公开(公告)号：US20070234425A1

公开(公告)日：2007-10-04

申请号：US11453497

申请日：2006-06-15

申请人： Woonyon Kim ,  Eun Young Lee ,  Sang Hoon Lee ,  Dong Su Nam ,  Joo Beom Yun ,  Jong Moon Lee ,  Miri Joo ,  Dohoon Lee ,  Eungki Park

发明人： Woonyon Kim ,  Eun Young Lee ,  Sang Hoon Lee ,  Dong Su Nam ,  Joo Beom Yun ,  Jong Moon Lee ,  Miri Joo ,  Dohoon Lee ,  Eungki Park

IPC分类号： G06F12/14

CPC分类号： G06F21/552

摘要： A multistep integrated security management system and method using an intrusion detection log collection engine and a traffic statistic generation engine is disclosed. An intrusion detection log collection engine capable of collecting logs generated from diverse intrusion detection engines and a traffic statistic generation engine collect and transmit analyzed data to a control intermediate management server. The control intermediate management server performs more accurate intrusion detection by relationally analyzing the intrusion detection log information and the traffic statistic information. A control uppermost management server performs an integrated security management on a large-scale group subject to control by performing an integrated analysis on a large-scale group subject to control, and thus can support the large-scale integrated security management efficiently.

摘要翻译： 公开了一种使用入侵检测日志收集引擎和流量统计生成引擎的多步骤集成安全管理系统和方法。 一种入侵检测日志收集引擎，能够收集从不同入侵检测引擎生成的日志，流量统计生成引擎收集并将分析的数据传输到控制中间管理服务器。 控制中间管理服务器通过对入侵检测日志信息和流量统计信息进行关联分析，执行更准确的入侵检测。 控制最上层的管理服务器通过对受控制的大型组进行综合分析，对能够进行控制的大型组进行集成的安全管理，从而可以有效地支持大规模集成安全管理。

公开(公告)号：US07779467B2

公开(公告)日：2010-08-17

申请号：US11542320

申请日：2006-10-02

申请人： Daesik Choi ,  Woonyon Kim ,  Dongsu Kim ,  Cheolwon Lee ,  Eungki Park

发明人： Daesik Choi ,  Woonyon Kim ,  Dongsu Kim ,  Cheolwon Lee ,  Eungki Park

IPC分类号： G06F11/34 ,  G08B23/00 ,  G06F12/14

CPC分类号： H04L63/145

摘要： Provided are N grouping of traffic and pattern-free Internet worm response system and method. According to the method, traffic factors generated by respective worms are grouped into N groups so that a great quantity of Information may be effectively understood and a worm generated afterward is involved with characteristics of a relevant group. Damages of a network or a system predictable through already classified N traffic characteristics are defined so that corresponding step-by-step measures are taken. Characteristics of the grouped worms are quantitatively analyzed so that a danger degree of a new worm is predicted when the new worm appears afterward and forecasting and alarming through the prediction are performed. Easiness with which a controlling operator instantly understands an accident using a visualization method having an approximate real-time characteristic is increased, so that detection efficiency for most worms not detected using a conventional rule is increased.

摘要翻译： 提供了N组流量和无模式的互联网蠕虫响应系统和方法。 根据该方法，由各蠕虫产生的交通因素分组为N组，从而可以有效地理解大量信息，并且随后产生的蠕虫涉及相关组的特征。 定义了通过已经分类的N个流量特征可预测的网络或系统的损害，以便采取相应的逐步措施。 分类蠕虫的特征进行定量分析，以便在新蠕虫出现之后预测出新的蠕虫的危险程度，并通过预测进行预报和报警。 控制操作员使用具有近似实时特性的可视化方法即时了解事故的容易度增加，从而增加了使用常规规则未检测到的大多数蠕虫的检测效率。

公开(公告)号：US20070226803A1

公开(公告)日：2007-09-27

申请号：US11453448

申请日：2006-06-15

申请人： Woonyon Kim ,  Dongsoo Kim ,  Daesik Choi ,  Eungki Park

发明人： Woonyon Kim ,  Dongsoo Kim ,  Daesik Choi ,  Eungki Park

IPC分类号： G06F12/14 ,  H04L9/32 ,  G06F11/00 ,  G06F11/30 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： H04L63/145 ,  G06F21/552 ,  G06F21/564 ,  H04L63/0227

摘要： A system and method for detecting Internet worm traffics through classification of traffic characteristics by types is disclosed. The system and method defines Internet worm as a characteristic profile classified into diverse traffic characteristics, detects Internet worm traffics by comparing the similarity of a collected traffic with that of a defined traffic, classifies the type of the Internet worm, and performs severity judgment and alarming. The detection efficiency of most worms, which cannot be detected based on the existing rule, can be increased. Also, the risk grade of the corresponding worm traffic can be quantitatively provided by judging the severity according to the similarity scores and the predefined severity grade. Accordingly, the survival of the entire communication network can be heightened through the countermeasure and the forecast/alarm in steps, and mass information can be effectively seized.

摘要翻译： 公开了一种通过按类型对流量特征进行分类来检测互联网蠕虫流量的系统和方法。 系统和方法将Internet蠕虫定义为分类为不同流量特征的特征，通过比较收集的流量与定义流量的相似性来检测Internet蠕虫流量，对Internet蠕虫的类型进行分类，并进行严重性判断和报警 。 可以增加大多数蠕虫的检测效率，而这些蠕虫根据现有规则无法检测。 另外，通过根据相似度得分和预定义的严重等级判断严重程度，可以定量提供相应的蠕虫流量的风险等级。 因此，整个通信网络的生存可以通过对策和预测/报警步骤来加强，大众信息可以得到有效的抓取。

公开(公告)号：US20070150958A1

公开(公告)日：2007-06-28

申请号：US11542320

申请日：2006-10-02

申请人： Daesik Choi ,  Woonyon Kim ,  Dongsu Kim ,  Cheolwon Lee ,  Eungki Park

发明人： Daesik Choi ,  Woonyon Kim ,  Dongsu Kim ,  Cheolwon Lee ,  Eungki Park

IPC分类号： G06F11/00

CPC分类号： H04L63/145

摘要： Provided are N grouping of traffic and pattern-free Internet worm response system and method. According to the method, traffic factors generated by respective worms are grouped into N groups so that a great quantity of information may be effectively understood and a worn generated afterward is involved with characteristics of a relevant group. Damages of a network or a system predictable through already classified N traffic characteristics are defined so that corresponding step-by-step measures are taken. Characteristics of the grouped worms are quantitatively analyzed so that a danger degree of a new worm is predicted when the new worm appears afterward and a forecast and alarming through the prediction are performed. Easiness with which a controlling operator instantly understands an accident using a visualization method having an approximate real-time characteristic is increased, so that detection efficiency for most of worms not detected using a conventional rule is increased.

摘要翻译： 提供了N组流量和无模式的互联网蠕虫响应系统和方法。 根据该方法，将各蠕虫产生的交通因素分组为N组，从而可以有效地理解大量的信息，并且随后产生的磨损涉及相关组的特征。 定义了通过已经分类的N个流量特征可预测的网络或系统的损害，以便采取相应的逐步措施。 分组蠕虫的特征进行定量分析，以便在新蠕虫出现之后预测出新的蠕虫的危险程度，并通过预测进行预报和报警。 控制操作员使用具有近似实时特性的可视化方法即时了解事故的易感性增加，从而增加了使用常规规则未检测到的大多数蠕虫的检测效率。