专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090138590A1 APPARATUS AND METHOD FOR DETECTING ANOMALOUS TRAFFIC 有权
标题翻译：用于检测异常交通的装置和方法
公开(公告)号：US20090138590A1
公开(公告)日：2009-05-28
申请号：US12103266
申请日：2008-04-15
申请人： Eun Young LEE , Seung Hyun PAEK , In Sung PARK , Joo Beom YUN , Ki Wook SOHN
发明人： Eun Young LEE , Seung Hyun PAEK , In Sung PARK , Joo Beom YUN , Ki Wook SOHN
IPC分类号： G06F15/173
CPC分类号： H04L63/1425 , H04L43/045
摘要： An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.
摘要翻译：提供了一种用于检测异常流量的装置和方法。更具体地，提供了一种用于基于网络流量熵来检测异常业务的装置和方法。检测异常流量的装置包括：熵抽取模块，用于从网络流量提取熵; 用于基于所述熵产生熵图的可视化模块; 用于基于熵图更新每个网络攻击的图形模型的图形模型体验模块; 以及用于根据每个网络攻击的熵图和图形模型检测异常流量的异常流量检测模块，并将检测结果输出给用户。在装置和方法中，基于网络熵而不是基于业务量的简单统计来检测异常业务，从而可以减少用于检测异常业务的装置的误报率。

2. 发明申请

US20090126023A1 APPARATUS AND METHOD FOR FORECASTING SECURITY THREAT LEVEL OF NETWORK 有权
标题翻译：用于预测网络安全威胁级别的装置和方法
公开(公告)号：US20090126023A1
公开(公告)日：2009-05-14
申请号：US12103069
申请日：2008-04-15
申请人： JooBeom YUN , Seung-Hyun PAEK , InSung PARK , Eun Young LEE , Ki Wook SOHN
发明人： JooBeom YUN , Seung-Hyun PAEK , InSung PARK , Eun Young LEE , Ki Wook SOHN
IPC分类号： G06F21/00
CPC分类号： H04L63/1433 , G06F21/577
摘要： Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.
摘要翻译：提供了一种用于预测网络的安全威胁级别的装置和方法。该装置包括：安全数据收集单元，用于收集从外部网络发送到被管理网络的流量数据和入侵检测数据; 用于收集从安全企业网络发送的恶意代码数据的恶意代码数据收集单元; 时间序列数据变换单元，用于将由安全数据收集单元收集的数据变换为时间序列数据; 网络流量分析单元，用于使用由所述安全数据收集单元收集的数据来分析所述被管理网络的流量分布; 以及用于使用由时间数据变换单元获得的时间序列数据，由网络流量分析单元分析的数据和由恶意代码数据收集单元收集的数据来预测托管网络的安全数据的安全预测引擎。

3. 发明申请

US20090158260A1 APPARATUS AND METHOD FOR AUTOMATICALLY ANALYZING PROGRAM FOR DETECTING MALICIOUS CODES TRIGGERED UNDER SPECIFIC EVENT/CONTEXT 有权
标题翻译：用于自动分析程序的装置和方法，用于检测特定事件/上下文触发的恶意代码
公开(公告)号：US20090158260A1
公开(公告)日：2009-06-18
申请号：US12270897
申请日：2008-11-14
申请人： Jung Hwan MOON , Won Ho KIM , Ki Wook SOHN
发明人： Jung Hwan MOON , Won Ho KIM , Ki Wook SOHN
IPC分类号： G06F9/44
CPC分类号： G06F11/3612 , G06F21/53
摘要： Provided is an apparatus for automatically analyzing a program in order to detect window malicious codes that are programmed to perform malicious behaviors only when a specific event occurs or when a specific program execution condition is satisfied.The automatic program analyzing apparatus includes an automatic analysis engine for analyzing statements in a program and generating program execution information by forcefully executing each statement in the program; an execution information database for storing the program execution information generated by the automatic analysis engine; an execution flow analyzer for analyzing execution flow of the program based on the execution information stored in the execution information database; and an execution result provider for providing a user with an execution result based on the execution flow information analyzed by the execution flow analyzer.
摘要翻译：提供了一种用于自动分析程序以便仅在特定事件发生时或者当满足特定程序执行条件时检测被编程为执行恶意行为的窗口恶意代码的装置。该自动程序分析装置包括一个用于分析程序中的语句并通过强制执行程序中的每个语句来生成程序执行信息的自动分析引擎; 执行信息数据库，用于存储由所述自动分析引擎生成的程序执行信息; 执行流分析器，用于基于存储在执行信息数据库中的执行信息来分析程序的执行流程; 以及执行结果提供者，用于基于由执行流程分析器分析的执行流程信息向用户提供执行结果。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式