公开(公告)号：US08677488B2

公开(公告)日：2014-03-18

申请号：US13323050

申请日：2011-12-12

申请人： Kyoung-Soon Kang ,  Hak-Suh Kim ,  Boo-Geum Jung ,  Ki-Cheol Jeon ,  Byung-Jun Ahn

发明人： Kyoung-Soon Kang ,  Hak-Suh Kim ,  Boo-Geum Jung ,  Ki-Cheol Jeon ,  Byung-Jun Ahn

IPC分类号： H04L29/06

CPC分类号： H04L63/1458 ,  H04L41/142 ,  H04L43/026 ,  H04L43/0894 ,  H04L63/1425

摘要： Provided is a DDoS attack detection apparatus including an information collecting unit to collect DDoS detection information including rate information about traffic change, variation of a first type flow and a Packet Per Second (PPS) for a second type flow, in which the rate information about traffic change is obtained using packet count of packets input per a unit time, flow count of flows input per the unit time and the byte count of bytes input per the unit time; and a testing unit to calculate a probability of occurrence of the DDoS attack by use of a first probability determined by the rate information about traffic change, a second probability determined by the variation of the first type flow and a third probability determined by the PPS for the second type flow and detect occurrence of the DDoS attack based on the probability of occurrence of the DDoS attack.

摘要翻译： 提供了一种DDoS攻击检测装置，其包括：信息收集单元，用于收集关于流量变化的速率信息，第一类型流的变化和第二类型流的每秒包（Packet Per Second，PPS）的DDoS检测信息，其中关于 使用每单位时间输入的分组的分组计数，每单位时间输入的流量流量和每单位时间输入的字节数字获得流量变化; 以及测试单元，通过使用由关于业务变化的速率信息确定的第一概率来计算DDoS攻击的发生概率，由第一类型流的变化确定的第二概率和由PPS确定的第三概率，用于 根据DDoS攻击的发生概率，第二类流检测DDoS攻击的发生。

公开(公告)号：US08599690B2

公开(公告)日：2013-12-03

申请号：US12911972

申请日：2010-10-26

申请人： Kyoung-Soon Kang ,  Hak Suh Kim ,  Hyunjoo Kang ,  Boo Geum Jung ,  Ki Cheol Jeon ,  Byungjun Ahn

发明人： Kyoung-Soon Kang ,  Hak Suh Kim ,  Hyunjoo Kang ,  Boo Geum Jung ,  Ki Cheol Jeon ,  Byungjun Ahn

IPC分类号： H04L12/26

CPC分类号： H04L47/20 ,  H04L41/5009 ,  H04L43/026 ,  H04L43/16 ,  H04L47/17 ,  Y02D50/30

摘要： A method and an apparatus for fairly allocating resources to network users are provided. The method for fair resource allocation to network users allows the resource allocation apparatus to collect flow information between a user terminal and a service server and aggregates the flow information based on at least one of a user terminal address, a service server address, a user terminal, a service server address, and a service. The allocation resource of the user is controlled to the predetermined recommended bandwidth by using the ratio of the aggregated flow information.

摘要翻译： 提供了一种用于向网络用户公平分配资源的方法和装置。 用于公平资源分配给网络用户的方法允许资源分配装置在用户终端和服务服务器之间收集流信息，并基于用户终端地址，服务服务器地址，用户终端中的至少一个来聚合流信息 ，服务服务器地址和服务。 通过使用聚合流信息的比例将用户的分配资源控制到预定的推荐带宽。

公开(公告)号：US20110134754A1

公开(公告)日：2011-06-09

申请号：US12911972

申请日：2010-10-26

申请人： Kyoung-Soon Kang ,  Hak Suh Kim ,  Hyunjoo Kang ,  Boo Geum Jung ,  Ki Cheol Jeon ,  Byungjun Ahn

发明人： Kyoung-Soon Kang ,  Hak Suh Kim ,  Hyunjoo Kang ,  Boo Geum Jung ,  Ki Cheol Jeon ,  Byungjun Ahn

IPC分类号： H04L12/26

CPC分类号： H04L47/20 ,  H04L41/5009 ,  H04L43/026 ,  H04L43/16 ,  H04L47/17 ,  Y02D50/30

摘要： A method and an apparatus for fairly allocating resources to network users are provided. The method for fair resource allocation to network users allows the resource allocation apparatus to collect flow information between a user terminal and a service server and aggregates the flow information based on at least one of a user terminal address, a service server address, a user terminal, a service server address, and a service. The allocation resource of the user is controlled to the predetermined recommended bandwidth by using the ratio of the aggregated flow information.

摘要翻译： 提供了一种用于向网络用户公平分配资源的方法和装置。 用于公平资源分配给网络用户的方法允许资源分配装置在用户终端和服务服务器之间收集流量信息，并且基于用户终端地址，服务服务器地址，用户终端中的至少一个来聚合流信息 ，服务服务器地址和服务。 通过使用聚合流信息的比例将用户的分配资源控制到预定的推荐带宽。

公开(公告)号：US08634717B2

公开(公告)日：2014-01-21

申请号：US13314741

申请日：2011-12-08

申请人： Kyoung-Soon Kang ,  Hak-Suh Kim ,  Byung-Jun Ahn

发明人： Kyoung-Soon Kang ,  Hak-Suh Kim ,  Byung-Jun Ahn

IPC分类号： H04B10/00

CPC分类号： G06F21/552 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/166

摘要： A Distributed Denial of Service (DDoS) attack detection and defense apparatus and method are provided. The Distributed Denial of Service (DDoS) attack detection and defense apparatus includes: a flow information collection unit to collect, from one or more input packets with an IP address of an attack target system as a destination IP address, flow information including source IP addresses of the input packets and packet counts of one or more flows that are classified for each of the source IP addresses and each of different protocol types; an inspection unit to calculate packets per second (PPS) values of the flows based on the packet counts; and a response unit to determine a DDoS attack response method for each of the flows based on the PPS value and the protocol type of a corresponding flow and to process the corresponding flow using the determined DDoS attack response method.

摘要翻译： 提供了分布式拒绝服务（DDoS）攻击检测和防御设备和方法。 分散拒绝服务（DDoS）攻击检测和防御装置包括：流信息收集单元，从一个或多个输入分组以攻击目标系统的IP地址作为目的地IP地址收集包括源IP地址的流信息 对于源IP地址和不同协议类型中的每一个分类的一个或多个流的输入分组和分组计数; 基于分组计数来计算流的每秒包（PPS）值的检查单元; 以及响应单元，用于基于PPS值和相应流的协议类型来确定每个流的DDoS攻击响应方法，并使用确定的DDoS攻击响应方法来处理相应的流。

公开(公告)号：US20080130601A1

公开(公告)日：2008-06-05

申请号：US11933010

申请日：2007-10-31

申请人： Sun-Me Kim ,  Kyoung-Soon Kang ,  Hae-Sook Kim ,  Jong-Rak Kim ,  Jeong-Jong Lee

发明人： Sun-Me Kim ,  Kyoung-Soon Kang ,  Hae-Sook Kim ,  Jong-Rak Kim ,  Jeong-Jong Lee

IPC分类号： H04L12/28 ,  H04L12/56 ,  H04L29/06

CPC分类号： H04L47/20 ,  H04L12/2856 ,  H04L12/2898 ,  H04L41/5003 ,  H04L47/10 ,  H04L47/14 ,  H04L47/15 ,  H04L47/70 ,  H04L47/765 ,  H04L47/788 ,  H04L47/808 ,  H04L47/824

摘要： A method of allowing a network communication service user (subscriber) to receive a desired network communication service with a constant (the same) quality regardless of being in a wired or wireless communication environment based on a single service level agreement (SLA) of the subscriber is provided. The method of providing the network communication service with the constant quality regardless of the wired or wireless network environment includes: (a) setting a call control policy for a service so that an SLA (service level agreement) of a network communication service user is available for the wired or wireless network; (b) determining whether the user accesses the network through the wired or wireless network; (c) determining whether the user is a wired network home user or a wired network guest user when the user accesses the network through the wired network; and (d) providing a network communication service requested by the user based on the call control policy based on the determination result of (b) and (c) for the user.

摘要翻译： 一种允许网络通信服务用户（订户）以不变（相同）质量接收期望的网络通信服务的方法，而不管基于用户的单一服务水平协议（SLA）在有线或无线通信环境中 被提供。 无论有线或无线网络环境如何，提供具有恒定质量的网络通信服务的方法包括：（a）为服务设置呼叫控制策略，使得网络通信服务用户的SLA（服务水平协议）可用 用于有线或无线网络; （b）确定用户是否通过有线或无线网络访问网络; （c）当用户通过有线网络访问网络时，确定用户是有线网络家庭用户还是有线网络访客用户; 以及（d）基于用户的（b）和（c）的确定结果，基于呼叫控制策略提供用户请求的网络通信服务。

公开(公告)号：US20080137655A1

公开(公告)日：2008-06-12

申请号：US11980169

申请日：2007-10-30

申请人： Sun Me Kim ,  Kyoung-Soon Kang ,  Dong-Yong Kwak ,  Hae Sook Kim ,  Jong Rak Kim ,  Jeong-Jong Lee ,  Wang Bong Lee ,  Sang Kwon Shin

发明人： Sun Me Kim ,  Kyoung-Soon Kang ,  Dong-Yong Kwak ,  Hae Sook Kim ,  Jong Rak Kim ,  Jeong-Jong Lee ,  Wang Bong Lee ,  Sang Kwon Shin

IPC分类号： H04L12/56

CPC分类号： H04L47/782 ,  H04L47/70

摘要： Provided is a method of resource management and call admission control in an access network in a hierarchical manner.The method of resource management and call admission control in an access network includes: (a) collecting resource information on all of devices constituting the access network and hierarchically constructing the resource information on the access network; (b) when a user requests a connection to the access network, hierarchically extracting position information on the access network from the resource information and connecting the extracted position information to link information in the hierarchically constructed resource information; (c) when a user who succeeds in connecting requests call admission control for an IP communication service, determining an availability of the resources of the hierarchically constructed position information; and (d) when the availability is certified, allocating a band required to the IP communication service to the link information and a part of a margin band of a service class to which the user belongs to respond to the call admission control request.

摘要翻译： 提供了一种以分级方式在接入网中进行资源管理和呼叫准入控制的方法。 接入网中资源管理和呼叫准入控制的方法包括：（a）在构成接入网的所有设备上收集资源信息，并在接入网上分层构建资源信息; （b）当用户请求连接到接入网络时，从资源信息分层提取接入网络上的位置信息，并将所提取的位置信息连接到分层构造的资源信息中的链路信息; （c）当成功连接请求的用户呼叫用于IP通信服务的接纳控制时，确定层次构造的位置信息的资源的可用性; 以及（d）当可用性被认证时，将IP通信服务所需的频带分配给用户所属的链路信息和服务类别的边缘带的一部分以响应于呼叫许可控制请求。