质心树; 以及回溯处理模块,请求与质心树的每个级别的节点匹配的路由器的日志数据,并且通过比较来跟踪与收集的入侵警报器的日志数据相同的路由器作为连接到攻击者的源的路由器 路由器的日志数据与收集的入侵报警的日志数据。 根据系统和方法,可以快速地检测到导致安全入侵事件的攻击者,系统上的负载减少,并且易于识别暴露于危险或具有弱点的通道主机,从而容易地应对攻击。

    APPARATUS AND METHOD FOR DETECTING NETWORK ATTACK BASED ON VISUAL DATA ANALYSIS
    10.
    发明申请
    APPARATUS AND METHOD FOR DETECTING NETWORK ATTACK BASED ON VISUAL DATA ANALYSIS 审中-公开
    基于视觉数据分析检测网络攻击的装置和方法

    公开(公告)号:US20110016525A1

    公开(公告)日:2011-01-20

    申请号:US12630672

    申请日:2009-12-03

    申请人: Chi Yoon Jeong Beom-Hwan Chang Seon-Gyoung Sohn Johg Ho Ryu Geon Lyang Kim Jonghyun Kim Jung-Chan Na Hyun sook Cho

    发明人: Chi Yoon Jeong Beom-Hwan Chang Seon-Gyoung Sohn Johg Ho Ryu Geon Lyang Kim Jonghyun Kim Jung-Chan Na Hyun sook Cho

    IPC分类号: G06F21/00 G06K9/68

    CPC分类号: H04L63/1425

    摘要: An apparatus for detecting a network attack includes a traffic image generator for generating a traffic image using traffic information and additional IP information extracted from the traffic information; a network attack detector for comparing similarities between the traffic image and a previously generated traffic image based on a predetermined similarity threshold to detect the presence of the network attack; and a network attack analyzer for analyzing the traffic image at a time when the network attack is detected to detect network attack information and pattern information of the network attack. A representation unit for visualizing the network attack information and the pattern information of the network attack.

    摘要翻译: 用于检测网络攻击的装置包括业务图像生成器,用于使用从业务信息提取的业务信息和附加IP信息来生成业务图像; 网络攻击检测器,用于基于预定的相似性阈值来比较业务图像和先前生成的业务图像之间的相似性,以检测网络攻击的存在; 以及网络攻击分析器,用于在检测到网络攻击时分析流量图像,以检测网络攻击信息和网络攻击的模式信息。 用于可视化网络攻击信息和网络攻击的模式信息的表示单元。