公开(公告)号：US20160065600A1

公开(公告)日：2016-03-03

申请号：US14748396

申请日：2015-06-24

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Suk won LEE ,  Geun Yong KIM ,  Taek kyu LEE ,  Myeong Ryeol CHOI ,  Soonjwa HONG ,  Seongtaek CHEE

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F16/148 ,  G06F16/9566

Abstract: An apparatus and method for automatically detecting a malicious link. The apparatus includes a threat information collection unit, a priority management unit, a malicious link collection unit, a malicious link analysis unit, and a malicious link tracking unit. The threat information collection unit collects threat information, and identifies whether a malicious link is present in each target site. The priority management unit determines the priorities of the target sites, and performs the assignment and management of the target sites in order to collect and analyze a malicious link. The malicious link collection unit collects the uniform resource locator (URL) of the malicious link from the target sites. The malicious link analysis unit analyzes a call correlation based on the collected URL, and analyzes the malicious link through pattern matching. The malicious link tracking unit tracks the real-time changing state of the malicious link.

Abstract translation: 一种用于自动检测恶意链接的装置和方法。 该装置包括威胁信息收集单元，优先管理单元，恶意链路收集单元，恶意链路分析单元和恶意链路跟踪单元。 威胁信息收集单元收集威胁信息，并识别每个目标站点中是否存在恶意链接。 优先级管理单元确定目标站点的优先级，执行目标站点的分配和管理，以收集和分析恶意链接。 恶意链接收集单元从目标站点收集恶意链接的统一资源定位符（URL）。 恶意链接分析单元根据收集的URL分析呼叫关联，并通过模式匹配分析恶意链接。 恶意链路跟踪单元跟踪恶意链路的实时变化状态。

公开(公告)号：US20150066947A1

公开(公告)日：2015-03-05

申请号：US14336491

申请日：2014-07-21

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Taek kyu LEE ,  Geun Yong KIM ,  Suk won LEE ,  Kyu Cheol JUNG ,  SoonJwa HONG ,  In seog SEO

IPC: G06F17/30

CPC classification number: G06F21/552 ,  H04L63/1425

Abstract: An indexing apparatus and method for search of security monitoring data are provided. The indexing apparatus includes a data collection unit and a data index generation unit. The data collection unit collects data, that is, a basis of search of monitoring information, from a database in which security monitoring data has been stored. The data index generation unit generates file structure-based data in which indices have assigned to multiple search elements of the data collected by the data collection unit.

Abstract translation: 提供了一种用于搜索安全监控数据的索引设备和方法。 索引装置包括数据收集单元和数据索引生成单元。 数据收集单元从已经存储有安全监视数据的数据库中收集数据，即监视信息的搜索的基础。 数据索引生成单元生成基于文件结构的数据，其中索引已经分配给由数据收集单元收集的数据的多个搜索元素。