-
公开(公告)号:US20170237716A1
公开(公告)日:2017-08-17
申请号:US15246027
申请日:2016-08-24
Inventor: Jong Hyun KIM , Ik Kyun KIM , Joo Young LEE , Sun Oh CHOI , Yang Seo CHOI
IPC: H04L29/06
CPC classification number: H04L63/0435 , H04L63/0272 , H04L63/045 , H04L63/061 , H04L63/0823 , H04L63/0869 , H04L63/1425 , H04L63/166
Abstract: The present invention relates to a system and method for interlocking intrusion information. An intrusion information interlocking system includes at least one interlocking client which is connected to a client system which collects session information of intrusion in different network domains to transmit the intrusion information collected by the client system to the control system and requests analysis information on the intrusion information in accordance with a request of the client system to provide the analysis information to the client system, and an interlocking server which is connected to a control system which analyzes intrusion information to transmit the intrusion information of different network domains provided from one or more interlocking clients to the control system, stores the intrusion analysis information from the control system, and shares the stored intrusion analysis information with the interlocking client in accordance with the request of the interlocking client.
-
2.发明申请公开(公告)号:US20170193225A1
公开(公告)日:2017-07-06
申请号:US15169259
申请日:2016-05-31
Inventor: Dae Sung MOON , Ik Kyun KIM , Yang Seo CHOI
CPC classification number: G06F21/55 , G06F21/552 , G06F2221/034 , G06N99/005
Abstract: A behavior-based malicious code detecting apparatus and method using multiple feature vectors is disclosed. A malicious code learning method may include collecting characteristic factor information when a training target process comprising a malicious code is executed, generating a feature vector for malicious code verification based on the collected characteristic factor information, learning the generated feature vector through a plurality of machine learning algorithms to generate a model of representing the malicious code and a model of representing a normal file, and storing the model of representing the malicious code and the model of representing the normal file generated through the learning.
-
公开(公告)号:US20150199512A1
公开(公告)日:2015-07-16
申请号:US14248845
申请日:2014-04-09
Inventor: Hyun Joo KIM , Ik Kyun KIM
IPC: G06F21/55
Abstract: Provided are abnormal behavior detecting apparatus and method and the abnormal behavior detecting apparatus, includes: a behavior analyzing unit which analyzes a behavior which occurs for resources of a system based on data collected from a process while the process is executed on the system; a behavior modeling unit which models a behavior analysis result for the resources of the system on a coordinate which is generated based on the behavior for the resources of the system to create a process behavior model corresponding to the resources of the system; a suspicious behavior determining unit which determines a suspicious behavior of the process in accordance with the type of the process behavior model which is implemented on the coordinate; and a process detecting unit which detects a process in which the suspicious behavior occurs as an abnormal behavior process.
Abstract translation: 提供了异常行为检测装置和方法以及异常行为检测装置,包括:行为分析单元,其基于在系统上执行处理时从进程收集的数据分析系统资源发生的行为; 行为建模单元,其基于系统的资源的行为生成的坐标来对系统的资源进行行为分析结果建模,以创建与系统的资源相对应的过程行为模型; 可疑行为确定单元,其根据在坐标上实现的过程行为模型的类型来确定过程的可疑行为; 以及处理检测单元,其检测作为异常行为处理发生可疑行为的处理。
-
公开(公告)号:US20140298399A1
公开(公告)日:2014-10-02
申请号:US13927794
申请日:2013-06-26
Inventor: Youngjun HEO , Seon-Gyoung SOHN , Dong Ho KANG , Byoung-Koo KIM , Jung-Chan NA , Ik Kyun KIM
IPC: H04L29/06
CPC classification number: H04L63/1416
Abstract: An apparatus for detecting an abnormality sign in a control system, the control system comprising control equipments, network equipments, security equipments or server equipments, the apparatus includes an information collection module configured to collect system information, network information, security event information or transaction information in interworking with a control equipments, network equipments, security equipments or server equipments. The apparatus includes storage module that stores the information collected by the information collection module. The apparatus includes an abnormality detection module configured to analyze a correlation between the collected information and a prescribed security policy to detect whether there is an abnormality sign in the control system.
Abstract translation: 一种用于检测控制系统中的异常信号的装置,所述控制系统包括控制设备,网络设备,安全设备或服务器设备,所述设备包括:信息收集模块,用于收集系统信息,网络信息,安全事件信息或交易信息 与控制设备,网络设备,安全设备或服务器设备相互配合。 该装置包括存储由信息收集模块收集的信息的存储模块。 该装置包括:异常检测模块,被配置为分析所收集的信息与规定的安全策略之间的相关性,以检测控制系统中是否存在异常信号。
-
5.发明申请公开(公告)号:US20170270299A1
公开(公告)日:2017-09-21
申请号:US15240319
申请日:2016-08-18
Inventor: Hyun Joo KIM , Jong Hyun KIM , Ik Kyun KIM
CPC classification number: G06F21/566 , G06N5/022
Abstract: The present invention relates to an apparatus and a method for detecting a malware code by generating and analyzing behavior pattern. A malware code detecting apparatus includes a behavior pattern generating unit which defines a characteristic parameter which distinguishes and specifies behaviors of a malware code and normally executable programs, converts an API calling event corresponding to the defined characteristic parameter and generates a behavior pattern in accordance with a similarity for behaviors of converted API call sequences to store the behavior pattern in a behavior pattern DB; and a malware code detecting unit which converts the API calling event corresponding to the defined characteristic parameter when the target process is executed into the API call sequence and determines whether the behavior pattern is a malware code in accordance with a similarity for behaviors of the converted API call sequence and the sequence stored in the behavior pattern DB.
-
Patent Agency Ranking
6.发明申请公开(公告)号:US20200162249A1
公开(公告)日:2020-05-21
申请号:US16654738
申请日:2019-10-16
Inventor: Sang Jae LEE , Mi Kyung OH , You Sung KANG , Ik Kyun KIM , Doo Ho CHOI
IPC: H04L9/08 , H04L9/32 , H03L7/099 , H03K19/096
Abstract: Disclosed is a method of generating secret information on the basis of a ring oscillator. According to an embodiment of the present disclosure, there is provided an apparatus for generating secret information on the basis of a ring oscillator, the apparatus including: multiple PUF information generation units each including at least one ring oscillator cell and generating physically unclonable function (PUF) information generated by the at least one ring oscillator cell; a phase checking unit cross-checking phases for the multiple pieces of the PUF information that are output from the multiple PUF information generation units, respectively; and a secret key generation unit outputting secret key information based on a result of comparing the multiple phases received from the phase checking unit.
-
7.发明申请METHOD OF MODELING BEHAVIOR PATTERN OF INSTRUCTION SET IN N-GRAM MANNER, COMPUTING DEVICE OPERATING WITH THE METHOD, AND PROGRAM STORED IN STORAGE MEDIUM TO EXECUTE THE METHOD IN COMPUTING DEVICE 有权建立N-GRAM MANNER指令集行为模式的方法,使用方法操作的计算设备和存储介质中存储的程序来执行计算设备中的方法公开(公告)号:US20160232345A1
公开(公告)日:2016-08-11
申请号:US15017504
申请日:2016-02-05
Inventor: Dae Sung MOON , Ik Kyun KIM , Han Sung LEE
CPC classification number: G06F21/566
Abstract: A computing device configured to execute an instruction set is provided. The computing device includes a system call hooker for hooking system calls that occur by the instruction set while the instruction set is executed, a category extractor for extracting a category to which each of the hooked system calls belongs with reference to category information associated with a correspondence relationship between a system call and a category, a sequence extractor for extracting one or more behavior sequences expressed in an N-gram manner from a full sequence of the hooked system calls with reference to the extracted category, and a model generator for generating a behavior pattern model of the system calls that occur when the instruction set is executed, based on a number of times that each of the extracted behavior sequences occurs.
Abstract translation: 提供了一种被配置为执行指令集的计算设备。 计算装置包括用于在指令集执行时由指令集进行的挂钩系统调用的系统呼叫连接器,用于提取每个挂钩系统呼叫所属类别的类别提取器参考与对应关系相关联的类别信息 系统调用与类别之间的关系,序列提取器,用于从涉及所提取的类别的挂接系统调用的完整序列中提取以N-格式表示的一个或多个行为序列,以及用于生成行为的模型生成器 基于每个提取的行为序列发生的次数,执行指令集时发生的系统调用的模式模型。
-
8.发明申请METHOD AND SYSTEM FOR NETWORK CONNECTION CHAIN TRACEBACK USING NETWORK FLOW DATA 有权使用网络流量数据的网络连接链路跟踪的方法和系统公开(公告)号:US20150256555A1
公开(公告)日:2015-09-10
申请号:US14635962
申请日:2015-03-02
Inventor: Yang Seo CHOI , Ik Kyun KIM , Min Ho HAN , Jung Tae KIM , Jong Hyun KIM
IPC: H04L29/06
CPC classification number: H04L63/1441 , H04L63/1416 , H04L63/1425
Abstract: Disclosed are provided a method and a system for network connection chain traceback by using network flow data in order to trace an attack source site for cyber hacking attacks that goes by way of various sites without addition of new equipment of a network or modification a standard protocol when the cyber hacking attack occurs in the Internet and an internal network.
Abstract translation: 提供了一种通过使用网络流数据来网络连接链追溯的方法和系统,以便跟踪通过各种站点进行的网络黑客攻击的攻击源站点,而不添加网络的新设备或修改标准协议 当网络黑客攻击发生在互联网和内部网络时。
-
公开(公告)号:US20230161879A1
公开(公告)日:2023-05-25
申请号:US18056141
申请日:2022-11-16
Inventor: Ki Jong KOO , Jung Tae KIM , Jong Hyun KIM , Dae Sung MOON , Sang Min LEE , Ik Kyun KIM , Ji Hyeon SONG
IPC: G06F21/55
CPC classification number: G06F21/554 , G06F2221/034
Abstract: Disclosed herein a method and apparatus for detecting a malicious code based on an assembly language model. According to an embodiment of the present disclosure, there is provided a method for detecting a malicious code. The method comprising: generating an instruction code sequence by converting an input file, for which a malicious code is to be detected, into an assembly code; embedding the instruction code sequence by using a prelearned assembly language model for instruction code embedding and outputting an embedding result of the instruction code sequence; and detecting whether or not the input file is a malicious code, by using a prelearned malicious code classification model with the embedding result as an input.
-
公开(公告)号:US20230156463A1
公开(公告)日:2023-05-18
申请号:US17967957
申请日:2022-10-18
Inventor: Yong Sung JEON , Ha Young SEONG , Sang Woo LEE , You Sung KANG , Ik Kyun KIM , Mi Kyung OH , Sang Jae LEE
CPC classification number: H04W12/03 , H04L1/0061
Abstract: Provided is a module and method for transmitting information using a wireless hidden signal, which is capable of transmitting important information data requiring extreme security using a wireless hidden signal, and allowing the important information to be detected and distinguished by only promised transmitting/receiving parties so that the possibility of the wireless hidden signal being discovered can be minimized and security can be enhanced. The module for transferring information using a wireless hidden signal includes: a hidden formatting unit configured to generate a transmission data frame structure based on data that needs to be wirelessly transmitted; a hidden encoding unit configured to encode the generated transmission data frame structure to generate and output a hidden encoded bit stream; and a hidden modulation unit configured to convert the output hidden encoded bit stream into a wireless signal in a wireless transmission format.
-
-
-
-
-
-
-
-
-
Search Results
20
records
(took 0.019 seconds)
