公开(公告)号：US20140109105A1

公开(公告)日：2014-04-17

申请号：US14053655

申请日：2013-10-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Junghee LEE ,  Sungryoul LEE ,  Deokjin KIM ,  Young Han CHOI ,  Byungchul BAE ,  HyungGeun OH ,  Kiwook SOHN ,  KyoungSoo PARK ,  Yung YI ,  Jihyung LEE ,  Sangwoo MOON

IPC: G06F9/50

CPC classification number: G06F9/505 ,  G06F9/5027 ,  G06F21/554 ,  G06F21/85 ,  H04L63/1416

Abstract: An intrusion detection apparatus and method using a load balancer responsive to traffic conditions between a central processing unit (CPU) and a graphics processing unit (GPU) are provided. The intrusion detection apparatus includes a packet acquisition unit, a character string check task allocation unit, a CPU character string check unit, and a GPU character string check unit. The packet acquisition unit receives packets, and stores the packets in a single task queue. The character string check task allocation unit determines the number of packets in the packet acquisition unit, and allocates character string check tasks to the CPU or the GPU. The CPU character string check unit compares the character strings of the packets with a character string defined in at least one detection rule inside the CPU. The GPU character string check unit compares the character strings of the packets with the character string inside the GPU.

Abstract translation: 提供了一种响应于中央处理单元（CPU）和图形处理单元（GPU）之间的交通状况的负载平衡器的入侵检测装置和方法。 入侵检测装置包括分组获取单元，字符串检查任务分配单元，CPU字符串检查单元和GPU字符串检查单元。 分组获取单元接收分组，并将分组存储在单个任务队列中。 字符串检查任务分配单元确定分组获取单元中的分组数量，并将字符串检查任务分配给CPU或GPU。 CPU字符串检查单元将分组的字符串与在CPU内的至少一个检测规则中定义的字符串进行比较。 GPU字符串检查单元将数据包的字符串与GPU内的字符串进行比较。

公开(公告)号：US20170005952A1

公开(公告)日：2017-01-05

申请号：US14862749

申请日：2015-09-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jihyung LEE ,  Sungryoul LEE ,  Junghee LEE ,  Yung YI ,  KyoungSoo PARK

IPC: H04L12/879 ,  H04L29/06 ,  H04L12/861

CPC classification number: H04L49/901 ,  H04L49/9042 ,  H04L69/22

Abstract: An apparatus and method for storing data traffic on a flow basis. The apparatus for storing data traffic on a flow basis includes a packet storage unit a flow generation unit, and a metadata generation unit. The packet storage unit receives packets corresponding to data traffic, and temporarily stores the packets using queues. The flow generation unit generates flows by grouping the packets by means of a hash function using information about each of the packets as input, and to store the flows. The metadata generation unit generates metadata and index data corresponding to each of the flows, and stores the metadata and the index data.

Abstract translation: 一种基于流量存储数据流量的装置和方法。 用于以流为基础存储数据业务的装置包括分组存储单元，流生成单元和元数据生成单元。 分组存储单元接收与数据业务相对应的分组，并且使用队列临时存储分组。 流生成单元通过使用关于每个分组的信息作为输入的散列函数对分组进行分组来生成流并存储流。 元数据生成单元生成与每个流对应的元数据和索引数据，并存储元数据和索引数据。

公开(公告)号：US20160294859A1

公开(公告)日：2016-10-06

申请号：US14735579

申请日：2015-06-10

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Changho CHOI ,  Brent ByungHoon KANG ,  Sungryoul LEE ,  JungMin KANG

IPC: H04L29/06 ,  G06F17/30 ,  G06N99/00 ,  H04L29/12

CPC classification number: H04L63/1425 ,  G06F21/00 ,  G06N5/025 ,  G06N99/005 ,  H04L61/1511

Abstract: An apparatus and method for detecting a malicious domain cluster. The apparatus for detecting a malicious domain cluster includes a domain name server (DNS) data collection unit and a malicious domain cluster detection unit. The DNS data collection unit collects DNS traffic over a network, and stores the DNS traffic in a database. The malicious domain cluster detection unit generates a domain cluster based on the DNS data, learns the characteristics of normal and malicious clusters in the domain cluster, and detects whether the domain cluster is malicious based on the result of the learning.

Abstract translation: 一种用于检测恶意域群集的装置和方法。 用于检测恶意域群集的装置包括域名服务器（DNS）数据收集单元和恶意域群集检测单元。 DNS数据收集单元通过网络收集DNS流量，并将DNS流量存储在数据库中。 恶意域群集检测单元根据DNS数据生成域集群，学习域群中正常和恶意群集的特征，根据学习结果，检测域群集是否恶意。