公开(公告)号：US11726668B2

公开(公告)日：2023-08-15

申请号：US17507727

申请日：2021-10-21

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Yong-Sung Jeon ,  Doo-Ho Choi ,  Ha-Young Seong ,  Mi-Kyung Oh ,  Sang-Jae Lee ,  Ik-Kyun Kim

IPC: G06F3/06

CPC classification number: G06F3/0619 ,  G06F3/0652 ,  G06F3/0659 ,  G06F3/0673

Abstract: Disclosed herein is a device equipped with flash memory, which includes memory in which at least one program is recorded and a processor for executing the program. The memory includes flash memory including a data area and a backup area, and the program divides data into two or more segments depending on whether the data can be stored in a single page and stores the same in the data area. The first segment is stored in a page along with a segment number, indicating the sequential position of the divided data, a segment offset, indicating the number of pages between the pages in which the current segment and the next segment are stored, the size of a data file name, the size of the data, and the file name. At least one additional segment may be stored in another page along with the segment number and segment offset thereof.

公开(公告)号：US11329835B2

公开(公告)日：2022-05-10

申请号：US16855754

申请日：2020-04-22

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Byoung-Koo Kim ,  Seung-Yong Yoon ,  You-Sung Kang ,  Doo-Ho Choi ,  Ik-Kyun Kim ,  Tae-Sung Kim ,  Mi-Kyung Oh ,  Sang-Jae Lee

IPC: H04L9/32 ,  G06F21/44 ,  H04L9/08 ,  H04L29/06 ,  G06F7/58

Abstract: Disclosed herein are an apparatus and method for authenticating an IoT device. The method, performed by the IoT device authentication apparatus, includes transmitting, by the IoT device authentication apparatus, a random number to the IoT device and encrypting, by the IoT device authentication apparatus, the random number using a previously registered first white-box cryptography value through a white-box cryptography method; generating, by the IoT device, a first device response value from a previously registered first device challenge value using a Physical Unclonable Function (PUF) and encrypting, by the IoT device, the random number, received from the IoT device authentication apparatus, using the first device response value; and performing, by the IoT device authentication apparatus, authentication of the IoT device by checking whether the random number encrypted using the white-box cryptography method matches the random number encrypted using the PUF, which is received from the IoT device.

公开(公告)号：US09374382B2

公开(公告)日：2016-06-21

申请号：US14518623

申请日：2014-10-20

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Min-Ho Han ,  Jung-Tae Kim ,  Ik-Kyun Kim ,  Hyun-Sook Cho

IPC: G06F21/55 ,  H04L29/06 ,  H04W12/12

CPC classification number: H04L63/1416 ,  H04L63/1466 ,  H04L63/164

Abstract: An apparatus and a method for an attack source traceback capable of tracing back an attacker, that is, an attack source present behind a command and control (C&C) server in a cyber target attack having non-connectivity over a transmission control protocol (TCP) connection are disclosed. The apparatus for the attack source traceback includes: a server information extracting unit detecting an attack for a system, which is generated via a server to thereby extract information on the server; a traceback agent installing unit installing a traceback agent in the server based on the information on the server; and a traceback unit finding an attack source for the system by analyzing network information of the server obtained by the traceback agent.

Abstract translation: 一种用于跟踪攻击者的攻击源追溯的装置和方法，即在具有通过传输控制协议（TCP）上的非连接性的网络目标攻击中的命令和控制（C＆C）服务器后面的攻击源， 连接被公开。 用于攻击源追溯的装置包括：服务器信息提取单元，其检测经由服务器生成的系统的攻击，从而在服务器上提取信息; 追溯代理安装单元，基于服务器上的信息在服务器中安装回溯代理; 追溯单元通过分析由追溯代理获得的服务器的网络信息来查找系统的攻击源。

公开(公告)号：US20150121072A1

公开(公告)日：2015-04-30

申请号：US14254305

申请日：2014-04-16

Applicant: Electronics and Telecommunications Research Institute

Inventor： Yang-Seo CHOI ,  Ik-Kyun Kim

IPC: G06F21/57 ,  H04L9/32 ,  H04L29/06

CPC classification number: G06F21/57 ,  G06F21/51 ,  G06F21/572 ,  H04L9/3247 ,  H04L63/08 ,  H04L63/123 ,  H04L63/1441

Abstract: There is provided an object verification apparatus comprising; a communication module receiving object information to verify an object and integrity of the object, and requesting original object information to an integrity authentication server in which the original object information for the object is registered and receiving the original object information from the integrity authentication server; and a control module determining whether current object information extracted from the object and the object information are identical or not, controlling the communication module according to the determined result, and comparing the original object information and the current object information to verify the final integrity of the object.

Abstract translation: 提供了一种对象验证装置，包括： 接收对象信息以验证对象的对象和完整性的通信模块，以及向对象的原始对象信息进行登记的完整性认证服务器请求原始对象信息，并且从完整性认证服务器接收原始对象信息; 以及控制模块，确定从对象提取的当前对象信息和对象信息是否相同，根据确定的结果控制通信模块，并比较原始对象信息和当前对象信息，以验证对象信息的最终完整性 目的。

公开(公告)号：US12026181B2

公开(公告)日：2024-07-02

申请号：US17552328

申请日：2021-12-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Joo-Young Lee ,  Ki-Jong Koo ,  Ik-Kyun Kim ,  Dae-Sung Moon ,  Kyung-Min Park

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/29

CPC classification number: G06F16/29 ,  G06F16/2246 ,  G06F16/2255

Abstract: Disclosed herein are a network environment synchronization apparatus and method. The network environment synchronization apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect data from a network environment and generate a management structure in which collected data is distributed into preset respective group units, generate data discriminators for respective group units using a preset hash function, determine whether data of the management structure has changed with reference to data newly collected from the network environment based on the data discriminators, and when it is determined whether data of the management structure has changed, update the data of the management structure with the newly collected data.

公开(公告)号：US11790085B2

公开(公告)日：2023-10-17

申请号：US17461337

申请日：2021-08-30

Applicant: Electronics and Telecommunications Research Institute

Inventor： Jung-Tae Kim ,  Ji-Hyeon Song ,  Jong-Hyun Kim ,  Sang-Min Lee ,  Ik-Kyun Kim ,  Dae-Sung Moon

IPC: G06F21/56 ,  G06N20/00

CPC classification number: G06F21/564 ,  G06N20/00

Abstract: Disclosed herein are an apparatus for detecting unknown malware using a variable-length operation code (opcode) and a method using the apparatus. The method includes collecting opcode information from a detection target, generating a multi-pixel image having a variable length by performing feature engineering on the opcode information; and detecting unknown malware by inputting the multi-pixel image to a deep-learning model based on AI.

公开(公告)号：US11171915B2

公开(公告)日：2021-11-09

申请号：US16452682

申请日：2019-06-26

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Kyung-Min Park ,  Samuel Woo ,  Dae-Sung Moon ,  Ki-Jong Koo ,  Ik-Kyun Kim ,  Joo-Young Lee

IPC: G06F15/16 ,  H04L29/12 ,  H04L29/06 ,  H04L9/08

Abstract: Disclosed herein are a server apparatus, a client apparatus, and a method for communication based on network address mutation. The method for communication based on network address mutation, performed by the server apparatus and the client apparatus, includes setting the external address of a network interface for receiving a packet from the client apparatus; setting the internal address of a hidden interface in order to forward the packet received through the network interface to the hidden interface; modifying the external address based on a preset network address mutation rule; and communicating with the client apparatus by forwarding the packet, received from the client apparatus based on the modified external address, to the hidden interface.

公开(公告)号：US10785252B2

公开(公告)日：2020-09-22

申请号：US15985452

申请日：2018-05-21

Applicant: Electronics and Telecommunications Research Institute

Inventor： Jooyoung Lee ,  Dae-Sung Moon ,  Kyung-Min Park ,  Samuel Woo ,  Ho Hwang ,  Ik-Kyun Kim ,  Seung-Hun Jin

IPC: H04L29/06

Abstract: Disclosed herein is an apparatus for enhancing network security, which includes an information collection unit for collecting information about states of hosts that form a network and information about connectivity in the network; an attack surface analysis unit for analyzing attack surfaces by creating an attack graph using the information about the states and the information about connectivity; a security-enhancing strategy establishment unit for establishing a security-enhancing strategy based on the attack graph; and a security-enhancing strategy implementation unit for delivering a measure based on the security-enhancing strategy to a corresponding host, thereby taking a security-enhancing measure.

公开(公告)号：US10693908B2

公开(公告)日：2020-06-23

申请号：US15803062

申请日：2017-11-03

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung-Tae Kim ,  Ik-Kyun Kim

IPC: H04L29/06 ,  H04L12/26

Abstract: Disclosed herein are an apparatus and method for detecting a Distributed Reflection Denial of Service (DRDoS) attack. The DRDoS attack detection apparatus includes a network flow data reception unit for receiving network flow data from network equipment, a session type determination unit for determining a session type of the received network flow data, a host type determination unit for determining a type of host corresponding to the network flow data based on the session type, an attack method determination unit for determining an attack method corresponding to the network flow data, a protocol identification unit for identifying a protocol of the network flow data, and an attack detection unit for detecting a DRDoS attack based on the session type, the host type, the attack method, and the protocol.

公开(公告)号：US12039035B2

公开(公告)日：2024-07-16

申请号：US17518373

申请日：2021-11-03

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Dong-Wook Kang ,  Dae-Won Kim ,  Ik-Kyun Kim ,  Sang-Su Lee ,  Jin-Yong Lee ,  Byeong-Cheol Choi ,  Yong-Je Choi

IPC: G06F21/54 ,  G06F9/30 ,  G06F21/55

CPC classification number: G06F21/54 ,  G06F9/30058 ,  G06F9/30101 ,  G06F21/554 ,  G06F21/556

Abstract: Disclosed herein are an apparatus and method for detecting violation of control flow integrity. The apparatus includes memory for storing a program and a processor for executing the program, wherein the processor multiple branch identifier registers to which identifiers of branch targets are written, a set branch identifier instruction configured to command an identifier of a branch target to be written to a branch identifier register at a predetermined sequence number, among the multiple branch identifier registers, and a check branch identifier instruction configured to command a signal indicating detection of a control flow hijacking attack to be issued based on whether a value written to the branch identifier register at the predetermined sequence number is identical to a value of an identifier of a branch target at the predetermined sequence number, wherein the program detects whether a control flow is hijacked based on the multiple branch identifier registers.