公开(公告)号：US09398040B2

公开(公告)日：2016-07-19

申请号：US14470119

申请日：2014-08-27

申请人： ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

发明人： Taek kyu Lee ,  Geun Yong Kim ,  Seok won Lee ,  Myeong Ryeol Choi ,  Hyung Geun Oh ,  KiWook Sohn

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  H04L63/0236 ,  H04L63/1408 ,  H04L63/1441

摘要： Disclosed herein is an Intrusion Detection System (IDS) false positive detection apparatus and method. An IDS false positive detection apparatus includes a payload extraction unit for extracting payloads by dividing each packet corresponding to an IDS detection rule into a header and a payload. A false positive payload information generation unit generates false positive payload information required to identify a false positive payload by extracting a payload of a false positive packet based on results of packet analysis received from a manager. A false positive payload determination unit transmits results of a determination of whether each payload extracted by the payload extraction unit corresponds to a false positive payload, based on the false positive payload information, to the manager.

摘要翻译： 本文公开了入侵检测系统（IDS）假阳性检测装置和方法。 IDS假阳性检测装置包括有效载荷提取单元，用于通过将对应于IDS检测规则的每个分组划分成报头和有效载荷来提取有效载荷。 假正负载信息生成单元基于从管理器接收到的分组结果的结果，提取伪阳性分组的有效载荷，生成用于识别假正负载所需的假正负载信息。 假正负载确定单元向管理者发送确定由有效载荷提取单元提取的每个有效载荷是否基于假正负载信息对应于假正有效载荷的结果。

公开(公告)号：US09323987B2

公开(公告)日：2016-04-26

申请号：US14467677

申请日：2014-08-25

申请人： ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

发明人： Taek kyu Lee ,  Geun Yong Kim ,  Seok won Lee ,  Myeong Ryeol Choi ,  Hyung Geun Oh ,  KiWook Sohn

IPC分类号： G06K9/62 ,  G06K9/00 ,  G06K9/34 ,  G06K9/72

CPC分类号： G06K9/00469 ,  G06K9/344 ,  G06K9/723 ,  G06K2209/01

摘要： An apparatus and method for detecting forgery/falsification of a homepage. The apparatus includes a homepage image shot generation module for generating homepage image shots of an entire screen of an accessed homepage. A character string extraction module extracts character strings from each homepage image shot using an OCR technique. A character string comparison module compares each of the extracted character strings with character strings required for determination of homepage forgery/falsification, thus determining whether the extracted character string is a normal character string or a falsified character string. A homepage falsification determination module determines whether the corresponding homepage has been forged/falsified, based on results of the comparison. A character string learning module learns the character string extracted from the homepage image shot, based on results of the determination, and classifies the character string as the normal character string or the falsified character string.

摘要翻译： 一种用于检测主页伪造/伪造的装置和方法。 该装置包括用于生成访问的主页的整个屏幕的主页图像拍摄的主页图像拍摄生成模块。 字符串提取模块使用OCR技术从每个主页图像提取字符串。 字符串比较模块将每个提取的字符串与确定主页伪造/伪造所需的字符串进行比较，从而确定提取的字符串是正常字符串还是伪造的字符串。 主页伪造确定模块根据比较结果确定相应的主页是否已被伪造/伪造。 字符串学习模块基于确定的结果来学习从主页图像提取的字符串，并将字符串分类为正常字符串或伪造的字符串。