公开(公告)号：US20190166138A1

公开(公告)日：2019-05-30

申请号：US15835377

申请日：2017-12-07

Applicant: Institute For Information Industry

Inventor： Chih-Ta LIN ,  Sung-Lin WU ,  Mei-Ling LEE

IPC: H04L29/06

Abstract: A system and method for identifying application layer behavior are disclosed. In order to detect intrusion into an industrial control system, the system and method determine a current status of application layer behavior of the industrial control system by analyzing a current packet which is propagated between a master device and a slave device in the industrial control system, and identify whether the current status of the application layer behavior is normal according to a normal behavior status list.

公开(公告)号：US20220131833A1

公开(公告)日：2022-04-28

申请号：US17102209

申请日：2020-11-23

Applicant: Institute For Information Industry

Inventor： Yu-Ting TSOU ,  Ding-Jie HUANG ,  Chih-Ta LIN ,  Ming-Hsuan YANG ,  Mei-Lin LI ,  Saranchon LAMMONGKOL ,  Chin-Fang MAO

IPC: H04L29/06 ,  H04L12/26

Abstract: An abnormal packet detection apparatus and method are provided. The abnormal packet detection apparatus stores a whitelist corresponding to a protocol port, wherein the whitelist includes at least one legal packet record. Each legal packet record includes a legal packet length, a legal source address, and a legal variation position set, and corresponds to a reference packet. The abnormal packet detection apparatus determines that a current packet length and a current source address of a to-be-analyzed packet are respectively the same as the legal packet length and the legal source address of a reference packet record among the at least one legal packet record, determines a current variation position of the to-be-analyzed packet by comparing the to-be-analyzed packet with the reference packet corresponding to the reference packet record, and generates a detection result by comparing the current variation position with the legal variation position set of the reference packet record.

公开(公告)号：US20210099470A1

公开(公告)日：2021-04-01

申请号：US16790699

申请日：2020-02-13

Applicant: INSTITUTE FOR INFORMATION INDUSTRY

Inventor： Chih-Ta LIN ,  Ding-Jie HUANG ,  Mei-Ling LEE ,  Yu-Ting TSOU

IPC: H04L29/06

Abstract: An intrusion detection device includes a connection interface and a processor. The processor is configured to obtain a network protocol data and an industrial operation data of each of the plurality of first packets; tag a first internet protocol (IP) address of the network protocol data with a first action role and tag a second internet protocol (IP) address of the network protocol data with a second action role respectively; obtain a related group of the first IP address, wherein the related group comprises a first industrial device information and a second industrial device information; and generate a rule list, wherein the rule list comprises the first action role, the first IP address, the second IP address, and contents of the related group, which the first action role on the rule list corresponds to the first industrial device information and the second industrial device information.

公开(公告)号：US20190044701A1

公开(公告)日：2019-02-07

申请号：US15791379

申请日：2017-10-23

Applicant: Institute For Information Industry

Inventor： Chih-Ta LIN ,  Chuan-Kai KAO

IPC: H04L9/06 ,  G06F21/60

CPC classification number: H04L9/0643 ,  G06F21/602 ,  H04L9/3239 ,  H04L2209/08 ,  H04L2209/805 ,  H04L2209/84

Abstract: A transmission apparatus and a transmission data protection method thereof are provided. The transmission apparatus stores a data table, a bloom filter, a first randomization array, a plurality of second randomization arrays and an identifier of each of the second randomization arrays. The bloom filter has a plurality of independent hash functions. The transmission apparatus generates a current original datum according to the data table; inputs the current original datum to the bloom filter as a current input datum of the bloom filter to output a current bloom datum; randomizes the current bloom datum according to the first randomization array to generate a current first randomized datum; randomizes the current first randomized datum according to one of the second randomization arrays to generate a current second randomized datum; and transmits a data signal carrying the current second randomized datum and an identification datum to another transmission apparatus.