公开(公告)号：US20190044730A1

公开(公告)日：2019-02-07

申请号：US15994049

申请日：2018-05-31

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Samuel WOO ,  Dae-Sung MOON ,  Kyung-Min PARK ,  Jooyoung LEE ,  IK-KYUN KIM ,  Seung-Hun JIN ,  Ho HWANG

IPC: H04L9/32 ,  H04L29/06

Abstract: Disclosed herein are an apparatus and method for generating and operating a dynamic Controller Area Network (CAN) Identifier (ID). The apparatus includes a priority ID generation unit for generating a priority ID that is a base ID, a dynamic ID generation unit for generating a dynamic ID that is dynamically changed, and a communication unit for transmitting/receiving a data frame in which a dynamic CAN ID including the priority ID and the dynamic ID is combined with data.

公开(公告)号：US20240163297A1

公开(公告)日：2024-05-16

申请号：US18454573

申请日：2023-08-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jae-Hak YU ,  Ki-Jong KOO ,  Dae-Sung MOON ,  Ik-Kyun KIM

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1416 ,  H04L41/16

Abstract: Disclosed herein are an artificial Intelligence (AI)-based cyber training method. The AI-based cyber training method may include generating a unit attack by training an attack agent based on environment and state information of a cyber range (CR) and a set of attack tools executable on a system, executing the unit attack in the CR, and then determining whether the unit attack has succeeded, and determining whether to perform an attack or a defense based on whether the unit attack has succeeded.

公开(公告)号：US20220188339A1

公开(公告)日：2022-06-16

申请号：US17552328

申请日：2021-12-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Joo-Young LEE ,  Ki-Jong KOO ,  Ik-Kyun KIM ,  Dae-Sung MOON ,  Kyung-Min PARK

IPC: G06F16/29 ,  G06F16/22

Abstract: Disclosed herein are a network environment synchronization apparatus and method. The network environment synchronization apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect data from a network environment and generate a management structure in which collected data is distributed into preset respective group units, generate data discriminators for respective group units using a preset hash function, determine whether data of the management structure has changed with reference to data newly collected from the network environment based on the data discriminators, and when it is determined whether data of the management structure has changed, update the data of the management structure with the newly collected data.

公开(公告)号：US20210056234A1

公开(公告)日：2021-02-25

申请号：US16988134

申请日：2020-08-07

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Taek-Young YOUN ,  Nam-Su JHO ,  Dae-Sung MOON ,  Ik-Kyun KIM ,  Seung-Hun JIN

IPC: G06F21/64 ,  H04L9/32

Abstract: Disclosed herein is a method of operating a data management apparatus. The method may include segmenting, by a client device, data into multiple data blocks, generating, by the client device, tags corresponding to the multiple data blocks, generating, by the client device, a representative value by accumulating the tags, generating, by the client device, a client signature value by signing the representative value and a counter value corresponding to the last updated data block, among the multiple data blocks, and transmitting, by the client device, the data and the client signature value to a server.

公开(公告)号：US20200153861A1

公开(公告)日：2020-05-14

申请号：US16679622

申请日：2019-11-11

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Kyung-Min PARK ,  Dae-Sung MOON ,  Ki-Jong KOO ,  Ik-Kyun KIM ,  Samuel WOO ,  Joo-Young LEE

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/741

Abstract: Disclosed herein are a decoy apparatus and a method for expanding a fake attack surface using a deception network. The method includes determining, by a protected server, whether a packet is a target to be processed when the packet is received; converting, by the protected server, the packet and transmitting, by the protected server, the converted packet to the decoy apparatus of the deception network when the packet is determined not to be such a target; receiving, by the protected server, a response packet from a decoy virtual machine included in the decoy apparatus as a reply to the converted packet; and modifying, by the protected server, the response packet and transmitting, by the protected server, the modified response packet to the source from which the packet was transmitted, in order to expand the fake attack surface.

公开(公告)号：US20200007496A1

公开(公告)日：2020-01-02

申请号：US16452682

申请日：2019-06-26

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Kyung-Min PARK ,  Samuel WOO ,  Dae-Sung MOON ,  Ki-Jong KOO ,  Ik-Kyun KIM ,  Joo-Young LEE

IPC: H04L29/12 ,  H04L29/06 ,  H04L9/08

Abstract: Disclosed herein are a server apparatus, a client apparatus, and a method for communication based on network address mutation. The method for communication based on network address mutation, performed by the server apparatus and the client apparatus, includes setting the external address of a network interface for receiving a packet from the client apparatus; setting the internal address of a hidden interface in order to forward the packet received through the network interface to the hidden interface; modifying the external address based on a preset network address mutation rule; and communicating with the client apparatus by forwarding the packet, received from the client apparatus based on the modified external address, to the hidden interface.

公开(公告)号：US20170237680A1

公开(公告)日：2017-08-17

申请号：US15331436

申请日：2016-10-21

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Yang-Seo CHOI ,  Jong-Hyun KIM ,  Joo-Young LEE ,  Sun-Oh CHOI ,  Ik-Kyun KIM ,  Dae-Sung MOON

IPC: H04L12/911 ,  H04L12/24

CPC classification number: H04L67/06 ,  H04L43/026 ,  H04L47/2483 ,  H04L49/9057

Abstract: Disclosed are an apparatus and method for reconstructing a transmitted file with high performance in real time, which select analysis target packets for reconstruction by first checking using hardware whether data file-related information is present in packets transmitted via large-capacity traffic over a broadband network, and which reconstruct a file in real time only from the selected analysis target packets. The file reconstruction apparatus for reconstructing a data file from packets on a network includes a packet monitoring unit for extracting packets on the network, a collected packet selection unit for determining whether, for the extracted packets, each packet is a reconstruction target based on flow information, and selecting a reconstruction target packet, and a file reconstruction unit for performing file reconstruction by extracting data from the reconstruction target packet and by storing the extracted data as data of a reconstructed file in a relevant flow.

公开(公告)号：US20240104195A1

公开(公告)日：2024-03-28

申请号：US18335813

申请日：2023-06-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sang-Min LEE ,  Ki-Jong KOO ,  Jung-Tae KIM ,  Ji-Hyeon SONG ,  Jong-Hyun KIM ,  Dae-Sung MOON

IPC: G06F21/53 ,  G06F9/455 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F9/45558 ,  G06F21/564 ,  G06F2009/45562

Abstract: Disclosed herein are an apparatus and method for updating an Internet-based malware detection engine using virtual machine scaling. The method may include creating a scaling group and an update group set based on a first virtual machine image, creating a second virtual machine image for a running virtual machine in response to occurrence of a snapshot event in the virtual update group run based on the first virtual machine image, modifying the scale-out image of the scaling group to the second virtual machine image, updating the scaling group by triggering a scale-out event and a scale-in event in the scaling group in response to occurrence of an update event, and modifying the scale-in image of the scaling group to the second virtual machine image.

公开(公告)号：US20230047450A1

公开(公告)日：2023-02-16

申请号：US17882090

申请日：2022-08-05

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Ki-Jong KOO ,  Dae-Sung MOON ,  Joo-Young LEE ,  Ik-Kyun KIM ,  Kyung-Min PARK

IPC: H04L9/40 ,  G06N3/08

Abstract: Disclosed herein are an apparatus and method for inferring a cyberattack path based on attention. The apparatus includes memory in which at least one program is recorded and a processor for executing the program. The program generates test data required for generating an intelligent attack graph and generates an attack graph based on an intelligent attack path prediction model.

公开(公告)号：US20220138319A1

公开(公告)日：2022-05-05

申请号：US17461337

申请日：2021-08-30

Applicant: Electronics and Telecommunications Research Institute

Inventor： Jung-Tae KIM ,  Ji-Hyeon SONG ,  Jong-Hyun KIM ,  Sang-Min LEE ,  Ik-Kyun KIM ,  Dae-Sung MOON

IPC: G06F21/56 ,  G06N20/00

Abstract: Disclosed herein are an apparatus for detecting unknown malware using a variable-length operation code (opcode) and a method using the apparatus. The method includes collecting opcode information from a detection target, generating a multi-pixel image having a variable length by performing feature engineering on the opcode information; and detecting unknown malware by inputting the multi-pixel image to a deep-learning model based on AI.