公开(公告)号：US20220124487A1

公开(公告)日：2022-04-21

申请号：US17099796

申请日：2020-11-17

Applicant: INSTITUTE FOR INFORMATION INDUSTRY

Inventor： Ting-Yu LIN ,  Ping-Chun CHEN ,  Chia-Min LAI

IPC: H04W12/00 ,  H04B1/16 ,  H04W12/10 ,  G06N3/08

Abstract: An RF fingerprint signal processing device configured for executing a machine learning algorithm on a plurality of input signals. The RF fingerprint signal processing device includes a receiver-feature determination circuit and a classifying determination circuit. The receiver-feature determination circuit is configured to compute on the plurality of input signals in a neural network. The classifying determination circuit is coupled with the receiver-feature determination circuit, and the classifying determination circuit is configured to send feedback information of a receiver-feature component to the receiver-feature determination circuit. The receiver-feature determination circuit decreases the receiver-feature weight of the neural network. The receiver-feature weight is associated with the receiver-feature component, and the receiver-feature weight which is decreased is applied for computing an output value of the neural network.

公开(公告)号：US20220131832A1

公开(公告)日：2022-04-28

申请号：US17099797

申请日：2020-11-17

Applicant: INSTITUTE FOR INFORMATION INDUSTRY

Inventor： Chia-Kang HO ,  Kuan-Lung HUANG ,  Chia-Min LAI

IPC: H04L29/06

Abstract: A dynamic network feature processing device includes a storage device and a processor. The storage device is configured to store a plurality of malicious feature groups. Each of the malicious feature groups corresponds to a malicious feature, and each of the malicious feature groups includes a plurality of malicious network addresses. The processor is coupled to the storage device. The processor is configured to: acquire an unknown network address of an unknown packet; compare the unknown network address with the malicious feature of each of the malicious feature groups; and filter the unknown packet when determining that the unknown network address matches at least one of the malicious feature of the plurality of malicious feature groups.

公开(公告)号：US20210144556A1

公开(公告)日：2021-05-13

申请号：US16702421

申请日：2019-12-03

Applicant: Institute For Information Industry

Inventor： Chih-Wei CHEN ,  Chia-Min LAI ,  Wei-Chen TOU

IPC: H04W12/12 ,  G06N3/04 ,  G06N3/08 ,  H04W12/00 ,  G01R29/08

Abstract: A networking behavior detector and a networking behavior detection method thereof for an indoor space are provided. The networking behavior detector receives a plurality of radio frequency (RF) signals in the indoor space and converts the RF signals to a plurality of digital signals. Next, the networking behavior detector calculates an energy value of each digital signal and filters out the digital signal, the energy value of which is smaller than a threshold, of the digital signals to generate an analysis signal. Finally, the networking behavior detector retrieves a plurality of energy feature values of each analysis signal to generate a feature datum, and analyzes the feature data through an identification model to generate an identification result. The identification result corresponds to one of a plurality of networking behaviors.

公开(公告)号：US20180159878A1

公开(公告)日：2018-06-07

申请号：US15372235

申请日：2016-12-07

Applicant: Institute For Information Industry

Inventor： Chia-Min LAI ,  Ching-Hao MAO ,  Chih-Hung HSIEH ,  Te-EN WEI ,  Chi-Ping LAI

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/55 ,  G06F2221/2135 ,  H04L63/1408 ,  H04L63/1433 ,  H04L63/1441

Abstract: An attacking node detection apparatus, method, and computer program product thereof are provided. The attacking node detection apparatus is stored with a plurality of access records of an application, wherein each access record includes a network address of a host and an access content. The attacking node detection apparatus filters the access records into a plurality of filtered access records according to a predetermined rule so that the access content of each filtered access record conforms to the predetermined rule. The attacking node detection apparatus creates at least one access relation of each of the network addresses according to the filtered access records, wherein each access relation is defined by one of the network addresses and one of the access contents. The attacking node detection apparatus identifies a specific network address as an attacking node according to the access relations.

公开(公告)号：US20190179906A1

公开(公告)日：2019-06-13

申请号：US15839787

申请日：2017-12-12

Applicant: Institute For Information Industry

Inventor： Chia-Min LAI ,  Chia-Yu LU

IPC: G06F17/28 ,  G06F21/56 ,  G06F17/27 ,  G06K9/62 ,  G06K9/72

Abstract: A behavior inference model building apparatus and a behavior inference model building method thereof are provided. The behavior inference model building apparatus converts a plurality of program operation sequences of a plurality of program operation sequence data into a plurality of word vectors through a word embedding model, and inputs the first M word vectors of the word vectors, corresponding to each program operation sequence data, into a generative adversarial network (GAN) model to train and optimize the GAN model. The behavior inference model building apparatus integrates the word embedding model and the generator of the optimized GAN model to build a behavior inference model.

公开(公告)号：US20180159868A1

公开(公告)日：2018-06-07

申请号：US15372294

申请日：2016-12-07

Applicant: Institute For Information Industry

Inventor： Chia-Min LAI ,  Ching-Hao MAO ,  Chih-Hung HSIEH ,  Te-EN WEI ,  Chi-Ping LAI

IPC: H04L29/06 ,  H04L9/32

Abstract: A network attack pattern determination apparatus, method, and non-transitory computer readable storage medium thereof are provided. The apparatus is stored with several attack patterns and access records. Each access record includes a network address, time stamp, and access content. Each attack pattern corresponds to at least one attack access relation. Each attack access relation is defined by a network address and access content. The apparatus retrieves several attack records according to at least one attack address. The network address of each attack record is one of the attack address(s). The apparatus divides the attack records into several groups according to the time stamps and performs the following operations for each group: (a) creating at least one access relation for each attack address included in the group and (b) determining that the group corresponds to one of the attack patterns according to the at least one access relation of the group.