专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08230503B2 Method of extracting windows executable file using hardware based on session matching and pattern matching and apparatus using the same 有权
标题翻译：基于会话匹配和模式匹配的硬件提取Windows可执行文件的方法及使用该可执行文件的方法
公开(公告)号：US08230503B2
公开(公告)日：2012-07-24
申请号：US12503288
申请日：2009-08-17
申请人： Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
发明人： Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
IPC分类号： H04L29/06
CPC分类号： H04L63/145 , G06F21/564
摘要： A method and apparatus for extracting a windows executable file that can search for a pattern related to windows executable files among a large quantity of network packets using a hardware-based session tracking and pattern matching technology and that can extract all packets included in the corresponding session are provided. The method of extracting a windows executable file includes: collecting incoming packets having a payload according to a session of a reference packet having an MZ pattern; performing a portable executable (PE) pattern matching for the collected incoming packets; and forming a PE file based on at least one incoming packet satisfying the PE pattern matching.
摘要翻译：一种用于提取Windows可执行文件的方法和装置，其可以使用基于硬件的会话跟踪和模式匹配技术在大量网络分组中搜索与Windows可执行文件相关的模式，并且可以提取包括在相应会话中的所有分组被提供。提取Windows可执行文件的方法包括：根据具有MZ模式的参考分组的会话收集具有有效载荷的传入分组; 对所收集的传入分组执行匹配的便携式可执行（PE）模式; 以及基于满足PE模式匹配的至少一个输入分组形成PE文件。

2. 发明申请

US20100146621A1 METHOD OF EXTRACTING WINDOWS EXECUTABLE FILE USING HARDWARE BASED ON SESSION MATCHING AND PATTERN MATCHING AND APPRATUS USING THE SAME 有权
标题翻译：使用基于会话匹配和图案匹配的硬件提取WINDOWS可执行文件的方法和使用该方法的方法
公开(公告)号：US20100146621A1
公开(公告)日：2010-06-10
申请号：US12503288
申请日：2009-08-17
申请人： Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
发明人： Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
IPC分类号： G06F17/30 , G06F12/14 , G06F11/00 , G06F12/16 , G08B23/00
CPC分类号： H04L63/145 , G06F21/564
摘要： A method and apparatus for extracting a windows executable file that can search for a pattern related to windows executable files among a large quantity of network packets using a hardware-based session tracking and pattern matching technology and that can extract all packets included in the corresponding session are provided. The method of extracting a windows executable file includes: collecting incoming packets having a payload according to a session of a reference packet having an MZ pattern; performing a portable executable (PE) pattern matching for the collected incoming packets; and forming a PE file based on at least one incoming packet satisfying the PE pattern matching.
摘要翻译：一种用于提取Windows可执行文件的方法和装置，其可以使用基于硬件的会话跟踪和模式匹配技术在大量网络分组中搜索与Windows可执行文件相关的模式，并且可以提取包括在相应会话中的所有分组被提供。提取Windows可执行文件的方法包括：根据具有MZ模式的参考分组的会话收集具有有效载荷的传入分组; 对所收集的传入分组执行匹配的便携式可执行（PE）模式; 以及基于满足PE模式匹配的至少一个输入分组形成PE文件。

3. 发明申请

US20090133125A1 METHOD AND APPARATUS FOR MALWARE DETECTION 审中-公开
标题翻译：用于恶意软件检测的方法和装置
公开(公告)号：US20090133125A1
公开(公告)日：2009-05-21
申请号：US12209249
申请日：2008-09-12
申请人： Yang Seo Choi , Ik Kyun Kim , Byoung Koo Kim , Seung Yong Yoon , Dae Won Kim , Jin Tae Oh , Jong Soo Jang
发明人： Yang Seo Choi , Ik Kyun Kim , Byoung Koo Kim , Seung Yong Yoon , Dae Won Kim , Jin Tae Oh , Jong Soo Jang
IPC分类号： G06F21/00
CPC分类号： G06F21/562 , G06F21/56
摘要： The present invention relates to an apparatus and method for detecting malware. The malware detection apparatus and method of the present invention determines whether a file is malware or not by analyzing the header of an executable file. Since the malware detection apparatus and method can quickly detect presence of malware, it can shorten detection time considerably. The malware detection apparatus and method can also detect even unknown malware as well as known malware to thereby estimate and determine presence of malware. Therefore, it is possible to cope with malware in advance, protect a system with a program, and increase security level remarkably.
摘要翻译：本发明涉及一种用于检测恶意软件的装置和方法。本发明的恶意软件检测装置和方法通过分析可执行文件的标题来确定文件是否是恶意软件。由于恶意软件检测装置和方法可以快速检测恶意软件的存在，因此可以大大缩短检测时间。恶意软件检测装置和方法还可以检测甚至未知的恶意软件以及已知的恶意软件，从而估计和确定恶意软件的存在。因此，可以提前应对恶意软件，用程序保护系统，显着提高安全等级。

4. 发明申请

US20070297410A1 Real-time stateful packet inspection method and apparatus 有权
标题翻译：实时状态报文检测方法及装置
公开(公告)号：US20070297410A1
公开(公告)日：2007-12-27
申请号：US11633174
申请日：2006-12-04
申请人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
发明人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
IPC分类号： H04L12/56
CPC分类号： H04L63/0227 , H04L63/0254 , H04L67/14
摘要： A real-time stateful packet inspection method and apparatus is provided, which uses a session table processing method that can efficiently generate state information. In the apparatus, a session table stores session data of a packet received from an external network. A hash key generator hashes a parameter extracted from the received packet and generates a hash pointer of the session table corresponding to the packet. A session detection module searches the session table for a session corresponding to the received packet. A session management module performs management of the session table such as addition, deletion, and change of sessions of the session table. A packet inspection module generates state information corresponding to the received packet from both directionality information of the packet and entry header information of the packet stored in the session table and then inspects the packet based on the generated state information.
摘要翻译：提供了一种实时状态包检测方法和装置，其使用可以有效地生成状态信息的会话表处理方法。在该装置中，会话表存储从外部网络接收到的分组的会话数据。哈希密钥生成器从接收到的分组中提取参数，并生成与分组对应的会话表的哈希指针。会话检测模块在会话表中搜索与接收到的分组相对应的会话。会话管理模块执行会话表的管理，例如会话表的会话的添加，删除和更改。分组检查模块从分组的方向性信息和存储在会话表中的分组的条目标题信息两者生成对应于接收到的分组的状态信息，然后基于生成的状态信息来检查分组。

5. 发明授权

US07831822B2 Real-time stateful packet inspection method and apparatus 有权
标题翻译：实时状态报文检测方法及装置
公开(公告)号：US07831822B2
公开(公告)日：2010-11-09
申请号：US11633174
申请日：2006-12-04
申请人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
发明人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
IPC分类号： H04L9/00 , H04L9/32 , G06F11/00
CPC分类号： H04L63/0227 , H04L63/0254 , H04L67/14
摘要： A real-time stateful packet inspection method and apparatus is provided, which uses a session table processing method that can efficiently generate state information. In the apparatus, a session table stores session data of a packet received from an external network. A hash key generator hashes a parameter extracted from the received packet and generates a hash pointer of the session table corresponding to the packet. A session detection module searches the session table for a session corresponding to the received packet. A session management module performs management of the session table such as addition, deletion, and change of sessions of the session table. A packet inspection module generates state information corresponding to the received packet from both directionality information of the packet and entry header information of the packet stored in the session table and then inspects the packet based on the generated state information.
摘要翻译：提供了一种实时状态包检测方法和装置，其使用可以有效地生成状态信息的会话表处理方法。在该装置中，会话表存储从外部网络接收到的分组的会话数据。哈希密钥生成器从接收到的分组中提取参数，并生成与分组对应的会话表的哈希指针。会话检测模块在会话表中搜索与接收到的分组相对应的会话。会话管理模块执行会话表的管理，例如会话表的会话的添加，删除和更改。分组检查模块从分组的方向性信息和存储在会话表中的分组的条目标题信息两者生成对应于接收到的分组的状态信息，然后基于生成的状态信息来检查分组。

6. 发明授权

US07818786B2 Apparatus and method for managing session state 有权
标题翻译：用于管理会话状态的装置和方法
公开(公告)号：US07818786B2
公开(公告)日：2010-10-19
申请号：US11298114
申请日：2005-12-08
申请人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
发明人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
IPC分类号： G06F7/04
CPC分类号： H04L63/0254 , H04L63/1458
摘要： An apparatus and method for managing a session state are provided. The apparatus for managing a session state during transmission control protocol (TCP) handshaking includes: a session index unit producing and managing an index including 5-tuple information of a session corresponding to an input packet; a detailed information manager generating and managing an entry by extracting state information of a session in which a predetermined time does not pass after the session has been completely established, to respond to an intrusion detection against the input packet when the index is produced; a brief information manager generating and managing an entry including state information, which includes states of session connection and disconnection and directionality of the input packet, of a session in which a predetermined time elapses after the session has been completely established; and a search unit searching an index of the session corresponding to the input packet in the session index unit, and, if an index does not exist, searching the brief information manager after the session has been completely established.
摘要翻译：提供了一种用于管理会话状态的装置和方法。用于在传输控制协议（TCP）握手期间管理会话状态的装置包括：会话索引单元，产生和管理包括对应于输入分组的会话的5元组信息的索引; 详细信息管理器，通过提取在会话完全建立之后预定时间不通过的会话的状态信息来生成和管理条目，以在产生索引时响应对输入分组的入侵检测; 生成和管理包括状态信息的条目的条目，该状态信息包括在会话已经完全建立之后经过预定时间的会话的会话连接和断开的状态以及输入分组的方向性; 以及搜索单元，在会话索引单元中搜索对应于输入分组的会话的索引，并且如果索引不存在，则在会话完全建立之后搜索简要信息管理器。

7. 发明授权

US07386733B2 Alert transmission apparatus and method for policy-based intrusion detection and response 失效
标题翻译：用于基于策略的入侵检测和响应的警报传输设备和方法
公开(公告)号：US07386733B2
公开(公告)日：2008-06-10
申请号：US10448414
申请日：2003-05-30
申请人： Seung Yong Yoon , Gae II Ahn , Ki Young Kim , Jong Soo Jang
发明人： Seung Yong Yoon , Gae II Ahn , Ki Young Kim , Jong Soo Jang
IPC分类号： G06F11/00 , G06F12/14 , H04B17/00 , H04L29/06 , G06F11/30
CPC分类号： H04L63/1408
摘要： An alert transmission apparatus for a policy-based intrusion detection and response has a central policy server (CPS) and an intrusion detection and response system (IDRS). In the CPS, a policy management tool generates security policy information and then stores the generated security policy information in a policy repository. A COPS-IDR server sends the information to the IDRS and an IDMEF-XML-type alert transmission message to a high-level module. An IDMEF-XML message parsing and translation module stores a parsed and translated IDMEF-XML-type alert transmission message in an alert DB or provides the message to an alert viewer. In the IDRS, a COPS-IDR client generates the IDMEF-XML-type alert transmission message and provides the message to the CPS. An intrusion detection module detects an intrusion. An intrusion response module responds to the intrusion. An IDMEF-XML message building module generates an IDMEF-XML alert message and provides the message to the COPS-IDR client.
摘要翻译：用于基于策略的入侵检测和响应的警报传输装置具有中央策略服务器（CPS）和入侵检测和响应系统（IDRS）。在CPS中，策略管理工具生成安全策略信息，然后将生成的安全策略信息存储在策略存储库中。 COPS-IDR服务器将信息发送到IDRS和IDMEF-XML型警报传输消息到高级模块。 IDMEF-XML消息解析和翻译模块将解析和翻译的IDMEF-XML类型警报传输消息存储在警报DB中，或者将消息提供给警报查看器。在IDRS中，COPS-IDR客户端生成IDMEF-XML类型的警报传输消息，并将消息提供给CPS。入侵检测模块检测入侵。入侵响应模块响应入侵。 IDMEF-XML消息构建模块生成IDMEF-XML警报消息，并将消息提供给COPS-IDR客户端。

8. 发明授权

US08800039B2 System and method for determining application layer-based slow distributed denial of service (DDoS) attack 有权
标题翻译：用于确定基于应用层的慢分布式拒绝服务（DDoS）攻击的系统和方法
公开(公告)号：US08800039B2
公开(公告)日：2014-08-05
申请号：US13572230
申请日：2012-08-10
申请人： Seung Yong Yoon
发明人： Seung Yong Yoon
IPC分类号： G06F21/00
CPC分类号： H04L63/1458 , G06F21/554 , H04L63/0254
摘要： A technology for defending a Distributed Denial-of-Service (DDoS) attack is provided. A system for determining an application layer-based slow DDoS attack may include a packet collecting unit to collect a packet in a network, a packet parsing unit to extract at least one header field from the collected packet, and a DDoS attack determining unit to determine whether a DDoS attack against the packet is detected, using a session table and a flow table.
摘要翻译：提供了一种防御分布式拒绝服务（DDoS）攻击的技术。用于确定基于应用层的慢DDoS攻击的系统可以包括：收集网络中的分组的分组收集单元，从收集的分组提取至少一个报头字段的分组解析单元，以及DDoS攻击确定单元，是否检测到针对数据包的DDoS攻击，使用会话表和流表。

9. 发明授权

US09562216B2 Microfluidic platform for cell culturing, and cell culturing method using same 有权
标题翻译：用于细胞培养的微流控平台，以及使用其的细胞培养方法
公开(公告)号：US09562216B2
公开(公告)日：2017-02-07
申请号：US14233759
申请日：2012-07-03
申请人： Seung Yong Yoon , Se Gyeong Joo , Ha Lim Song , Dong Hou Kim
发明人： Seung Yong Yoon , Se Gyeong Joo , Ha Lim Song , Dong Hou Kim
IPC分类号： C12N5/0793 , C12N5/02 , C12M3/06 , C12M1/00
CPC分类号： C12N5/0619 , C12M23/16 , C12M23/34
摘要： Provided are a microfluidic platform for cell culturing and a cell culturing method using the same. By applying a structure of a compartment which surrounds at least a portion of an annular reservoir and moving cells to be cultured to a site adjacent to a microchannel via rotation, a probability of observing cells that grew after culturing may increase and a probability of causing cells, particularly neurons, to grow so as to correspond to a signal transfer direction may increase.
摘要翻译：提供了用于细胞培养的微流体平台和使用其的细胞培养方法。通过将环状容器的至少一部分和待培养的移动细胞的细胞结构应用于通过旋转与微通道相邻的位置，观察培养后生长的细胞的可能性可能增加，并引起细胞的可能性特别是神经元生长以对应于信号传递方向可能增加。

10. 发明授权

US08966627B2 Method and apparatus for defending distributed denial-of-service (DDoS) attack through abnormally terminated session 有权
标题翻译：通过异常终止会话来防御分布式拒绝服务（DDoS）攻击的方法和装置
公开(公告)号：US08966627B2
公开(公告)日：2015-02-24
申请号：US13612749
申请日：2012-09-12
申请人： Seung Yong Yoon
发明人： Seung Yong Yoon
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： G06F21/00 , H04L63/0254 , H04L63/1458 , H04L63/166
摘要： There are provided a method and apparatus for defending a Distributed Denial-of-Service (DDoS) attack through abnormally terminated sessions. The DDoS attack defending apparatus includes: a session tracing unit configured to parse collected packets, to extract header information from the collected packets, to trace one or more abnormally terminated sessions corresponding to one of pre-defined abnormally terminated session cases, based on the header information, and then to count the number of the abnormally terminated sessions; and an attack detector configured to compare the number of the abnormally terminated sessions to a predetermined threshold value, and to determine whether a DDoS attack has occurred, according to the results of the comparison. Therefore, it is possible to significantly reduce a false-positive rate of detection of a DDoS attack and the amount of computation for detection of a DDoS attack.
摘要翻译：提供了通过异常终止的会话来防御分布式拒绝服务（DDoS）攻击的方法和装置。 DDoS攻击防御装置包括：会话跟踪单元，被配置为解析收集的报文，从收集的报文中提取报头信息，根据报头跟踪一个或多个对应于预定义异常终止的会话情况的异常终止的会话信息，然后计算异常终止的会话的数量; 以及攻击检测器，被配置为根据比较的结果将异常终止的会话的数量与预定阈值进行比较，并确定是否已经发生DDoS攻击。因此，可以显着降低DDoS攻击的检测的假阳性率和DDoS攻击检测的计算量。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式