公开(公告)号：US09323987B2

公开(公告)日：2016-04-26

申请号：US14467677

申请日：2014-08-25

申请人： ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

发明人： Taek kyu Lee ,  Geun Yong Kim ,  Seok won Lee ,  Myeong Ryeol Choi ,  Hyung Geun Oh ,  KiWook Sohn

IPC分类号： G06K9/62 ,  G06K9/00 ,  G06K9/34 ,  G06K9/72

CPC分类号： G06K9/00469 ,  G06K9/344 ,  G06K9/723 ,  G06K2209/01

摘要： An apparatus and method for detecting forgery/falsification of a homepage. The apparatus includes a homepage image shot generation module for generating homepage image shots of an entire screen of an accessed homepage. A character string extraction module extracts character strings from each homepage image shot using an OCR technique. A character string comparison module compares each of the extracted character strings with character strings required for determination of homepage forgery/falsification, thus determining whether the extracted character string is a normal character string or a falsified character string. A homepage falsification determination module determines whether the corresponding homepage has been forged/falsified, based on results of the comparison. A character string learning module learns the character string extracted from the homepage image shot, based on results of the determination, and classifies the character string as the normal character string or the falsified character string.

摘要翻译： 一种用于检测主页伪造/伪造的装置和方法。 该装置包括用于生成访问的主页的整个屏幕的主页图像拍摄的主页图像拍摄生成模块。 字符串提取模块使用OCR技术从每个主页图像提取字符串。 字符串比较模块将每个提取的字符串与确定主页伪造/伪造所需的字符串进行比较，从而确定提取的字符串是正常字符串还是伪造的字符串。 主页伪造确定模块根据比较结果确定相应的主页是否已被伪造/伪造。 字符串学习模块基于确定的结果来学习从主页图像提取的字符串，并将字符串分类为正常字符串或伪造的字符串。

公开(公告)号：US09398040B2

公开(公告)日：2016-07-19

申请号：US14470119

申请日：2014-08-27

申请人： ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

发明人： Taek kyu Lee ,  Geun Yong Kim ,  Seok won Lee ,  Myeong Ryeol Choi ,  Hyung Geun Oh ,  KiWook Sohn

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  H04L63/0236 ,  H04L63/1408 ,  H04L63/1441

摘要： Disclosed herein is an Intrusion Detection System (IDS) false positive detection apparatus and method. An IDS false positive detection apparatus includes a payload extraction unit for extracting payloads by dividing each packet corresponding to an IDS detection rule into a header and a payload. A false positive payload information generation unit generates false positive payload information required to identify a false positive payload by extracting a payload of a false positive packet based on results of packet analysis received from a manager. A false positive payload determination unit transmits results of a determination of whether each payload extracted by the payload extraction unit corresponds to a false positive payload, based on the false positive payload information, to the manager.

摘要翻译： 本文公开了入侵检测系统（IDS）假阳性检测装置和方法。 IDS假阳性检测装置包括有效载荷提取单元，用于通过将对应于IDS检测规则的每个分组划分成报头和有效载荷来提取有效载荷。 假正负载信息生成单元基于从管理器接收到的分组结果的结果，提取伪阳性分组的有效载荷，生成用于识别假正负载所需的假正负载信息。 假正负载确定单元向管理者发送确定由有效载荷提取单元提取的每个有效载荷是否基于假正负载信息对应于假正有效载荷的结果。

公开(公告)号：US09275224B2

公开(公告)日：2016-03-01

申请号：US14338917

申请日：2014-07-23

申请人： ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

发明人： NamHoon Lee ,  Seokwon Lee ,  Soonjwa Hong ,  TaekKyu Lee ,  KyuCheol Jung ,  Geunyong Kim ,  Hyung Geun Oh ,  Ki Wook Sohn

IPC分类号： G06F11/00 ,  G06F21/55 ,  H04L29/06 ,  G06F12/14 ,  G06F12/16

CPC分类号： G06F21/554 ,  H04L63/1408

摘要： An apparatus for improving detection performance of an intrusion detection system includes a transformed detected data generation unit for changing original detected data, detected based on current detection rules, to transformed detected data complying with transformed detected data standard. A transformed detected data classification unit classifies the transformed detected data by attack type, classifies transformed detected data for attack types by current detection rule, and classifies transformed detected data for detection rules into true positives/false positives. A transformed keyword tree generation unit generates a true positive transformed keyword tree and a false positive transformed keyword tree. A true positive path identification unit generates a true positive node, and identifies a true positive path connecting a base node to the true positive node in the true positive transformed keyword tree. A true positive detection pattern generation unit generates a true positive detection pattern based on the true positive path.

摘要翻译： 用于提高入侵检测系统的检测性能的装置包括：变换检测数据生成单元，用于将根据当前检测规则检测到的原始检测数据改变为符合变换后的检测数据标准的变换检测数据。 经变换的检测数据分类单元通过攻击类型对经变换的检测数据进行分类，根据当前检测规则对转换后的检测数据进行分类，将检测规则的变换检测数据分类为真阳性/假阳性。 变换关键字树生成单元生成真正变换关键词树和假正变换关键字树。 真正的正路径识别单元生成真正的正节点，并且识别在真正的正变换关键词树中连接基本节点与真正的正节点的真正的正路径。 真正的检测图案生成单元基于真正的正路径生成真正的检测图案。