公开(公告)号：US09560144B2

公开(公告)日：2017-01-31

申请号：US14471816

申请日：2014-08-28

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： YuJeong Han ,  Dong Su Nam ,  HyungGeun Oh ,  Kiwook Sohn

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L67/146 ,  H04L63/14

Abstract: An apparatus and method for processing packets are disclosed. The apparatus for processing packets includes a session processing unit, a parallel processing unit, and a storage unit. The session processing unit divides a packet group, including a plurality of HTTP packets, into a plurality of session files, and then distributes the session files. The parallel processing unit generates metadata and extracts content from each of the distributed session files based on the plurality of session files. The storage unit stores the metadata generated by the parallel processing unit and the content extracted by the parallel processing unit.

Abstract translation: 公开了一种用于处理分组的装置和方法。 用于处理分组的装置包括会话处理单元，并行处理单元和存储单元。 会话处理单元将包括多个HTTP分组的分组组分割成多个会话文件，然后分发会话文件。 并行处理单元基于多个会话文件生成元数据并从每个分布式会话文件中提取内容。 存储单元存储由并行处理单元生成的元数据和由并行处理单元提取的内容。

公开(公告)号：US09350712B2

公开(公告)日：2016-05-24

申请号：US14470604

申请日：2014-08-27

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： YuJeong Han ,  Jung Hwan Moon ,  Dong Su Nam ,  HyungGeun Oh ,  Kiwook Sohn

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L63/0428 ,  H04L63/14

Abstract: A packet analysis apparatus and method and a VPN server, which secure evidence against a situation in which a hacker disguises a packet as a normal packet to make an attack using a VPN server as a router. The packet analysis apparatus includes a packet classification unit for gathering and classifying packets which are used between a host and the VPN server and plaintext packets which are used between the VPN server and a target. A first comparative analysis unit compares contents of an encapsulated IP datagram of each encrypted VPN packet, obtained by decrypting the encrypted VPN packet, with contents of a plaintext IP datagram included in each plaintext packet and present for a target to which the host desires to transfer the encrypted VPN packet. A second comparative analysis unit compares lengths of the encapsulated IP datagram and the plaintext IP datagram with each other.

Abstract translation: 一种分组分析装置和方法以及VPN服务器，用于保护黑客将数据包伪装成普通数据包以使用VPN服务器作为路由器进行攻击的情况。 分组分析装置包括用于收集和分类在主机与VPN服务器之间使用的分组以及在VPN服务器与目标之间使用的明文分组的分组分类单元。 第一比较分析单元将通过解密加密的VPN分组获得的每个加密的VPN分组的封装的IP数据报的内容与包含在每个明文分组中的明文IP数据报的内容进行比较，并且存在于主机期望转移的目标 加密的VPN数据包。 第二比较分析单元将封装的IP数据报和明文IP数据报的长度彼此进行比较。

公开(公告)号：US09342366B2

公开(公告)日：2016-05-17

申请号：US14053655

申请日：2013-10-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Junghee Lee ,  Sungryoul Lee ,  Deokjin Kim ,  Young Han Choi ,  Byungchul Bae ,  HyungGeun Oh ,  Kiwook Sohn ,  KyoungSoo Park ,  Yung Yi ,  Jihyung Lee ,  Sangwoo Moon

IPC: G06F9/455 ,  G06F9/46 ,  G06F9/50 ,  H04L29/06 ,  G06F21/55 ,  G06F21/85

CPC classification number: G06F9/505 ,  G06F9/5027 ,  G06F21/554 ,  G06F21/85 ,  H04L63/1416

Abstract: An intrusion detection apparatus and method using a load balancer responsive to traffic conditions between a central processing unit (CPU) and a graphics processing unit (GPU) are provided. The intrusion detection apparatus includes a packet acquisition unit, a character string check task allocation unit, a CPU character string check unit, and a GPU character string check unit. The packet acquisition unit receives packets, and stores the packets in a single task queue. The character string check task allocation unit determines the number of packets in the packet acquisition unit, and allocates character string check tasks to the CPU or the GPU. The CPU character string check unit compares the character strings of the packets with a character string defined in at least one detection rule inside the CPU. The GPU character string check unit compares the character strings of the packets with the character string inside the GPU.

Abstract translation: 提供了一种响应于中央处理单元（CPU）和图形处理单元（GPU）之间的交通状况的负载平衡器的入侵检测装置和方法。 入侵检测装置包括分组获取单元，字符串检查任务分配单元，CPU字符串检查单元和GPU字符串检查单元。 分组获取单元接收分组，并将分组存储在单个任务队列中。 字符串检查任务分配单元确定分组获取单元中的分组数量，并将字符串检查任务分配给CPU或GPU。 CPU字符串检查单元将分组的字符串与在CPU内的至少一个检测规则中定义的字符串进行比较。 GPU字符串检查单元将数据包的字符串与GPU内的字符串进行比较。