公开(公告)号：US09699204B2

公开(公告)日：2017-07-04

申请号：US14699449

申请日：2015-04-29

Applicant: Electronics and Telecommunications Research Institute

Inventor： Byoung Koo Kim ,  Dong Ho Kang ,  Jung Chan Na ,  Seon Gyoung Sohn ,  Young Jun Heo

IPC: H04L29/06 ,  H04L12/40 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L63/1425 ,  H04L12/40 ,  H04L41/142 ,  H04L43/026 ,  H04L67/12 ,  H04L69/16 ,  H04L69/329 ,  H04L2012/40228

Abstract: An abnormal traffic detection apparatus and method based on Modbus communication pattern learning is provided. The abnormal traffic detection apparatus based on the Modbus communication pattern learning previously detects and responds to abnormal traffic on a Modbus/TCP protocol. According to the present invention, a communication service between control systems can be stably provided by previously detecting the abnormal traffic capable of interfering with a stable operation of the control system. Particularly, since the effective abnormal traffic on the Modbus/TCP protocol can be previously detected, security of the control system can be increased by rapid detection and response with respect to security threats on the Intranet of the control system, and availability can be secured.

公开(公告)号：US09871806B2

公开(公告)日：2018-01-16

申请号：US14729709

申请日：2015-06-03

Applicant: Electronics and Telecommunications Research Institute

Inventor： Seon Gyoung Sohn ,  Young Jun Heo

IPC: H04L29/06

CPC classification number: H04L63/1408

Abstract: An apparatus and method of displaying a network security situation is provided. The apparatus includes an extraction unit configured to classify a characteristic factor including IP addresses of a transmission node and a reception node from a traffic flow, a network visualization unit configured to generate a domain circle visualizing each of a transmission domain and a reception domain as a circle shape by mapping the IP addresses of the transmission node and the reception node to points on circumference as one to one, arrange the generated domain circle on an axis, and visualize each of a transmission network area and a reception network area as a sphere shape, a session construction unit configured to a session of the visualized transmission network area and reception network visually, and a display unit configured to display the session which is visually constructed.