公开(公告)号：US07735137B2

公开(公告)日：2010-06-08

申请号：US11484257

申请日：2006-07-10

申请人： Kwang Ho Baik ,  Byoung Koo Kim ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Kwang Ho Baik ,  Byoung Koo Kim ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： H04L63/1416

摘要： A method and apparatus for storing an intrusion rule are provided. The method stores a new intrusion rule in an intrusion detection system having already stored intrusion rules, and includes: generating combinations of divisions capable of dividing the new intrusion rule into a plurality of partial intrusion rules; calculating the frequency of hash value collisions between each of the generated division combinations and the already stored intrusion rules; dividing the new intrusion rule according to the division combination which has the lowest calculated frequency of hash value collisions; and storing the divided new intrusion rule in a corresponding position of the intrusion detection system. According to the method and apparatus, the size of the storage unit occupied by the intrusion rule can be reduced, and by performing pattern matching, the performance of the intrusion detection system can be enhanced.

摘要翻译： 提供了一种用于存储入侵规则的方法和装置。 该方法在已经存储了入侵规则的入侵检测系统中存储新的入侵规则，并且包括：生成能够将新的入侵规则划分成多个部分入侵规则的分割组合; 计算每个生成的分割组合与已经存储的入侵规则之间的散列值冲突的频率; 根据哈希值碰撞计算频率最低的划分组合划分新的入侵规则; 并将分割的新入侵规则存储在入侵检测系统的相应位置。 根据该方法和装置，可以减少入侵规则占用的存储单元的大小，通过执行模式匹配，能够提高入侵检测系统的性能。

公开(公告)号：US07735128B2

公开(公告)日：2010-06-08

申请号：US11635245

申请日：2006-12-07

申请人： Byoung Koo Kim ,  Kwang Ho Baik ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Byoung Koo Kim ,  Kwang Ho Baik ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F9/00 ,  G06F7/04 ,  H04L9/00

CPC分类号： H04L12/5602

摘要： A method of storing a pattern matching policy and a method of controlling an alert message are provided. The method includes (a) generating a content structure as a sub-structure of a header combination structure of a stored traffic pattern which is a policy to be newly applied to a pattern matching apparatus; (b) determining whether a content of the stored traffic pattern is identical to a content of an original traffic pattern stored in advance in the pattern matching apparatus; (c) allocating a content index of the content of the original traffic pattern to the content of the stored traffic pattern if the content of the stored traffic pattern is identical to the content of the original traffic pattern; and (d) determining whether a header combination structure of the original traffic pattern comprises only one content structure or more than one content structure and allocating a header index of the header combination structure of the stored traffic pattern to the header combination structure of the original traffic pattern if the header combination structure of the original traffic pattern is found to comprise only one content structure. Accordingly, it is possible to efficiently use hardware memories with limited storage capacities and effectively perform a pattern matching function.

摘要翻译： 提供了一种存储模式匹配策略的方法和一种控制警报消息的方法。 该方法包括：（a）生成内容结构作为作为新应用于模式匹配装置的策略的存储的流量模式的头部组合结构的子结构; （b）确定存储的业务模式的内容是否与预先存储在模式匹配装置中的原始业务模式的内容相同; （c）如果存储的业务模式的内容与原始业务模式的内容相同，则将原始业务模式的内容的内容索引分配给所存储的业务模式的内容; 和（d）确定原始业务模式的报头组合结构是否仅包含一个内容结构或多于一个内容结构，并且将所存储的业务模式的报头组合结构的报头索引分配给原始业务的报头组合结构 如果发现原始流量模式的头组合结构仅包含一个内容结构，则模式。 因此，可以有效地使用具有有限存储容量的硬件存储器并且有效地执行模式匹配功能。

公开(公告)号：US08365277B2

公开(公告)日：2013-01-29

申请号：US12331613

申请日：2008-12-10

申请人： Byoung Koo Kim ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Byoung Koo Kim ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F7/04

CPC分类号： H04L63/0263 ,  G06F17/30985 ,  H04L63/1408

摘要： Enclosed are a signature string storage memory optimizing method, a signature string pattern matching method, and a signature matching engine. Signature is tokenized in units of substrings and the tokenized substrings are stored in an internal memory block and an external memory block to optimize a memory storage pattern. Therefore, matching of introduction data to signature patterns is effectively performed.

摘要翻译： 封闭的是签名字符串存储内存优化方法，签名字符串模式匹配方法和签名匹配引擎。 签名以子字符串为单位，令牌化子字符串存储在内部存储块和外部存储器块中，以优化存储器存储模式。 因此，有效地执行引入数据与签名图案的匹配。

公开(公告)号：US20090158427A1

公开(公告)日：2009-06-18

申请号：US12331613

申请日：2008-12-10

申请人： Byoung Koo Kim ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Byoung Koo Kim ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F21/00

CPC分类号： H04L63/0263 ,  G06F17/30985 ,  H04L63/1408

摘要： Enclosed are a signature string storage memory optimizing method, a signature string pattern matching method, and a signature matching engine. Signature is tokenized in units of substrings and the tokenized substrings are stored in an internal memory block and an external memory block to optimize a memory storage pattern. Therefore, matching of introduction data to signature patterns is effectively performed.

摘要翻译： 封闭的是签名字符串存储内存优化方法，签名字符串模式匹配方法和签名匹配引擎。 签名以子字符串为单位，令牌化子字符串存储在内部存储块和外部存储器块中，以优化存储器存储模式。 因此，有效地执行引入数据与签名图案的匹配。

公开(公告)号：US07613669B2

公开(公告)日：2009-11-03

申请号：US11453954

申请日：2006-06-14

申请人： Seung Won Shin ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Seung Won Shin ,  Jin Tae Oh ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06N5/02 ,  G06F9/26 ,  G06F9/34 ,  G06F7/00 ,  G06F17/30

CPC分类号： G06F21/56 ,  G06F17/30949 ,  G06F21/55 ,  G06F21/567 ,  G06K9/62 ,  Y10S707/99936

摘要： A method and apparatus for storing pattern matching data and a pattern matching method using the method and apparatus are provided. The method of storing original data for pattern matching in a pattern matching apparatus includes: dividing the original data into segments of a predetermined size; performing a hash operation on each of the divided segments; determining whether or not the hash operation value of each segment causes a hash collision with a hash operation value stored in a first external memory disposed outside the pattern matching apparatus; and controlling the hash operation value of each segment determined not to cause a hash collision to be stored in the first external memory. According to the method and apparatus, the original data desired to be used for pattern matching can be stored at a faster speed in a pattern matching data storing apparatus.

摘要翻译： 提供一种用于存储模式匹配数据的方法和装置以及使用该方法和装置的模式匹配方法。 在模式匹配装置中存储用于模式匹配的原始数据的方法包括：将原始数据划分成预定大小的段; 对每个分割的段执行散列操作; 确定每个段的散列操作值是否与存储在布置在模式匹配装置外部的第一外部存储器中的散列操作值引起哈希冲突; 并且将被确定为不引起散列冲突的每个段的散列操作值控制在第一外部存储器中。 根据该方法和装置，可以在模式匹配数据存储装置中以更快的速度存储期望用于模式匹配的原始数据。

公开(公告)号：US08140671B2

公开(公告)日：2012-03-20

申请号：US12667130

申请日：2007-11-19

申请人： Chi Yoon Jeong ,  Beom Hwan Chang ,  Seon Gyoung Sohn ,  Geon Lyang Kim ,  Jong Hyun Kim ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Chi Yoon Jeong ,  Beom Hwan Chang ,  Seon Gyoung Sohn ,  Geon Lyang Kim ,  Jong Hyun Kim ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F15/173

CPC分类号： H04L63/1416 ,  G06Q10/06

摘要： There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

摘要翻译： 提供了一种基于安全事件的内容对安全事件进行采样的装置和方法，该装置包括：安全事件累积模块，其收集网络系统中发生的安全事件，并根据所述安全事件的内容存储每种类型的安全事件 安全事件; 安全事件分析模块，通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。 该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

公开(公告)号：US08019865B2

公开(公告)日：2011-09-13

申请号：US12517091

申请日：2007-10-24

申请人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F15/173

CPC分类号： H04L41/28 ,  H04L41/0631 ,  H04L41/22 ,  H04L63/1425 ,  H04L63/20

摘要： There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed.

摘要翻译： 提供了网络安全状态可视化设备和方法，该设备包括：安全事件收集器，从网络安全设备收集原始安全事件信息; 分析安全事件收集器收集的原始安全事件信息并提取对应于安全事件的特征数据的安全事件分析器; 以及三维可视化显示单元，将由安全事件分析器提取的特征数据之间的相关性可视化为要显示的三维屏幕。

公开(公告)号：US07565693B2

公开(公告)日：2009-07-21

申请号：US11023384

申请日：2004-12-29

申请人： Seung Won Shin ,  Jintae Oh ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Seung Won Shin ,  Jintae Oh ,  Ki Young Kim ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/00

CPC分类号： H04L63/1416 ,  H04L63/12 ,  H04L69/22

摘要： The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.

摘要翻译： 本发明涉及网络入侵检测和预防系统。 该系统包括：基于签名的检测装置; 基于异常行为的检测装置; 以及设置在基于签名的检测装置和基于异常行为的检测装置之间的新的签名创建和验证装置，其中如果基于异常行为的检测装置检测到网络攻击可疑包，则新的签名创建和验证装置收集并搜索 检测出公用信息的可疑包，然后根据搜索到的公共信息创建新的签名，同时验证创建的新签名是否适用于基于签名的检测装置，然后注册创建的新的 如果确定所创建的新签名是可应用的，则签名到基于签名的检测设备。

公开(公告)号：US07990305B2

公开(公告)日：2011-08-02

申请号：US12514066

申请日：2007-11-13

申请人： Ji Man Park ,  Young Soo Park ,  Sung Ik Jun ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Ji Man Park ,  Young Soo Park ,  Sung Ik Jun ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： H03M1/82

CPC分类号： H03M1/52 ,  G04F10/105

摘要： A double-integration signal processing apparatus for pulse width amplification and A/D conversion is provided. The current mode double-integration conversion apparatus includes: a current mode double-integration unit which integrates an input current in a predetermined time interval and outputs an integration voltage; a comparison unit which compares the integration voltage output from the current mode double-integration unit with a predetermined comparison voltage V k and outputs an comparison pulse signal; and a gate logic unit which performs a logic operation by using the comparison pulse signal of the comparison unit and an internal signal and outputs an logic operation pulse signal. Accordingly, the current mode double-integration conversion apparatus can be applied to various sensors.

摘要翻译： 提供了用于脉冲宽度放大和A / D转换的双积分信号处理装置。 电流模式双积分转换装置包括：电流模式双积分单元，其以预定时间间隔积分输入电流并输出积分电压; 比较单元，其将来自当前模式双积分单元的积分电压输出与预定比较电压V k进行比较，并输出比较脉冲信号; 以及门逻辑单元，其通过使用比较单元的比较脉冲信号和内部信号来执行逻辑运算，并输出逻辑运算脉冲信号。 因此，电流模式双重积分转换装置可以应用于各种传感器。

公开(公告)号：US20100100619A1

公开(公告)日：2010-04-22

申请号：US12517091

申请日：2007-10-24

申请人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/32

CPC分类号： H04L41/28 ,  H04L41/0631 ,  H04L41/22 ,  H04L63/1425 ,  H04L63/20

摘要： There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed.

摘要翻译： 提供了网络安全状态可视化设备和方法，该设备包括：安全事件收集器，从网络安全设备收集原始安全事件信息; 分析安全事件收集器收集的原始安全事件信息并提取对应于安全事件的特征数据的安全事件分析器; 以及三维可视化显示单元，将由安全事件分析器提取的特征数据之间的相关性可视化为要显示的三维屏幕。