公开(公告)号：US20060123480A1

公开(公告)日：2006-06-08

申请号：US11088975

申请日：2005-03-24

申请人： Jintae Oh ,  Seung Shin ,  Ki Kim ,  Jong Jang ,  Sung Sohn

发明人： Jintae Oh ,  Seung Shin ,  Ki Kim ,  Jong Jang ,  Sung Sohn

IPC分类号： G06F12/14

CPC分类号： H04L63/1408

摘要： The present invention relates to a real-time network attack pattern detection system and a method thereof in which a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.

摘要翻译： 本发明涉及一种实时网络攻击模式检测系统及其方法，其中从怀疑是诸如蠕虫的网络攻击的分组实时检测到公共模式，以有效地阻止攻击。 该系统包括：可疑包检测器，用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元，用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元，用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器，用于接收可疑包检测器的输出数据，第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表，用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。

公开(公告)号：US20060085855A1

公开(公告)日：2006-04-20

申请号：US11023384

申请日：2004-12-29

申请人： Seung Shin ,  Jintae Oh ,  Ki Kim ,  Jong Jang ,  Sung Sohn

发明人： Seung Shin ,  Jintae Oh ,  Ki Kim ,  Jong Jang ,  Sung Sohn

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  H04L63/12 ,  H04L69/22

摘要： The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.

公开(公告)号：US20050141513A1

公开(公告)日：2005-06-30

申请号：US10993606

申请日：2004-11-19

申请人： Jintae Oh ,  Seung Shin ,  Ki Kim ,  Jong Jang ,  Sung Sohn

发明人： Jintae Oh ,  Seung Shin ,  Ki Kim ,  Jong Jang ,  Sung Sohn

IPC分类号： H04L12/56

CPC分类号： H04L45/00 ,  H04L45/54 ,  H04L45/62

摘要： An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.

摘要翻译： 提供了一种用于基于顺序查找来执行分组报头查找的装置和方法。 报头分析器将报头与经由网络接收的分组分离，并输出查找序列。 单元查找单元根据从标题分析器输入的查找序列查找与标题组合规则与要分析的每个字段和从标题分析器输入的匹配，并输出匹配信号和匹配地址。 规则组合存储器存储标题组合规则的标识信息。 序列组合存储器存储查找序列信息和序列组合信息。 规则组合单元基于从单元查找单元输入的匹配信号和从规则组合存储器和序列组合存储器读取的数据产生匹配结果。

公开(公告)号：US20050141423A1

公开(公告)日：2005-06-30

申请号：US11004426

申请日：2004-12-03

申请人： Jong Lee ,  Jintae Oh ,  Jong Jang ,  Sung Sohn

发明人： Jong Lee ,  Jintae Oh ,  Jong Jang ,  Sung Sohn

IPC分类号： H04L12/28 ,  H04L12/24 ,  H04L12/26

CPC分类号： H04L41/0896 ,  H04L43/026

摘要： A method of and an apparatus for sorting data traffic based on a predetermined priority such as a bandwidth and a liveliness is provided. The method includes operations of: receiving the data flows; sorting the data flows based on bandwidth by defining a plurality of bandwidth ranges and classifying the sorted data flows according to the bandwidth ranges to which the bandwidth of each data flow belongs; and sorting the classified data flows based on liveliness representing frequency of occurrence of the data flows. The sorting of the classified data lows determines that the data flow which is recently received has the higher liveliness and sorts the data flows based on the determination. The method and apparatus facilitates selecting data flows which are possible hostile attack attempts from a vast amount of data traffic and allowing selective and intensive monitoring of the selected data flows.

摘要翻译： 提供了一种基于诸如带宽和活力之类的预定优先级对数据业务排序的方法和装置。 该方法包括：接收数据流; 通过定义多个带宽范围，根据带宽分配数据流，并根据每个数据流的带宽所属的带宽范围对排序的数据流进行分类; 并根据表示数据流出现频率的生物活动对分类数据流进行排序。 分类数据低的排序确定最近接收的数据流具有更高的活力并且基于确定对数据流进行排序。 所述方法和装置有助于从大量的数据业务中选择可能的敌对攻击尝试的数据流，并允许选择性和密集地监视所选数据流。

公开(公告)号：US20070130188A1

公开(公告)日：2007-06-07

申请号：US11634731

申请日：2006-12-06

申请人： Hwa Moon ,  Sungwon Yi ,  Jintae Oh ,  Jong Jang ,  Changhoon Kim

发明人： Hwa Moon ,  Sungwon Yi ,  Jintae Oh ,  Jong Jang ,  Changhoon Kim

IPC分类号： G06F7/00

CPC分类号： G06F21/64 ,  G06F7/02 ,  H04L9/3231 ,  H04L9/3236 ,  Y10S707/99942 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

摘要： Provided are a data hashing method, a data processing method, and a data processing system using a similarity-based hashing (SBH) algorithm in which the same hash value is calculated for the same data and the more similar data, the smaller difference in the generated hash values. The data hashing method includes receiving computerized data, and generating a hash value of the computerized data using the SBH algorithm in which two data are the same if calculated hash values are the same and two data are similar if the difference of calculated hash values is small. Therefore, a search, comparison, and classification of data can be quickly processed within a time complexity of O(1) or O(n) since the similarity/closeness of data content are quantified by that of the corresponding hash values.

摘要翻译： 提供了一种使用基于相似度的散列（SBH）算法的数据散列方法，数据处理方法和数据处理系统，其中针对相同数据计算相同的散列值，并且提供了更相似的数据， 生成的哈希值。 数据散列方法包括接收计算机数据，并使用SBH算法生成计算机化数据的哈希值，其中如果计算的散列值相同，则两个数据相同，并且如果计算的散列值的差异小则两个数据相似 。 因此，可以在O（1）或O（n）的时间复杂度内快速地处理数据的搜索，比较和分类，因为数据内容的相似/接近由相应散列值的相似度/接近度量化。

公开(公告)号：US20080080715A1

公开(公告)日：2008-04-03

申请号：US11863394

申请日：2007-09-28

申请人： Ho Lee ,  Jintae Oh ,  Taek Nam ,  Seungmin Lee ,  Jong Jang

发明人： Ho Lee ,  Jintae Oh ,  Taek Nam ,  Seungmin Lee ,  Jong Jang

IPC分类号： H04L9/00 ,  G06F12/16

CPC分类号： G06F21/602 ,  G06F21/72 ,  G06F21/85 ,  H04L9/08

摘要： Provided are an apparatus and a method for data encryption using a secure memory, and more particularly, to an apparatus and a method for high-speed, large-volume data encryption using a security function included in the secure memory in response to an encryption/decryption request of a user application program. Conventional data encryption methods perform data encryption using software or hardware including a peripheral component interconnect (PCI) bus. However, the conventional data encryption methods do not satisfy speed-sensitive applications. To improve this problem, the present invention provides an apparatus and a method for high-speed, large-volume data encryption using a security function of a memory.

摘要翻译： 提供了一种使用安全存储器进行数据加密的装置和方法，更具体地，涉及使用安全存储器中包括的安全功能的高速，大容量数据加密的装置和方法，该安全功能响应于加密/ 用户应用程序的解密请求。 常规数据加密方法使用包括外围组件互连（PCI）总线的软件或硬件执行数据加密。 然而，常规的数据加密方法不满足速度敏感的应用。 为了改善这个问题，本发明提供一种使用存储器的安全功能进行高速，大容量数据加密的装置和方法。

公开(公告)号：US08543807B2

公开(公告)日：2013-09-24

申请号：US12643100

申请日：2009-12-21

申请人： Jintae Oh ,  YouRi Lee ,  Yang-Seo Choi ,  Jong Soo Jang

发明人： Jintae Oh ,  YouRi Lee ,  Yang-Seo Choi ,  Jong Soo Jang

IPC分类号： H04L29/06

CPC分类号： H04L63/1458 ,  H04L63/168 ,  H04L2463/141

摘要： A method and apparatus for protecting an application layer in a computer network system. The method includes creating a session between a client and a data provider in response to a session connection request from the client, and determining the client as an application layer attacking client when the client generates a session termination request before the data provider transmits to the client a response packet to a data request from the client under the created session.

摘要翻译： 一种用于保护计算机网络系统中的应用层的方法和装置。 该方法包括响应于来自客户端的会话连接请求，在客户机和数据提供者之间创建会话，并且在数据提供者向客户端发送客户端之前，当客户机生成会话终止请求时，将客户端确定为攻击客户端的应用层 来自客户端在创建的会话下的数据请求的响应数据包。

公开(公告)号：US07464089B2

公开(公告)日：2008-12-09

申请号：US11208222

申请日：2005-08-19

申请人： Jintae Oh ,  Ilsup Kim ,  Hojae Lee

发明人： Jintae Oh ,  Ilsup Kim ,  Hojae Lee

IPC分类号： G06F17/30 ,  G06F17/00

CPC分类号： G06F17/30985 ,  Y10S707/99936 ,  Y10S707/99942

摘要： A trap matrix searches the entire contents of a data stream for a pattern that matches the pattern for a search term. In those circumstances where there is a match between patterns of the data stream and the search term, the method and system can proceed to an exact match operation. In particular, a pointer matrix and a corresponding active control matrix are generated according to a set of terms in a rule table. Data is sequenced the trap matrix according to the hierarchy of its trap elements. The trap elements perform a pattern match check between the sequenced data stream and any search term in the set of terms in the rule table. Results from a positive pattern match are preferably communicated from the matching trap element to an exact match lookup.

摘要翻译： 陷阱矩阵搜索与搜索项的模式匹配的模式的数据流的整个内容。 在数据流的模式和搜索项之间存在匹配的情况下，该方法和系统可以进行到精确匹配操作。 具体地，根据规则表中的一组术语来生成指针矩阵和对应的主动控制矩阵。 数据根据其陷阱元素的层次结构对陷阱矩阵进行排序。 陷阱元素在排序的数据流和规则表中的术语集中的任何搜索项之间执行模式匹配检查。 来自正模式匹配的结果优选地从匹配陷阱元素传递到精确匹配查找。

公开(公告)号：US20110016523A1

公开(公告)日：2011-01-20

申请号：US12633121

申请日：2009-12-08

申请人： Jintae Oh ,  YouRi Lee ,  Yang-Seo Choi ,  Jong Soo Jang

发明人： Jintae Oh ,  YouRi Lee ,  Yang-Seo Choi ,  Jong Soo Jang

IPC分类号： G06F11/30 ,  G06F15/16

CPC分类号： H04L63/1458

摘要： An apparatus for detecting a distributed denial of service (DDoS) attack includes: a monitoring unit for monitoring multiple GET requests and responses transmitted and received depending on a session establishment between a client and a server; and an attack detection unit for analyzing the monitored multiple GET requests and responses between the client and the server to detect a traffic of the DDoS attack against the server.

摘要翻译： 一种用于检测分布式拒绝服务（DDoS）攻击的装置，包括：监视单元，用于根据客户端和服务器之间的会话建立来监视多个GET请求和响应发送和接收; 以及攻击检测单元，用于分析所监视的多个GET请求和客户端与服务器之间的响应，以检测针对服务器的DDoS攻击的流量。

公开(公告)号：US07571477B2

公开(公告)日：2009-08-04

申请号：US11088975

申请日：2005-03-24

申请人： Jintae Oh ,  Seung Won Shin ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Jintae Oh ,  Seung Won Shin ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F21/00

CPC分类号： H04L63/1408

摘要： In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.

摘要翻译： 在实时网络攻击模式检测系统和方法中，从被怀疑是网络攻击（如蠕虫）的数据包实时检测到一个共同的模式，以有效地阻止攻击。 该系统包括：可疑包检测器，用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元，用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元，用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器，用于接收可疑包检测器的输出数据，第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表，用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。