公开(公告)号：US07796828B2

公开(公告)日：2010-09-14

申请号：US11633989

申请日：2006-12-05

申请人： Seung Wan Han ,  Chi Yoon Jeong ,  SuGil Choi ,  Taek Yong Nam ,  Jong Soo Jang

发明人： Seung Wan Han ,  Chi Yoon Jeong ,  SuGil Choi ,  Taek Yong Nam ,  Jong Soo Jang

IPC分类号： G06K9/46 ,  G06K9/62

CPC分类号： H04L63/1416 ,  G06F21/563 ,  G06F2221/033 ,  H04L63/0236

摘要： An apparatus for filtering malicious multimedia data using sequential processing and a method thereof are provided. The apparatus includes: a maliciousness classification model training unit extracting a predetermined feature from at least one or more types of moving pictures and then, through machine training, generating a maliciousness determination model for each of at least one or more classes; a malicious data classification unit sequentially inputting input moving pictures for which maliciousness is required to be determined, to the maliciousness determination model, and determining the maliciousness class of the input moving pictures, based on a probability that data at a determination time of the input moving pictures belongs to a predetermined maliciousness class, and an accumulated maliciousness probability to a current time; and a malicious information filtering unit cutting off service if the maliciousness class belongs to a predetermined reference maliciousness class.

摘要翻译： 提供了使用顺序处理来过滤恶意多媒体数据的装置及其方法。 该装置包括：恶意分类模型训练单元，从至少一种或多种类型的运动图像提取预定特征，然后通过机器训练为至少一个或多个类别中的每一个产生恶意确定模型; 恶意数据分类单元根据输入移动的确定时刻的数据的概率顺序输入需要确定恶意的输入运动图像到恶意判定模型，并确定输入的运动图像的恶意等级 图片属于预定的恶意类，累积到当前时间的恶意概率; 恶意信息过滤单元如果恶意类属于预定的参考恶意类，则切断服务。

公开(公告)号：US20070233735A1

公开(公告)日：2007-10-04

申请号：US11633989

申请日：2006-12-05

申请人： Seung Wan Han ,  Chi Yoon Jeong ,  SuGil Choi ,  Taek Yong Nam ,  Jong Soo Jang

发明人： Seung Wan Han ,  Chi Yoon Jeong ,  SuGil Choi ,  Taek Yong Nam ,  Jong Soo Jang

IPC分类号： G06F7/00

CPC分类号： H04L63/1416 ,  G06F21/563 ,  G06F2221/033 ,  H04L63/0236

摘要： An apparatus for filtering malicious multimedia data using sequential processing and a method thereof are provided. The apparatus includes: a maliciousness classification model training unit extracting a predetermined feature from at least one or more types of moving pictures and then, through machine training, generating a maliciousness determination model for each of at least one or more classes; a malicious data classification unit sequentially inputting input moving pictures for which maliciousness is required to be determined, to the maliciousness determination model, and determining the maliciousness class of the input moving pictures, based on a probability that data at a determination time of the input moving pictures belongs to a predetermined maliciousness class, and an accumulated maliciousness probability to a current time; and a malicious information filtering unit cutting off service if the maliciousness class belongs to a predetermined reference maliciousness class.

摘要翻译： 提供了使用顺序处理来过滤恶意多媒体数据的装置及其方法。 该装置包括：恶意分类模型训练单元，从至少一种或多种类型的运动图像提取预定特征，然后通过机器训练为至少一个或多个类别中的每一个产生恶意确定模型; 恶意数据分类单元根据输入移动的确定时刻的数据的概率顺序输入需要确定恶意的输入运动图像到恶意判定模型，并确定输入的运动图像的恶意等级 图片属于预定的恶意类，累积到当前时间的恶意概率; 恶意信息过滤单元如果恶意类属于预定的参考恶意类，则切断服务。

公开(公告)号：US20070101353A1

公开(公告)日：2007-05-03

申请号：US11443660

申请日：2006-05-31

申请人： Chi Yoon Jeong ,  Seung Wan Han ,  Su Gil Choi ,  Taek Yong Nam ,  Jong Soo Jang

发明人： Chi Yoon Jeong ,  Seung Wan Han ,  Su Gil Choi ,  Taek Yong Nam ,  Jong Soo Jang

IPC分类号： H04H9/00

CPC分类号： G06K9/00711

摘要： An apparatus and method for blocking harmful multimedia contents in a personal computer using intelligent screen monitoring are provided. The apparatus includes a screen capture determination unit determining a screen capture time based on the status of a personal computer; an active screen capture unit capturing a screen displaying an active program at the screen capture time; an image harmfulness determination unit determining the harmfulness of the captured screen; and a harmful program blocking unit blocking the program displayed on the captured screen, if the screen is determined to be harmful. The method and apparatus can be used to block access to harmful multimedia contents in real time using a screen capture method in which a screen of the personal computer is captured intelligently, harmfulness of the captured screen is determined, and a corresponding program using the captured screen is blocked.

摘要翻译： 提供了一种使用智能屏幕监控来阻止个人计算机中的有害多媒体内容的装置和方法。 该装置包括：屏幕捕获确定单元，基于个人计算机的状态确定屏幕捕获时间; 主动屏幕捕获单元在屏幕捕获时间捕获显示活动节目的屏幕; 图像有害因素确定单元，确定捕获的屏幕的有害性; 如果屏幕被确定为有害的，则有害的程序阻止单元阻止捕获的屏幕上显示的程序。 该方法和装置可以用于使用屏幕捕获方法来实时阻止对有害多媒体内容的访问，其中智能地捕获个人计算机的屏幕，确定捕获的屏幕的有害性以及使用所捕获的屏幕的相应程序 被封锁。

公开(公告)号：US20070118528A1

公开(公告)日：2007-05-24

申请号：US11507330

申请日：2006-08-21

申请人： Su Gil Choi ,  Seung Wan Han ,  Chi Yoon Jeong ,  Taek Yong Nam ,  Jong Soo Jang

发明人： Su Gil Choi ,  Seung Wan Han ,  Chi Yoon Jeong ,  Taek Yong Nam ,  Jong Soo Jang

IPC分类号： G06F17/30

CPC分类号： H04L63/1441 ,  H04L51/12 ,  H04L63/1483

摘要： An apparatus and a method for blocking access to a phishing web page are provided. The apparatus includes a media collection unit collecting media having a function of connecting to a web page, a management unit managing phishing information comprising at least one of location information on phishing web pages, location information on web pages targeted for phishing, and features of the phishing web pages, a phishing determination unit determining whether a collected medium is connected to a phishing web page and a phishing blocking unit blocking a link connecting to the phishing web page by editing the medium determined to connect to the phishing web page by the phishing determination unit. According to the present invention, damage caused by phishing can be prevented, even when a web page or an e-mail provided by a web site or an e-mail server includes a link connecting to a phishing web page.

摘要翻译： 提供一种用于阻止访问网络钓鱼网页的装置和方法。 该装置包括收集具有连接到网页功能的媒体的媒体收集单元，管理钓鱼信息的管理单元，该钓鱼信息包括钓鱼网页上的位置信息，针对网络钓鱼的网页上的位置信息和 钓鱼网页，网络钓鱼决定单元，其通过编辑通过钓鱼网页确定连接到网络钓鱼网页的媒体来确定所收集的媒体是否连接到网络钓鱼网页，以及网络钓鱼阻止单元，其阻止连接到网络钓鱼网页的链接 单元。 根据本发明，即使由网站或电子邮件服务器提供的网页或电子邮件包括连接到网络钓鱼网页的链接，也可以防止由钓鱼造成的损害。

公开(公告)号：US20100100619A1

公开(公告)日：2010-04-22

申请号：US12517091

申请日：2007-10-24

申请人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/32

CPC分类号： H04L41/28 ,  H04L41/0631 ,  H04L41/22 ,  H04L63/1425 ,  H04L63/20

摘要： There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed.

摘要翻译： 提供了网络安全状态可视化设备和方法，该设备包括：安全事件收集器，从网络安全设备收集原始安全事件信息; 分析安全事件收集器收集的原始安全事件信息并提取对应于安全事件的特征数据的安全事件分析器; 以及三维可视化显示单元，将由安全事件分析器提取的特征数据之间的相关性可视化为要显示的三维屏幕。

公开(公告)号：US20100150008A1

公开(公告)日：2010-06-17

申请号：US12530193

申请日：2008-03-07

申请人： Seon Gyoung Sohn ,  Chi Yoon Jeong ,  Beom Hwan Chang ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Seon Gyoung Sohn ,  Chi Yoon Jeong ,  Beom Hwan Chang ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： H04L12/26

CPC分类号： H04L41/22 ,  H04L43/045 ,  H04L63/1408

摘要： There are provided a network state display apparatus and method capable of easily determining a present network security state in real time by analyzing an abnormality and harmful traffic deteriorating performance of a network in software by using a result of combining essential characteristics of traffic, a distinct dispersion, and an entropy and displaying the network state to be intuitionally recognized, the method including selecting and combining three of a source address, a source port, a destination address, and a destination port of collected traffic and calculating a distinct dispersion and an entropy of a residual one therefrom; displaying the calculated distinct dispersion and entropy on a security radar where the distinct dispersion and the entropy are assigned to an angle and a radius; determining whether a network state is abnormal, based on a result displayed on the security radar; and detecting reporting detailed information on abnormal traffic causing the abnormal network state.

摘要翻译： 提供了一种网络状态显示装置和方法，其能够通过使用组合业务的基本特征的结果分析软件中的网络的异常和有害的业务恶化的性能来实时地容易地确定当前的网络安全状态，不同的分散 以及熵并显示要直观识别的网络状态，所述方法包括选择和组合收集的业务的源地址，源端口，目的地地址和目的地端口中的三个，并计算不同的色散和熵 剩余的一个; 在安全雷达上显示计算出的不同色散和熵，其中明确的色散和熵分配给角度和半径; 基于安全雷达上显示的结果，确定网络状态是否异常; 检测异常网络状态异常报告的详细信息。

公开(公告)号：US20110016208A1

公开(公告)日：2011-01-20

申请号：US12667130

申请日：2007-11-19

申请人： Chi Yoon Jeong ,  Beom Hwan Chang ,  Seon Gyoung Sohn ,  Geon Lyang Kim ,  Jong Hyun Kim ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Chi Yoon Jeong ,  Beom Hwan Chang ,  Seon Gyoung Sohn ,  Geon Lyang Kim ,  Jong Hyun Kim ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F15/173

CPC分类号： H04L63/1416 ,  G06Q10/06

摘要： There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

摘要翻译： 提供了一种基于安全事件的内容对安全事件进行采样的装置和方法，该装置包括：安全事件累积模块，其收集网络系统中发生的安全事件，并根据所述安全事件的内容存储每种类型的安全事件 安全事件; 安全事件分析模块，通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。 该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

公开(公告)号：US08140671B2

公开(公告)日：2012-03-20

申请号：US12667130

申请日：2007-11-19

申请人： Chi Yoon Jeong ,  Beom Hwan Chang ,  Seon Gyoung Sohn ,  Geon Lyang Kim ,  Jong Hyun Kim ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Chi Yoon Jeong ,  Beom Hwan Chang ,  Seon Gyoung Sohn ,  Geon Lyang Kim ,  Jong Hyun Kim ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F15/173

CPC分类号： H04L63/1416 ,  G06Q10/06

摘要： There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

摘要翻译： 提供了一种基于安全事件的内容对安全事件进行采样的装置和方法，该装置包括：安全事件累积模块，其收集网络系统中发生的安全事件，并根据所述安全事件的内容存储每种类型的安全事件 安全事件; 安全事件分析模块，通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。 该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

公开(公告)号：US08019865B2

公开(公告)日：2011-09-13

申请号：US12517091

申请日：2007-10-24

申请人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F15/173

CPC分类号： H04L41/28 ,  H04L41/0631 ,  H04L41/22 ,  H04L63/1425 ,  H04L63/20

摘要： There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed.

摘要翻译： 提供了网络安全状态可视化设备和方法，该设备包括：安全事件收集器，从网络安全设备收集原始安全事件信息; 分析安全事件收集器收集的原始安全事件信息并提取对应于安全事件的特征数据的安全事件分析器; 以及三维可视化显示单元，将由安全事件分析器提取的特征数据之间的相关性可视化为要显示的三维屏幕。

公开(公告)号：US08307441B2

公开(公告)日：2012-11-06

申请号：US12669633

申请日：2007-11-21

申请人： Jong Hyun Kim ,  Geon Lyang Kim ,  Seon Gyoung Sohn ,  Beom Hwan Chang ,  Chi Yoon Jeong ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Jong Hyun Kim ,  Geon Lyang Kim ,  Seon Gyoung Sohn ,  Beom Hwan Chang ,  Chi Yoon Jeong ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/34

CPC分类号： H04L45/00 ,  H04L45/12 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

摘要： There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack.

摘要翻译： 提供了一种通过使用质心分解技术跟踪攻击者的系统和方法，该系统包括：日志数据输入模块，从入侵检测系统收集入侵警报的日志数据; 质心节点检测模块，通过对网络管理服务器收集的网络路由器连接信息应用最短路径算法，生成最短路径树，通过应用质心分解技术检测质心节点，去除叶节点到最短路径树，并生成 每个级别的节点是检测到的质心节点的质心树; 以及回溯处理模块，请求与质心树的每个级别的节点匹配的路由器的日志数据，并且通过比较来跟踪与收集的入侵警报器的日志数据相同的路由器作为连接到攻击者的源的路由器 路由器的日志数据与收集的入侵报警的日志数据。 根据系统和方法，可以快速地检测到导致安全入侵事件的攻击者，系统上的负载减少，并且易于识别暴露于危险或具有弱点的通道主机，从而容易地应对攻击。