公开(公告)号：US08621624B2

公开(公告)日：2013-12-31

申请号：US12332012

申请日：2008-12-10

申请人： In Sook Jang ,  Eun Young Lee ,  Hyung Geun Oh ,  Do Hoon Lee

发明人： In Sook Jang ,  Eun Young Lee ,  Hyung Geun Oh ,  Do Hoon Lee

IPC分类号： G06F21/00

CPC分类号： G06F21/554 ,  G06F21/52

摘要： An apparatus and method for preventing an anomaly of an application program are provided. More particularly, an apparatus and method for preventing an anomaly of an application program that detect and stop an anomaly on the basis of a behavior profile for an application program are provided. The apparatus includes a behavior monitor that detects behavior of an application program in operation, an anomaly detector that determines whether the detected behavior of the application program is an anomaly on the basis of a behavior profile of the application program in operation, and an anomaly stopper that stops the behavior of the application program determined as an anomaly by the anomaly detector. Possible application program behavior is stored according to its purpose in a behavior profile and an anomaly is detected and stopped on the basis of the behavior profile, thereby decreasing a false-positive rate of anomaly detection and simultaneously solving a problem of a conventional security programs being incapable of defending against attacks using the authority of a program trusted by a user.

摘要翻译： 提供一种用于防止应用程序的异常的装置和方法。 更具体地，提供一种用于防止基于应用程序的行为特征来检测和停止异常的应用程序的异常的装置和方法。 该装置包括：行为监视器，其检测运行中的应用程序的行为;异常检测器，其基于运行中的应用程序的行为特征来确定检测到的应用程序的行为是否为异常;异常阻塞 这阻止由异常检测器确定为异常的应用程序的行为。 可能的应用程序行为根据其目的存储在行为配置文件中，并且基于行为配置文件检测和停止异常，从而减少异常检测的假阳性率并同时解决常规安全程序的问题 不能使用用户信任的程序的权限来防御攻击。

公开(公告)号：US08191149B2

公开(公告)日：2012-05-29

申请号：US11938356

申请日：2007-11-12

申请人： Joo Beom Yun ,  Seung Hyun Paek ,  In Sung Park ,  Eun Young Lee ,  Hyung Geun Oh ,  Do Hoon Lee

发明人： Joo Beom Yun ,  Seung Hyun Paek ,  In Sung Park ,  Eun Young Lee ,  Hyung Geun Oh ,  Do Hoon Lee

IPC分类号： G06F12/14

CPC分类号： H04L63/145 ,  G06F21/552

摘要： Provided are a system and method for predicting a cyber threat. The system and method collect various variables and synthetically predict the frequency, dangerousness, possibility, and time of the occurrence of a cyber threat including hacking, a worm/virus, a Denial of Service (DoS) attack, illegal system access, a malicious code, a social engineering attack, system/data falsification, cyber terror/war, weakness exploitation, etc., using a time-series analysis method and a Delphi method, and inform a user in advance of the prediction result, thereby enabling the user to prepare against the cyber threat.

摘要翻译： 提供了一种用于预测网络威胁的系统和方法。 系统和方法收集各种变量，综合预测网络威胁发生的频率，危险性，可能性和时间，包括黑客，蠕虫/病毒，拒绝服务（DoS）攻击，非法系统访问，恶意代码 使用时间序列分析方法和德尔菲法进行社会工程攻击，系统/数据伪造，网络恐怖/战争，弱势利用等，并提前通知用户预测结果，从而使用户能够 准备反对网络威胁。

公开(公告)号：US08145586B2

公开(公告)日：2012-03-27

申请号：US12252869

申请日：2008-10-16

申请人： Young Han Choi ,  Tae Ghyoon Kim ,  Hyung Geun Oh ,  Do Hoon Lee

发明人： Young Han Choi ,  Tae Ghyoon Kim ,  Hyung Geun Oh ,  Do Hoon Lee

IPC分类号： G06F17/00 ,  G06N5/02

CPC分类号： G06K9/00

摘要： A method and apparatus for digital forensics are provided. The apparatus for digital forensics includes a page file extractor for extracting a page file stored in a target storage medium, a stored-page feature extractor for extracting features of pages stored in the extracted page file, a page classifier for comparing the extracted features of the pages with at least one predetermined classification criterion and classifying the pages according to the comparison results, and a digital forensics unit for performing digital forensics according to the classified pages. According to the method and apparatus, it is possible to perform digital forensics using only information of a page file.

摘要翻译： 提供了一种用于数字取证的方法和装置。 用于数字取证的装置包括用于提取存储在目标存储介质中的页面文件的页面文件提取器，用于提取存储在所提取的页面文件中的页面的特征的存储页面特征提取器，用于将提取的特征提取的页面分类器 具有至少一个预定分类标准的页面，并根据比较结果分类页面;以及数字取证单元，用于根据分类页面进行数字取证。 根据该方法和装置，可以仅使用页面文件的信息来执行数字取证。