专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US07571477B2 Real-time network attack pattern detection system for unknown network attack and method thereof 有权
标题翻译：用于未知网络攻击的实时网络攻击模式检测系统及其方法
公开(公告)号：US07571477B2
公开(公告)日：2009-08-04
申请号：US11088975
申请日：2005-03-24
申请人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
发明人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F21/00
CPC分类号： H04L63/1408
摘要： In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.
摘要翻译：在实时网络攻击模式检测系统和方法中，从被怀疑是网络攻击（如蠕虫）的数据包实时检测到一个共同的模式，以有效地阻止攻击。该系统包括：可疑包检测器，用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元，用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元，用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器，用于接收可疑包检测器的输出数据，第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表，用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。

12. 发明申请

US20090158427A1 SIGNATURE STRING STORAGE MEMORY OPTIMIZING METHOD, SIGNATURE STRING PATTERN MATCHING METHOD, AND SIGNATURE STRING MATCHING ENGINE 有权
标题翻译：签名STRING存储优化方法，签名字符串匹配方法和签名字符串匹配引擎
公开(公告)号：US20090158427A1
公开(公告)日：2009-06-18
申请号：US12331613
申请日：2008-12-10
申请人： Byoung Koo Kim , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
发明人： Byoung Koo Kim , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F21/00
CPC分类号： H04L63/0263 , G06F17/30985 , H04L63/1408
摘要： Enclosed are a signature string storage memory optimizing method, a signature string pattern matching method, and a signature matching engine. Signature is tokenized in units of substrings and the tokenized substrings are stored in an internal memory block and an external memory block to optimize a memory storage pattern. Therefore, matching of introduction data to signature patterns is effectively performed.
摘要翻译：封闭的是签名字符串存储内存优化方法，签名字符串模式匹配方法和签名匹配引擎。签名以子字符串为单位，令牌化子字符串存储在内部存储块和外部存储器块中，以优化存储器存储模式。因此，有效地执行引入数据与签名图案的匹配。

13. 发明授权

US07417951B2 Apparatus and method for limiting bandwidths of burst aggregate flows 失效
标题翻译：用于限制突发聚合流的带宽的装置和方法
公开(公告)号：US07417951B2
公开(公告)日：2008-08-26
申请号：US10934545
申请日：2004-09-03
申请人： Gaeil An , Ki Young Kim , Jong Soo Jang
发明人： Gaeil An , Ki Young Kim , Jong Soo Jang
IPC分类号： H04L12/28
CPC分类号： H04L47/10 , H04L47/11 , H04L47/12 , H04L47/29 , H04L63/1458
摘要： Provided are an apparatus and method for limiting bandwidths of burst aggregate flows according to the present invention. The apparatus comprises: a bandwidth measuring unit measuring a bandwidth of at least one input aggregate flow; a grade determining unit determining abnormal grades according to abnormal levels of the input aggregate flows; a bandwidth limit determining unit determining a bandwidth volume and aggregate flow to be limited; a bandwidth limiting unit inputting a result determined by the bandwidth limit determining unit, limiting or releasing a bandwidth of a aggregate flow selected among the input aggregate flows and outputting the selected aggregate flow; and a status information storage unit storing status information including a usage bandwidth, an abnormal grade, and a limited bandwidth volume of the input aggregate flow. Accordingly, the apparatus and method provide an effect of dropping attack aggregate flows corresponding to excessive traffic while not influencing normal aggregate flows.
摘要翻译：提供了根据本发明的用于限制突发集束流的带宽的装置和方法。该装置包括：带宽测量单元，测量至少一个输入聚合流的带宽; 等级确定单元根据输入的总流的异常水平确定异常等级; 带宽限制确定单元，确定要限制的带宽量和聚合流; 带宽限制单元，输入由所述带宽限制确定单元确定的结果，限制或释放在所述输入聚合流中选择的聚合流的带宽并输出所选择的聚合流; 以及状态信息存储单元，其存储包括输入聚合流的使用带宽，异常等级和有限带宽量的状态信息。因此，该装置和方法提供了在不影响正常聚合流的情况下，减少对应于过多流量的攻击聚合流的效果。

14. 发明申请

US20070233735A1 Apparatus for filtering malicious multimedia data using sequential processing and method thereof 有权
标题翻译：用于使用顺序处理过滤恶意多媒体数据的装置及其方法
公开(公告)号：US20070233735A1
公开(公告)日：2007-10-04
申请号：US11633989
申请日：2006-12-05
申请人： Seung Wan Han , Chi Yoon Jeong , SuGil Choi , Taek Yong Nam , Jong Soo Jang
发明人： Seung Wan Han , Chi Yoon Jeong , SuGil Choi , Taek Yong Nam , Jong Soo Jang
IPC分类号： G06F7/00
CPC分类号： H04L63/1416 , G06F21/563 , G06F2221/033 , H04L63/0236
摘要： An apparatus for filtering malicious multimedia data using sequential processing and a method thereof are provided. The apparatus includes: a maliciousness classification model training unit extracting a predetermined feature from at least one or more types of moving pictures and then, through machine training, generating a maliciousness determination model for each of at least one or more classes; a malicious data classification unit sequentially inputting input moving pictures for which maliciousness is required to be determined, to the maliciousness determination model, and determining the maliciousness class of the input moving pictures, based on a probability that data at a determination time of the input moving pictures belongs to a predetermined maliciousness class, and an accumulated maliciousness probability to a current time; and a malicious information filtering unit cutting off service if the maliciousness class belongs to a predetermined reference maliciousness class.
摘要翻译：提供了使用顺序处理来过滤恶意多媒体数据的装置及其方法。该装置包括：恶意分类模型训练单元，从至少一种或多种类型的运动图像提取预定特征，然后通过机器训练为至少一个或多个类别中的每一个产生恶意确定模型; 恶意数据分类单元根据输入移动的确定时刻的数据的概率顺序输入需要确定恶意的输入运动图像到恶意判定模型，并确定输入的运动图像的恶意等级图片属于预定的恶意类，累积到当前时间的恶意概率; 恶意信息过滤单元如果恶意类属于预定的参考恶意类，则切断服务。

15. 发明申请

US20070101353A1 Apparatus and method for blocking harmful multimedia contents in personal computer through intelligent screen monitoring 审中-公开
标题翻译：通过智能屏幕监控在个人电脑中屏蔽有害多媒体内容的装置和方法
公开(公告)号：US20070101353A1
公开(公告)日：2007-05-03
申请号：US11443660
申请日：2006-05-31
申请人： Chi Yoon Jeong , Seung Wan Han , Su Gil Choi , Taek Yong Nam , Jong Soo Jang
发明人： Chi Yoon Jeong , Seung Wan Han , Su Gil Choi , Taek Yong Nam , Jong Soo Jang
IPC分类号： H04H9/00
CPC分类号： G06K9/00711
摘要： An apparatus and method for blocking harmful multimedia contents in a personal computer using intelligent screen monitoring are provided. The apparatus includes a screen capture determination unit determining a screen capture time based on the status of a personal computer; an active screen capture unit capturing a screen displaying an active program at the screen capture time; an image harmfulness determination unit determining the harmfulness of the captured screen; and a harmful program blocking unit blocking the program displayed on the captured screen, if the screen is determined to be harmful. The method and apparatus can be used to block access to harmful multimedia contents in real time using a screen capture method in which a screen of the personal computer is captured intelligently, harmfulness of the captured screen is determined, and a corresponding program using the captured screen is blocked.
摘要翻译：提供了一种使用智能屏幕监控来阻止个人计算机中的有害多媒体内容的装置和方法。该装置包括：屏幕捕获确定单元，基于个人计算机的状态确定屏幕捕获时间; 主动屏幕捕获单元在屏幕捕获时间捕获显示活动节目的屏幕; 图像有害因素确定单元，确定捕获的屏幕的有害性; 如果屏幕被确定为有害的，则有害的程序阻止单元阻止捕获的屏幕上显示的程序。该方法和装置可以用于使用屏幕捕获方法来实时阻止对有害多媒体内容的访问，其中智能地捕获个人计算机的屏幕，确定捕获的屏幕的有害性以及使用所捕获的屏幕的相应程序被封锁。

16. 发明授权

US08166545B2 Method and apparatus for detecting executable code 失效
标题翻译：用于检测可执行代码的方法和装置
公开(公告)号：US08166545B2
公开(公告)日：2012-04-24
申请号：US12044393
申请日：2008-03-07
申请人： Dae Won Kim , Yang Seo Choi , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang
发明人： Dae Won Kim , Yang Seo Choi , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang
IPC分类号： G06F11/00
CPC分类号： H04L43/18 , H04L63/1408 , H04L63/145
摘要： There are provided an apparatus and method for detecting an executable code, capable of verifying reliability of an extracted signature by determining whether there is present an executable code in network data by using instruction pattern information related calling mechanism of function for distinguishing the executable code from a non-executable code, the method including: forming instructions by reverse assembling network data suspicious as an attack; comparing the respective formed instructions with instruction patterns according to calling mechanism of function; and determining whether there is present an executable code in the network data according to a result of the comparing.
摘要翻译：提供了一种用于检测可执行代码的装置和方法，其能够通过使用指令模式信息相关的调用机制来确定是否存在网络数据中的可执行代码来验证提取的签名的可靠性，以便将可执行代码与不可执行代码，该方法包括：通过将可疑的网络数据反向组合为攻击来形成指令; 根据功能的调用机制将各形成的指令与指令模式进行比较; 以及根据所述比较的结果确定是否存在所述网络数据中的可执行代码。

17. 发明授权

US08140671B2 Apparatus and method for sampling security events based on contents of the security events 有权
标题翻译：基于安全事件内容对安全事件进行采样的装置和方法
公开(公告)号：US08140671B2
公开(公告)日：2012-03-20
申请号：US12667130
申请日：2007-11-19
申请人： Chi Yoon Jeong , Beom Hwan Chang , Seon Gyoung Sohn , Geon Lyang Kim , Jong Hyun Kim , Jong Ho Ryu , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
发明人： Chi Yoon Jeong , Beom Hwan Chang , Seon Gyoung Sohn , Geon Lyang Kim , Jong Hyun Kim , Jong Ho Ryu , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F15/173
CPC分类号： H04L63/1416 , G06Q10/06
摘要： There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.
摘要翻译：提供了一种基于安全事件的内容对安全事件进行采样的装置和方法，该装置包括：安全事件累积模块，其收集网络系统中发生的安全事件，并根据所述安全事件的内容存储每种类型的安全事件安全事件; 安全事件分析模块，通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

18. 发明授权

US08019865B2 Method and apparatus for visualizing network security state 有权
标题翻译：可视化网络安全状态的方法和装置
公开(公告)号：US08019865B2
公开(公告)日：2011-09-13
申请号：US12517091
申请日：2007-10-24
申请人： Beom Hwan Chang , Chi Yoon Jeong , Seon Gyoung Sohn , Soo Hyung Lee , Hyo Chan Bang , Geon Lyang Kim , Hyun Joo Kim , Won Joo Park , Jong Ho Ryu , Jong Hyun Kim , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
发明人： Beom Hwan Chang , Chi Yoon Jeong , Seon Gyoung Sohn , Soo Hyung Lee , Hyo Chan Bang , Geon Lyang Kim , Hyun Joo Kim , Won Joo Park , Jong Ho Ryu , Jong Hyun Kim , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F15/173
CPC分类号： H04L41/28 , H04L41/0631 , H04L41/22 , H04L63/1425 , H04L63/20
摘要： There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed.
摘要翻译：提供了网络安全状态可视化设备和方法，该设备包括：安全事件收集器，从网络安全设备收集原始安全事件信息; 分析安全事件收集器收集的原始安全事件信息并提取对应于安全事件的特征数据的安全事件分析器; 以及三维可视化显示单元，将由安全事件分析器提取的特征数据之间的相关性可视化为要显示的三维屏幕。

19. 发明授权

US07565693B2 Network intrusion detection and prevention system and method thereof 有权
标题翻译：网络入侵检测和预防系统及其方法
公开(公告)号：US07565693B2
公开(公告)日：2009-07-21
申请号：US11023384
申请日：2004-12-29
申请人： Seung Won Shin , Jintae Oh , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
发明人： Seung Won Shin , Jintae Oh , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , H04L63/12 , H04L69/22
摘要： The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.
摘要翻译：本发明涉及网络入侵检测和预防系统。该系统包括：基于签名的检测装置; 基于异常行为的检测装置; 以及设置在基于签名的检测装置和基于异常行为的检测装置之间的新的签名创建和验证装置，其中如果基于异常行为的检测装置检测到网络攻击可疑包，则新的签名创建和验证装置收集并搜索检测出公用信息的可疑包，然后根据搜索到的公共信息创建新的签名，同时验证创建的新签名是否适用于基于签名的检测装置，然后注册创建的新的如果确定所创建的新签名是可应用的，则签名到基于签名的检测设备。

20. 发明申请

US20090161864A1 BLOCK CIPHER ARIA SUBSTITUTION APPARATUS AND METHOD 有权
标题翻译：块芯片替代设备和方法
公开(公告)号：US20090161864A1
公开(公告)日：2009-06-25
申请号：US12176649
申请日：2008-07-21
申请人： Sang-Woo Lee , Yong-Sung Jeon , Seungmin Lee , Donghyuk Lee , Taek Yong Nam , Jong Soo Jang
发明人： Sang-Woo Lee , Yong-Sung Jeon , Seungmin Lee , Donghyuk Lee , Taek Yong Nam , Jong Soo Jang
IPC分类号： H04L9/06
CPC分类号： H04L9/0631 , H04L2209/122 , H04L2209/125
摘要： A block cipher ARIA substitution apparatus, the apparatus includes a first Sbox operation unit for performing operations of a substitution box S1 and a substitution box S1−1; a second Sbox operation unit for performing operations of a substitution box S2 and a substitution box S2−1; and a control unit for determining modes of the first Sbox operation unit and the second Sbox operation unit. The first Sbox operation unit has a first inverse affine transformation unit for performing an inverse affine operation for obtaining S1−1; a finite field inverse element operation unit for computing an inverse element of GF(28) or a result value of the first inverse affine transformation unit; a first affine transformation unit for performing an affine operation for obtaining S1; and a first and a second multiplexer
摘要翻译：一种分组密码ARIA替代装置，该装置包括：第一Sbox操作单元，用于执行替换框S1和替换框S1-1的操作; 用于执行替代框S2和替代框S2-1的操作的第二Sbox操作单元; 以及用于确定第一Sbox操作单元和第二Sbox操作单元的模式的控制单元。第一Sbox操作单元具有用于执行用于获得S1-1的反向仿射操作的第一反向仿射变换单元; 用于计算GF（28）的逆元素或第一反仿像变换单元的结果值的有限域逆元素运算单元; 用于执行用于获得S1的仿射运算的第一仿射变换单元; 以及第一和第二多路复用器

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式