公开(公告)号：US20100169973A1

公开(公告)日：2010-07-01

申请号：US12571825

申请日：2009-10-01

申请人： Ki Hong Kim ,  Ga Ram Jung ,  Hyun Cheol Jeong ,  Chae Tae Im ,  Seung Goo Ji ,  Sang Kyun Noh ,  Joo Hyung Oh

发明人： Ki Hong Kim ,  Ga Ram Jung ,  Hyun Cheol Jeong ,  Chae Tae Im ,  Seung Goo Ji ,  Sang Kyun Noh ,  Joo Hyung Oh

IPC分类号： G06F11/00

CPC分类号： G06F21/566

摘要： There is provided a system and method for detecting unknown malicious code by analyzing kernel based system actions. More particularly, the system and method provides an advantage of actively countering unknown malicious code or viruses by monitoring kernel based system events in real time, organizing action data based on the collected event data, determining whether the action data corresponds to predetermined malicious actions, backtracking a subject of a malicious action when the action data is determined to correspond to the malicious action, and processing the malicious action.

摘要翻译： 提供了一种通过分析基于内核的系统动作来检测未知恶意代码的系统和方法。 更具体地说，系统和方法提供了通过基于所收集的事件数据来监视基于内核的系统事件来主动对抗未知恶意代码或病毒的优点，确定动作数据是否对应于预定的恶意动作，回溯 当确定动作数据以对应于恶意动作时的恶意动作的主题，以及处理恶意动作。

公开(公告)号：US20110154489A1

公开(公告)日：2011-06-23

申请号：US12821576

申请日：2010-06-23

申请人： Hyun Cheol Jeong ,  Chae Tae Im ,  Seung Goo Ji ,  Joo Hyung Oh ,  Dong Wan Kang

发明人： Hyun Cheol Jeong ,  Chae Tae Im ,  Seung Goo Ji ,  Joo Hyung Oh ,  Dong Wan Kang

IPC分类号： G06F21/00

CPC分类号： H04L63/1416 ,  H04L2463/144

摘要： A system for analyzing malicious botnet activity in real time is disclosed. This system may include: a control server configured to generate botnet activity information relating to a type of malicious botnet activity, and transmit the botnet activity information to the outside, after receiving bot occurrence information from the outside;and a bot executing server configured to execute a malicious bot corresponding to the bot occurrence information received from the outside in a virtual environment operating system and transmit a real-time botnet detection result to the control server for generating the botnet activity information, according to a control of the control server, wherein the real-time botnet detection result includes information on whether or not the malicious bot performs malicious activity based on a command from a remote command/control server existing independently outside.

摘要翻译： 披露了实时分析恶意僵尸网络活动的系统。 该系统可以包括：控制服务器，被配置为在从外部接收到bot发生信息之后，生成与一种恶意僵尸网络活动有关的僵尸网络活动信息，并将僵尸网络活动信息发送到外部; 以及机器人执行服务器，被配置为执行与在虚拟环境操作系统中从外部接收到的机器人发生信息相对应的恶意机器人，并且根据一个实施例，将实时僵尸网络检测结果发送到控制服务器以产生僵尸网络活动信息 控制服务器的控制，其中实时僵尸网络检测结果包括关于恶意bot是否基于来自独立外部存在的远程命令/控制服务器的命令执行恶意活动的信息。

公开(公告)号：US20110154492A1

公开(公告)日：2011-06-23

申请号：US12821549

申请日：2010-06-23

申请人： Hyun Cheol Jeong ,  Chae Tae Im ,  Seung Goo Ji ,  Joo Hyung Oh ,  Dong Wan Kang ,  Tae Jin Lee ,  Yong Geun Won

发明人： Hyun Cheol Jeong ,  Chae Tae Im ,  Seung Goo Ji ,  Joo Hyung Oh ,  Dong Wan Kang ,  Tae Jin Lee ,  Yong Geun Won

IPC分类号： G06F21/00

CPC分类号： H04L63/1416 ,  H04L63/0236 ,  H04L63/1441 ,  H04L2463/144

摘要： The present invention relates to a malicious traffic isolation system and method using botnet information, and more particularly, to a malicious traffic isolation system and method using botnet information, in which traffics for a set of clients having the same destination are routed to the isolation system based on a destination IP/Port, and botnet traffics are isolated using botnet information based on similarity among groups of the routed and flowed in traffics. The present invention may provide a malicious traffic isolation method using botnet information, which can accommodate traffics received from a PC or a C&C server infected with a bot into a quarantine area, isolate traffics generated by normal users from traffics transmitted from malicious bots, and block the malicious traffics. In addition, the present invention may provide a malicious traffic isolation method using botnet information, which can provide a function of mitigating DDoS attacks of a botnet.

摘要翻译： 本发明涉及使用僵尸网络信息的恶意流量隔离系统和方法，更具体地，涉及使用僵尸网络信息的恶意流量隔离系统和方法，其中具有相同目的地的一组客户端的流量被路由到隔离系统 基于目的地IP /端口，并且使用基于路由和流量在业务中的组之间的相似性的僵尸网络信息来分离僵尸网络流量。 本发明可以提供一种使用僵尸网络信息的恶意流量隔离方法，其可以将从被感染机器人的PC或C＆C服务器接收到的流量容纳到隔离区域，从而将普通用户生成的流量与恶意机器人传输的流量隔离，并阻止 恶意的流量。 另外，本发明可以提供使用僵尸网络信息的恶意流量隔离方法，其可以提供减轻僵尸网络的DDoS攻击的功能。

公开(公告)号：US20130160127A1

公开(公告)日：2013-06-20

申请号：US13657303

申请日：2012-10-22

申请人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong Il Jeong ,  Hong Koo Kang ,  Byung Ik Kim

发明人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong Il Jeong ,  Hong Koo Kang ,  Byung Ik Kim

IPC分类号： G06F21/00

CPC分类号： G06F21/566

摘要： Disclosed herein is a PDF document type malicious code detection system for efficiently detecting a malicious code embedded in a document type and a method thereof. The present invention may perform a dynamic and static analysis on JavaScript within a PDF document, and execute the PDF document to perform a PDF dynamic analysis, thereby achieving an effect of efficiently extracting a malicious code embedded in the PDF document.

摘要翻译： 这里公开了一种用于有效地检测嵌入在文档类型中的恶意代码的PDF文档类型的恶意代码检测系统及其方法。 本发明可以对PDF文档中的JavaScript进行动态和静态分析，并且执行PDF文档来执行PDF动态分析，从而实现有效地提取嵌入PDF文档中的恶意代码的效果。

公开(公告)号：US20100290462A1

公开(公告)日：2010-11-18

申请号：US12464645

申请日：2009-05-12

申请人： Mi Youn Yoon ,  Seung Goo Ji ,  Hyun Cheol Jeong ,  Yoo Jae Won

发明人： Mi Youn Yoon ,  Seung Goo Ji ,  Hyun Cheol Jeong ,  Yoo Jae Won

IPC分类号： H04L12/56 ,  G06F15/173

CPC分类号： H04L12/185 ,  H04L63/065 ,  H04L63/08

摘要： The present invention relates to a method of efficiently managing dynamic multicast groups. In the method of efficiently managing dynamic multicast groups a hierarchical structure is used as a network structure for a multicast service. Accordingly, there are advantages in that groups can be merged or divided efficiently and overload depending on group management can be reduced.

摘要翻译： 本发明涉及一种有效管理动态组播组的方法。 在有效管理动态组播组的方法中，分层结构被用作组播业务的网络结构。 因此，具有能够有效地合并或分割组合的优点，并且可以减少根据组管理的过载。

公开(公告)号：US20130185793A1

公开(公告)日：2013-07-18

申请号：US13676687

申请日：2012-11-14

申请人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong II Jeong ,  Hong Koo Kang ,  Byung Ik Kim

发明人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong II Jeong ,  Hong Koo Kang ,  Byung Ik Kim

IPC分类号： H04L29/06

CPC分类号： H04L63/1408 ,  H04L63/168

摘要： An apparatus and method for effectively tracking a network path by using packet information generated when visiting a Web page are provided.According to embodiments of the invention, referrer information, seed information, and arrival information are extracted by using HTTP packet information generated while a particular Web page is being executed, whereby an infection path of malicious codes generated in several Web pages can be checked, thus preventing infection of a malicious code generated in Web pages.

摘要翻译： 提供了一种通过使用访问网页时生成的分组信息有效地跟踪网络路径的装置和方法。 根据本发明的实施例，通过使用在执行特定网页时生成的HTTP分组信息来提取引用信息，种子信息和到达信息，从而可以检查在几个网页中生成的恶意代码的感染路径，因此 防止在网页中产生的恶意代码的感染。

公开(公告)号：US20130179421A1

公开(公告)日：2013-07-11

申请号：US13676599

申请日：2012-11-14

申请人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong Il Jeong ,  Hong Koo Kang ,  Byung Ik Kim

发明人： Hyun Cheol Jeong ,  Seung Goo Ji ,  Tai Jin Lee ,  Jong Il Jeong ,  Hong Koo Kang ,  Byung Ik Kim

IPC分类号： G06F17/30

CPC分类号： G06F16/9558 ,  G06F21/51 ,  H04L63/1441 ,  H04L63/168

摘要： A system and method for collecting a URL using a retrieval service of an SNS capable of accurately and effectively extracting and collecting information including a malicious code among information exchanged in an SNS are provided. URL information included in post (a bulletin script, a message, a note, or the like) exchanged in an SNS based on real-time search word information is extracted and collected to be utilized for collecting a malicious code in the SNS, whereby generation of a malicious code in the SNS can be prevented in advance, and thus, damage to users due to infection of a malicious code can be significantly reduced. In addition, the URL information can be effectively collected through crawling.

摘要翻译： 提供了一种使用SNS的检索服务收集URL的系统和方法，其能够在SNS中交换的信息中准确有效地提取和收集包括恶意代码的信息。 提取并收集在SNS中基于实时搜索词信息交换的post（公告脚本，消息，注释等）中包含的URL信息，以收集SNS中的恶意代码，从而生成 可以预先防止SNS中的恶意代码，从而可以显着降低由于恶意代码的感染而对用户造成的损害。 此外，通过抓取可以有效地收集URL信息。

公开(公告)号：US20080130547A1

公开(公告)日：2008-06-05

申请号：US11950063

申请日：2007-12-04

申请人： Yoo Jae Won ,  Mi Youn Yoon ,  Seung Goo Ji ,  Kyu Cheol Oh

发明人： Yoo Jae Won ,  Mi Youn Yoon ,  Seung Goo Ji ,  Kyu Cheol Oh

IPC分类号： H04H20/71 ,  H04L9/32

CPC分类号： H04L9/0833 ,  H04L63/065 ,  H04L63/08 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W36/0038 ,  H04W80/04

摘要： The present invention relates to a delegated authentication method for secure mobile multicasting. More specifically, the present invention relates to a delegated authentication method for secure mobile multicasting in which, when a mobile terminal in a wireless area moves from one network to another, the mobile terminal receives beacon information from an access point (AP) and the multicast secure relay server of the mobile terminal requests the multicast secure relay server controlling the access point to delegated-authenticate the mobile terminal, and after the multicast secure relay server which has received the request makes delegated-authentication, the multicast secure relay server encrypts data using the group key which the mobile terminal used before moving.A delegated authentication method for secure mobile multicasting according to the present invention has an advantage that it can minimize a delay and a disconnection in real-time multicast streaming, which may occur while a mobile terminal is being authenticated or registered after moving to a new network. This advantage results from delegated-authentication via multicast secure relay servers each time a mobile terminal moves to a new network.And it has an advantage that it can enforce security by using a delegated-authentication method to prevent a connection by an unauthenticated mobile terminal.

摘要翻译： 本发明涉及一种用于安全移动组播的授权认证方法。 更具体地，本发明涉及一种用于安全移动多播的委托认证方法，其中当无线区域中的移动终端从一个网络移动到另一个网络时，移动终端从接入点（AP）接收信标信息，并且多播 移动终端的安全中继服务器请求控制接入点的组播安全中继服务器对移动终端进行认证认证，在接收到请求的组播安全中继服务器进行委托认证后，组播安全中继服务器使用 移动终端在移动之前使用的组密钥。 根据本发明的用于安全移动多播的委托认证方法具有这样的优点：它可以最小化在移动到新网络之后移动终端被认证或注册时可能发生的实时多播流中的延迟和断开 。 每次移动终端移动到新网络时，通过组播安全中继服务器的委托认证来实现这一优点。 而且它具有通过使用委托认证方法来防止未经身份验证的移动终端进行连接来强化安全性的优点。

公开(公告)号：US07864961B2

公开(公告)日：2011-01-04

申请号：US11941437

申请日：2007-11-16

申请人： Yoo Jae Won ,  Mi Youn Yoon ,  Seung Goo Ji ,  Kyu Cheol Oh

发明人： Yoo Jae Won ,  Mi Youn Yoon ,  Seung Goo Ji ,  Kyu Cheol Oh

IPC分类号： H04L9/00

CPC分类号： H04L9/0833 ,  H04L9/0891 ,  H04L63/065 ,  H04L2209/60 ,  H04L2209/80

摘要： The present invention relates to a method of managing a mobile multicast key using a foreign key. More specifically, the present invention relates to a method of managing a mobile multicast key using a foreign key for secure communication between a mobile terminal and a secure relay server in the region where microwaves from plural access points overlap. A method of managing a mobile multicast key using a foreign key according to the present invention has an advantage that multicast secure relay servers perform delegated authentication in advance in a region where microwaves overlap, thus reducing a delay time for authentication in a mobile terminal and it has an advantage that it can minimize an effect from changes in group keys that user's movement make, by using a primary group key and a foreign key. This results in a reduction of an overhead from update of a group key while moving, and accordingly a reduction of a delay time. In addition, it has an advantage that it centralizes functions of key management to a secure relay server, thus overcoming the limitations on processing ability or network bandwidth of a mobile terminal.

摘要翻译： 本发明涉及使用外键管理移动多播密钥的方法。 更具体地，本发明涉及一种使用外键管理移动多播密钥的方法，所述外键用于来自多个接入点的微波重叠的区域中的移动终端与安全中继服务器之间的安全通信。 根据本发明的使用外键管理移动多播密钥的方法具有组播安全中继服务器在微波重叠的区域中预先执行委托认证的优点，从而减少移动终端中的认证的延迟时间， 有一个优点是可以通过使用主组密钥和外键来最小化用户移动所产生的组密钥更改的影响。 这导致在移动时减少组密钥更新的开销，并因此减少延迟时间。 此外，它具有将密钥管理的功能集中到安全中继服务器的优点，从而克服了移动终端的处理能力或网络带宽的限制。

公开(公告)号：US20080123856A1

公开(公告)日：2008-05-29

申请号：US11941437

申请日：2007-11-16

申请人： Yoo Jae Won ,  Mi Youn Yoon ,  Seung Goo Ji ,  Kyu Cheol Oh

发明人： Yoo Jae Won ,  Mi Youn Yoon ,  Seung Goo Ji ,  Kyu Cheol Oh

IPC分类号： H04L9/18 ,  H04L9/00

CPC分类号： H04L9/0833 ,  H04L9/0891 ,  H04L63/065 ,  H04L2209/60 ,  H04L2209/80

摘要： The present invention relates to a method of managing a mobile multicast key using a foreign key. More specifically, the present invention relates to a method of managing a mobile multicast key using a foreign key for secure communication between a mobile terminal and a secure relay server in the region where microwaves from plural access points overlap.A method of managing a mobile multicast key using a foreign key according to the present invention has an advantage that multicast secure relay servers perform delegated authentication in advance in a region where microwaves overlap, thus reducing a delay time for authentication in a mobile terminal.And it has an advantage that it can minimize an effect from changes in group keys that user's movement make, by using a primary group key and a foreign key. This results in a reduction of an overhead from update of a group key while moving, and accordingly a reduction of a delay time.In addition, it has an advantage that it centralizes functions of key management to a secure relay server, thus overcoming the limitations on processing ability or network bandwidth of a mobile terminal.

摘要翻译： 本发明涉及使用外键管理移动多播密钥的方法。 更具体地，本发明涉及一种使用外键管理移动多播密钥的方法，所述外键用于来自多个接入点的微波重叠的区域中的移动终端与安全中继服务器之间的安全通信。 根据本发明的使用外键管理移动多播密钥的方法具有以下优点：组播安全中继服务器预先在微波重叠的区域中执行委托认证，从而减少移动终端中认证的延迟时间。 并且它的优点是可以通过使用主组密钥和外键来最小化用户移动所使用的组密钥更改的影响。 这导致在移动时减少组密钥更新的开销，并因此减少延迟时间。 此外，它具有将密钥管理的功能集中到安全中继服务器的优点，从而克服了移动终端的处理能力或网络带宽的限制。