公开(公告)号：US11991522B2

公开(公告)日：2024-05-21

申请号：US17561868

申请日：2021-12-24

申请人： WINS Co., Ltd.

发明人： Eun Young Joo ,  Yong Sig Jin

IPC分类号： H04W12/106 ,  H04W12/121 ,  H04W28/06

CPC分类号： H04W12/106 ,  H04W12/121 ,  H04W28/065

摘要： An apparatus for traffic security processing in a slicing service of mobile edge computing according to an embodiment of the present invention includes: a plurality of security modules for analyzing a received packet to respectively execute security functions suitable for slicing security of mobile edge computing; a controller for managing a slicing security module list in the mobile edge computing; and a main security module for analyzing a received packet on the basis of the slicing security module list to determine a security function to be executed and priority of the security function to be executed, wherein the controller transmits the received packet to at least one corresponding security module among the plurality of security modules according to the priority of the security function to be executed, which is determined by the main security module.

公开(公告)号：US11582133B2

公开(公告)日：2023-02-14

申请号：US17128826

申请日：2020-12-21

申请人： WINS Co., Ltd.

发明人： Yong Sig Jin

IPC分类号： H04L43/50 ,  H04L47/21 ,  H04L9/40 ,  H04L43/12

摘要： Disclosed is an apparatus for distributed processing of an identical packet in high-speed network security equipment, including: a plurality of analysis modules for each determining whether vulnerability analysis is required by analyzing a received packet; a circular queue for receiving the packet from an analysis module initially determining that the vulnerability analysis is required and storing the received packet as a bucket structure; and a plurality of analysis engines for each performing different vulnerability analyses for the packet acquired from the circular queue based on a packet address of the bucket structure, in which the bucket structure includes a packet data storage unit and packet use information storage units which are as many as the plurality of analysis engines, and the packet use information storage units store packet use information of the plurality of respective analysis engines, respectively.

公开(公告)号：US20220150152A1

公开(公告)日：2022-05-12

申请号：US17128826

申请日：2020-12-21

申请人： WINS Co., Ltd.

发明人： Yong Sig Jin

IPC分类号： H04L12/26 ,  H04L29/06 ,  H04L12/819

摘要： Disclosed is an apparatus for distributed processing of an identical packet in high-speed network security equipment, including: a plurality of analysis modules for each determining whether vulnerability analysis is required by analyzing a received packet; a circular queue for receiving the packet from an analysis module initially determining that the vulnerability analysis is required and storing the received packet as a bucket structure; and a plurality of analysis engines for each performing different vulnerability analyses for the packet acquired from the circular queue based on a packet address of the bucket structure, in which the bucket structure includes a packet data storage unit and packet use information storage units which are as many as the plurality of analysis engines, and the packet use information storage units store packet use information of the plurality of respective analysis engines, respectively.

公开(公告)号：US11025650B2

公开(公告)日：2021-06-01

申请号：US16138254

申请日：2018-09-21

申请人： WINS Co., Ltd.

发明人： Yong Sig Jin ,  Ji Yoon Hwang

IPC分类号： G06F21/00 ,  G06F21/55 ,  G06F21/56 ,  H04L29/06 ,  G06K9/68 ,  G06K9/62

摘要： Provided are a multi-pattern policy detection system and method, wherein, in an environment that operates a plurality of policies for determining matching or non-matching by a string or a normalized format, the plurality of policies are expressed by a data structure that is searchable at a time, and are optimized to improve search performance. The multi-pattern policy detection system includes: a search front stage optimizer configured to register a string of a signature fragment received from a signature fragment list as a registration pattern of a front stage of a signature by taking into account length and uniqueness of the string; a search rear stage optimizer configured to receive the signature fragment from the signature fragment list, and register the signature fragment as a registration pattern of a rear stage when there is no registration signature fragment of the rear stage; and a detection engine configured to perform attack detection by using the front stage of the search front stage optimizer and the rear stage of the search rear stage optimizer.

公开(公告)号：US09510377B2

公开(公告)日：2016-11-29

申请号：US14682965

申请日：2015-04-09

申请人： WINS Co., Ltd.

发明人： Yong Sig Jin

IPC分类号： H04W76/02 ,  H04L12/46 ,  H04L29/06 ,  H04W12/00 ,  H04W76/04

CPC分类号： H04W76/022 ,  H04L12/4633 ,  H04L63/029 ,  H04L63/1441 ,  H04L65/1023 ,  H04L65/1033 ,  H04L65/1069 ,  H04L65/1073 ,  H04W12/00 ,  H04W76/11 ,  H04W76/12 ,  H04W76/22

摘要： The present invention includes creating a session in response to a session setup request for a general packet radio service (GPRS) application service, receiving GTP packet data using GPRS tunneling protocol (GTP) tunnel, performing decoding on the GTP packet data, determining whether there is an attack attributable to malicious behavior based on a predetermined management DB, identifying the type of the GTP packet data as the type of GTP packet for attacked GTP packet data and the type of GTP packet for non-attacked packet data based on a result of the determination, carrying out a predetermined policy for the identified type of GTP packet, performing the standardization of the packet data of each GTP version, determining whether the standardized packet data has been registered with a hash buffer in accordance with the type of pairing message for each command, and processing a session based on a result of the determination.

摘要翻译： 本发明包括响应于通用分组无线业务（GPRS）应用业务的会话建立请求而创建会话，使用GPRS隧道协议（GTP）隧道接收GTP分组数据，对GTP分组数据进行解码，确定是否在 是基于预定管理DB的恶意行为的攻击，将GTP分组数据的类型识别为攻击的GTP分组数据的GTP分组的类型，以及基于以下结果的非攻击分组数据的GTP分组的类型 对所识别的GTP分组执行预定策略，执行每个GTP版本的分组数据的标准化，根据配对消息的类型确定标准化分组数据是否已经与散列缓冲器一起注册 每个命令，并且基于确定的结果来处理会话。

公开(公告)号：US20190207958A1

公开(公告)日：2019-07-04

申请号：US16138254

申请日：2018-09-21

申请人： WINS Co., Ltd.

发明人： Yong Sig Jin ,  Ji Yoon Hwang

IPC分类号： H04L29/06 ,  G06K9/68

CPC分类号： H04L63/1416 ,  G06K9/6878 ,  H04L63/20

摘要： Provided are a multi-pattern policy detection system and method, wherein, in an environment that operates a plurality of policies for determining matching or non-matching by a string or a normalized format, the plurality of policies are expressed by a data structure that is searchable at a time, and are optimized to improve search performance. The multi-pattern policy detection system includes: a search front stage optimizer configured to register a string of a signature fragment received from a signature fragment list as a registration pattern of a front stage of a signature by taking into account length and uniqueness of the string; a search rear stage optimizer configured to receive the signature fragment from the signature fragment list, and register the signature fragment as a registration pattern of a rear stage when there is no registration signature fragment of the rear stage; and a detection engine configured to perform attack detection by using the front stage of the search front stage optimizer and the rear stage of the search rear stage optimizer.

公开(公告)号：US11223641B2

公开(公告)日：2022-01-11

申请号：US16420836

申请日：2019-05-23

申请人： WINS Co., Ltd.

发明人： Yong Sig Jin ,  Ji Yoon Hwang

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F16/2458

摘要： The present disclosure relates to an apparatus and method for reconfiguring a signature used in a signature-based abnormal traffic detection scheme. A signature reconfiguration method of the present disclosure comprises: selecting a signature from a signature list and dividing the selected signature into a plurality of signature fragments; calculating a first impact for each of a plurality of load elements by inspection of the plurality of signature fragments for the plurality of load elements; calculating a second impact for each of the plurality of load elements by applying a weight for each of the plurality of load elements to the first impact; calculating a final load impact for each signature fragment by summing corresponding second impacts to each signature fragment among the calculated second impacts; and rearranging an order of the plurality of signature fragments according to a magnitude of the calculated final load impact.