公开(公告)号：US20070130188A1

公开(公告)日：2007-06-07

申请号：US11634731

申请日：2006-12-06

申请人： Hwa Moon ,  Sungwon Yi ,  Jintae Oh ,  Jong Jang ,  Changhoon Kim

发明人： Hwa Moon ,  Sungwon Yi ,  Jintae Oh ,  Jong Jang ,  Changhoon Kim

IPC分类号： G06F7/00

CPC分类号： G06F21/64 ,  G06F7/02 ,  H04L9/3231 ,  H04L9/3236 ,  Y10S707/99942 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

摘要： Provided are a data hashing method, a data processing method, and a data processing system using a similarity-based hashing (SBH) algorithm in which the same hash value is calculated for the same data and the more similar data, the smaller difference in the generated hash values. The data hashing method includes receiving computerized data, and generating a hash value of the computerized data using the SBH algorithm in which two data are the same if calculated hash values are the same and two data are similar if the difference of calculated hash values is small. Therefore, a search, comparison, and classification of data can be quickly processed within a time complexity of O(1) or O(n) since the similarity/closeness of data content are quantified by that of the corresponding hash values.

摘要翻译： 提供了一种使用基于相似度的散列（SBH）算法的数据散列方法，数据处理方法和数据处理系统，其中针对相同数据计算相同的散列值，并且提供了更相似的数据， 生成的哈希值。 数据散列方法包括接收计算机数据，并使用SBH算法生成计算机化数据的哈希值，其中如果计算的散列值相同，则两个数据相同，并且如果计算的散列值的差异小则两个数据相似 。 因此，可以在O（1）或O（n）的时间复杂度内快速地处理数据的搜索，比较和分类，因为数据内容的相似/接近由相应散列值的相似度/接近度量化。

公开(公告)号：US20050141423A1

公开(公告)日：2005-06-30

申请号：US11004426

申请日：2004-12-03

申请人： Jong Lee ,  Jintae Oh ,  Jong Jang ,  Sung Sohn

发明人： Jong Lee ,  Jintae Oh ,  Jong Jang ,  Sung Sohn

IPC分类号： H04L12/28 ,  H04L12/24 ,  H04L12/26

CPC分类号： H04L41/0896 ,  H04L43/026

摘要： A method of and an apparatus for sorting data traffic based on a predetermined priority such as a bandwidth and a liveliness is provided. The method includes operations of: receiving the data flows; sorting the data flows based on bandwidth by defining a plurality of bandwidth ranges and classifying the sorted data flows according to the bandwidth ranges to which the bandwidth of each data flow belongs; and sorting the classified data flows based on liveliness representing frequency of occurrence of the data flows. The sorting of the classified data lows determines that the data flow which is recently received has the higher liveliness and sorts the data flows based on the determination. The method and apparatus facilitates selecting data flows which are possible hostile attack attempts from a vast amount of data traffic and allowing selective and intensive monitoring of the selected data flows.

摘要翻译： 提供了一种基于诸如带宽和活力之类的预定优先级对数据业务排序的方法和装置。 该方法包括：接收数据流; 通过定义多个带宽范围，根据带宽分配数据流，并根据每个数据流的带宽所属的带宽范围对排序的数据流进行分类; 并根据表示数据流出现频率的生物活动对分类数据流进行排序。 分类数据低的排序确定最近接收的数据流具有更高的活力并且基于确定对数据流进行排序。 所述方法和装置有助于从大量的数据业务中选择可能的敌对攻击尝试的数据流，并允许选择性和密集地监视所选数据流。

公开(公告)号：US20080080715A1

公开(公告)日：2008-04-03

申请号：US11863394

申请日：2007-09-28

申请人： Ho Lee ,  Jintae Oh ,  Taek Nam ,  Seungmin Lee ,  Jong Jang

发明人： Ho Lee ,  Jintae Oh ,  Taek Nam ,  Seungmin Lee ,  Jong Jang

IPC分类号： H04L9/00 ,  G06F12/16

CPC分类号： G06F21/602 ,  G06F21/72 ,  G06F21/85 ,  H04L9/08

摘要： Provided are an apparatus and a method for data encryption using a secure memory, and more particularly, to an apparatus and a method for high-speed, large-volume data encryption using a security function included in the secure memory in response to an encryption/decryption request of a user application program. Conventional data encryption methods perform data encryption using software or hardware including a peripheral component interconnect (PCI) bus. However, the conventional data encryption methods do not satisfy speed-sensitive applications. To improve this problem, the present invention provides an apparatus and a method for high-speed, large-volume data encryption using a security function of a memory.

摘要翻译： 提供了一种使用安全存储器进行数据加密的装置和方法，更具体地，涉及使用安全存储器中包括的安全功能的高速，大容量数据加密的装置和方法，该安全功能响应于加密/ 用户应用程序的解密请求。 常规数据加密方法使用包括外围组件互连（PCI）总线的软件或硬件执行数据加密。 然而，常规的数据加密方法不满足速度敏感的应用。 为了改善这个问题，本发明提供一种使用存储器的安全功能进行高速，大容量数据加密的装置和方法。

公开(公告)号：US20060123480A1

公开(公告)日：2006-06-08

申请号：US11088975

申请日：2005-03-24

申请人： Jintae Oh ,  Seung Shin ,  Ki Kim ,  Jong Jang ,  Sung Sohn

发明人： Jintae Oh ,  Seung Shin ,  Ki Kim ,  Jong Jang ,  Sung Sohn

IPC分类号： G06F12/14

CPC分类号： H04L63/1408

摘要： The present invention relates to a real-time network attack pattern detection system and a method thereof in which a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.

摘要翻译： 本发明涉及一种实时网络攻击模式检测系统及其方法，其中从怀疑是诸如蠕虫的网络攻击的分组实时检测到公共模式，以有效地阻止攻击。 该系统包括：可疑包检测器，用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元，用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元，用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器，用于接收可疑包检测器的输出数据，第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表，用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。

公开(公告)号：US20060085855A1

公开(公告)日：2006-04-20

申请号：US11023384

申请日：2004-12-29

申请人： Seung Shin ,  Jintae Oh ,  Ki Kim ,  Jong Jang ,  Sung Sohn

发明人： Seung Shin ,  Jintae Oh ,  Ki Kim ,  Jong Jang ,  Sung Sohn

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  H04L63/12 ,  H04L69/22

摘要： The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.

公开(公告)号：US20050141513A1

公开(公告)日：2005-06-30

申请号：US10993606

申请日：2004-11-19

申请人： Jintae Oh ,  Seung Shin ,  Ki Kim ,  Jong Jang ,  Sung Sohn

发明人： Jintae Oh ,  Seung Shin ,  Ki Kim ,  Jong Jang ,  Sung Sohn

IPC分类号： H04L12/56

CPC分类号： H04L45/00 ,  H04L45/54 ,  H04L45/62

摘要： An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.

摘要翻译： 提供了一种用于基于顺序查找来执行分组报头查找的装置和方法。 报头分析器将报头与经由网络接收的分组分离，并输出查找序列。 单元查找单元根据从标题分析器输入的查找序列查找与标题组合规则与要分析的每个字段和从标题分析器输入的匹配，并输出匹配信号和匹配地址。 规则组合存储器存储标题组合规则的标识信息。 序列组合存储器存储查找序列信息和序列组合信息。 规则组合单元基于从单元查找单元输入的匹配信号和从规则组合存储器和序列组合存储器读取的数据产生匹配结果。

公开(公告)号：US20070147382A1

公开(公告)日：2007-06-28

申请号：US11635245

申请日：2006-12-07

申请人： Byoung Kim ,  Kwang Baik ,  Jin Oh ,  Jong Jang ,  Sung Sohn

发明人： Byoung Kim ,  Kwang Baik ,  Jin Oh ,  Jong Jang ,  Sung Sohn

IPC分类号： H04L12/56

CPC分类号： H04L12/5602

摘要： A method of storing a pattern matching policy and a method of controlling an alert message are provided. The method includes (a) generating a content structure as a sub-structure of a header combination structure of a stored traffic pattern which is a policy to be newly applied to a pattern matching apparatus; (b) determining whether a content of the stored traffic pattern is identical to a content of an original traffic pattern stored in advance in the pattern matching apparatus; (c) allocating a content index of the content of the original traffic pattern to the content of the stored traffic pattern if the content of the stored traffic pattern is identical to the content of the original traffic pattern; and (d) determining whether a header combination structure of the original traffic pattern comprises only one content structure or more than one content structure and allocating a header index of the header combination structure of the stored traffic pattern to the header combination structure of the original traffic pattern if the header combination structure of the original traffic pattern is found to comprise only one content structure. Accordingly, it is possible to efficiently use hardware memories with limited storage capacities and effectively perform a pattern matching function.

摘要翻译： 提供了一种存储模式匹配策略的方法和一种控制警报消息的方法。 该方法包括：（a）生成内容结构作为作为新应用于模式匹配装置的策略的存储的流量模式的头部组合结构的子结构; （b）确定存储的业务模式的内容是否与预先存储在模式匹配装置中的原始业务模式的内容相同; （c）如果存储的业务模式的内容与原始业务模式的内容相同，则将原始业务模式的内容的内容索引分配给所存储的业务模式的内容; 和（d）确定原始业务模式的报头组合结构是否仅包含一个内容结构或多于一个内容结构，并且将所存储的业务模式的报头组合结构的报头索引分配给原始业务的报头组合结构 如果发现原始流量模式的头组合结构仅包含一个内容结构，则模式。 因此，可以有效地使用具有有限存储容量的硬件存储器并且有效地执行模式匹配功能。

公开(公告)号：US20070016576A1

公开(公告)日：2007-01-18

申请号：US11397581

申请日：2006-04-03

申请人： Chi Jeong ,  Seung Han ,  Su Choi ,  Taek Nam ,  Jong Jang

发明人： Chi Jeong ,  Seung Han ,  Su Choi ,  Taek Nam ,  Jong Jang

IPC分类号： G06F17/30

CPC分类号： G06F21/6209 ,  G06F21/606 ,  G06F21/85 ,  G06Q10/00

摘要： A method and apparatus for blocking harmful multimedia information are provided. The apparatus for blocking harmful multimedia information includes: a harmful information classification model training unit analyzing multimedia training information whose grade of harmfulness is known in advance, extracting characteristics from the information, and then by applying machine training, generating a harmful information classification model; a harmful information grade classification unit determining a harmfulness grade of multimedia input information by using the harmful information classification model; and a harmful information blocking unit blocking the multimedia input information if the determined harmfulness grade of the multimedia input information is included in a preset range. According to the method and apparatus, the increase of databases containing harmful multimedia information can be prevented and the time taken for determining harmfulness can be reduced.

摘要翻译： 提供了一种用于阻止有害的多媒体信息的方法和装置。 用于阻止有害多媒体信息的装置包括：有害信息分类模型训练单元，分析事先知道有害度等级的多媒体训练信息，从信息中提取特征，然后应用机器训练，生成有害信息分类模型; 有害信息等级分类单位通过使用有害信息分类模型确定多媒体输入信息的有害等级; 以及如果所确定的多媒体输入信息的有害等级被包括在预设范围内，则阻止多媒体输入信息的有害信息阻挡单元。 根据该方法和装置，可以防止含有有害的多媒体信息的数据库的增加，并且可以减少确定有害性的时间。

公开(公告)号：US20060101261A1

公开(公告)日：2006-05-11

申请号：US11220887

申请日：2005-09-07

申请人： Sang Lee ,  Yong Jeon ,  Young Kim ,  Jeong Kim ,  Jong Jang

发明人： Sang Lee ,  Yong Jeon ,  Young Kim ,  Jeong Kim ,  Jong Jang

IPC分类号： H04L9/00

CPC分类号： H04L9/3226 ,  H04L63/083 ,  H04L63/1416

摘要： Provided are a security router system for a network and a method of authenticating a user who connects to the system. The security routing system includes: a plurality of physical link ports inputting/outputting packets; a physical layer matching unit transmitting/receiving packets to the physical link ports and generating a media access control (MAC) frame; and a network processor including routing processing means that establishes a transport route for input packets via the physical layer matching unit and processes routing protocols, packet forwarding means that forward the input packets to their destinations, intrusion detection means that classify the input packets based on a packet classification standard and determine whether the input packets are attacks from outside, and user authentication means that determine whether a user is authorized to connect to a router, thereby reducing expenses required to build a network while maintaining security in comparison with a conventional firewall or intrusion detection system, and increasing reliability and safety of the network by preventing harmful traffic since each router performs a network security function.

摘要翻译： 提供了一种用于网络的安全路由器系统和用于认证连接到系统的用户的方法。 安全路由系统包括：多个物理链路端口输入/输出分组; 物理层匹配单元向物理链路端口发送/接收分组并生成媒体接入控制（MAC）帧; 以及网络处理器，包括经由所述物理层匹配单元建立用于输入分组的传输路由并处理路由协议的路由处理装置，将所述输入分组转发到其目的地的分组转发装置，基于所述输入分组对所述输入分组进行分类的入侵检测装置 分组分类标准，并确定输入分组是否是外部的攻击，用户认证意味着确定用户是否被授权连接到路由器，从而与常规防火墙或入侵相比，降低了构建网络所需的开销，同时保持了安全性 检测系统，以及由于每个路由器执行网络安全功能，防止有害的流量，从而提高网络的可靠性和安全性。

公开(公告)号：US20060095758A1

公开(公告)日：2006-05-04

申请号：US11103510

申请日：2005-04-12

申请人： Geon Kim ,  Sun Lim ,  Sang Lee ,  Ki Kim ,  Jeong Kim ,  Jong Jang

发明人： Geon Kim ,  Sun Lim ,  Sang Lee ,  Ki Kim ,  Jeong Kim ,  Jong Jang

IPC分类号： H04L9/00

CPC分类号： H04L63/04 ,  H04L63/061

摘要： Provided are a method and apparatus for providing a security mechanism guaranteeing transparency at a transport layer. The method includes: receiving a data packet from an application program, and searching key information corresponding to the data packet in key information database; determining whether to request a key exchange module of an application layer for a new key negotiation according to a result obtained by searching key information; and performing encrypting/decrypting based on key information when the key exchange module stores key negotiation information obtained by the new key negotiation in a kernel. The apparatus encrypts/decrypts the data packet at the transport layer of the kernel, thereby providing the application program with security transparency, effectively controlling and making it easily expansible.