公开(公告)号：US09342366B2

公开(公告)日：2016-05-17

申请号：US14053655

申请日：2013-10-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Junghee Lee ,  Sungryoul Lee ,  Deokjin Kim ,  Young Han Choi ,  Byungchul Bae ,  HyungGeun Oh ,  Kiwook Sohn ,  KyoungSoo Park ,  Yung Yi ,  Jihyung Lee ,  Sangwoo Moon

IPC: G06F9/455 ,  G06F9/46 ,  G06F9/50 ,  H04L29/06 ,  G06F21/55 ,  G06F21/85

CPC classification number: G06F9/505 ,  G06F9/5027 ,  G06F21/554 ,  G06F21/85 ,  H04L63/1416

Abstract: An intrusion detection apparatus and method using a load balancer responsive to traffic conditions between a central processing unit (CPU) and a graphics processing unit (GPU) are provided. The intrusion detection apparatus includes a packet acquisition unit, a character string check task allocation unit, a CPU character string check unit, and a GPU character string check unit. The packet acquisition unit receives packets, and stores the packets in a single task queue. The character string check task allocation unit determines the number of packets in the packet acquisition unit, and allocates character string check tasks to the CPU or the GPU. The CPU character string check unit compares the character strings of the packets with a character string defined in at least one detection rule inside the CPU. The GPU character string check unit compares the character strings of the packets with the character string inside the GPU.

Abstract translation: 提供了一种响应于中央处理单元（CPU）和图形处理单元（GPU）之间的交通状况的负载平衡器的入侵检测装置和方法。 入侵检测装置包括分组获取单元，字符串检查任务分配单元，CPU字符串检查单元和GPU字符串检查单元。 分组获取单元接收分组，并将分组存储在单个任务队列中。 字符串检查任务分配单元确定分组获取单元中的分组数量，并将字符串检查任务分配给CPU或GPU。 CPU字符串检查单元将分组的字符串与在CPU内的至少一个检测规则中定义的字符串进行比较。 GPU字符串检查单元将数据包的字符串与GPU内的字符串进行比较。

公开(公告)号：US10366226B2

公开(公告)日：2019-07-30

申请号：US15273984

申请日：2016-09-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Junghee Lee ,  Sangrok Lee

IPC: G06F7/04 ,  G06F21/52

Abstract: A malicious code analysis device and method used on an external device connected via a USB cable. The malicious code analysis method includes connecting a malicious code analysis device to an analysis target terminal, on which malicious code is to be executed, from outside the analysis target terminal via a USB cable, multi-booting the analysis target terminal based on multiple Operating System (OS) image files stored in the malicious code analysis device; providing user input to the analysis target terminal so that malicious code is incapable of recognizing that a current environment is an analysis environment, and analyzing, by the malicious code analysis device, the malicious code in consideration of both data modified by the malicious code, among pieces of data corresponding to the multiple OS image files, and the user input.

公开(公告)号：US10237207B2

公开(公告)日：2019-03-19

申请号：US14862749

申请日：2015-09-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jihyung Lee ,  Sungryoul Lee ,  Junghee Lee ,  Yung Yi ,  KyoungSoo Park

IPC: H04L12/879 ,  H04L12/861 ,  H04L29/06

Abstract: An apparatus and method for storing data traffic on a flow basis. The apparatus for storing data traffic on a flow basis includes a packet storage unit, a flow generation unit, and a metadata generation unit. The packet storage unit receives packets corresponding to data traffic, and temporarily stores the packets using queues. The flow generation unit generates flows by grouping the packets by means of a hash function using information about each of the packets as input, and to store the flows. The metadata generation unit generates metadata and index data corresponding to each of the flows, and stores the metadata and the index data.

公开(公告)号：US10467410B2

公开(公告)日：2019-11-05

申请号：US15404579

申请日：2017-01-12

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sangrok Lee ,  Junghee Lee

IPC: G06F21/00 ,  G06F21/56 ,  G06F21/57

Abstract: An apparatus and method for monitoring the confidentiality and integrity of a target system. The apparatus for monitoring the confidentiality and integrity of a target system includes a target area information reception unit for receiving target area information about a target area of the target system and storing the target area information, a monitoring unit for extracting attack information by monitoring at least one of confidentiality, corresponding to a data load instruction, and integrity, corresponding to a data store instruction, based on the target area information, and an attack-handling unit for determining whether an attack is occurring based on the extracted attack information and for handling the attack when it is determined that an attack is occurring.