专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20060119486A1 Apparatus and method of detecting network attack situation 有权
公开(公告)号：US20060119486A1
公开(公告)日：2006-06-08
申请号：US11081682
申请日：2005-03-17
申请人： Jin Kim , Seon Sohn , Hyochan Bang , Soo Lee , Dongyoung Kim , Beom Chang , Geon Kim , Hyun Kim , Jung Na , Jong Jang , Sung Sohn
发明人： Jin Kim , Seon Sohn , Hyochan Bang , Soo Lee , Dongyoung Kim , Beom Chang , Geon Kim , Hyun Kim , Jung Na , Jong Jang , Sung Sohn
IPC分类号： G08B5/22
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/85 , H04L63/1441
摘要： Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory. Equal numbers of hash engines and detection engines for processing the alarms in the network to the number of data groups classified as network attack situations are formed in a line. Therefore, a network attack situation can be detected in real time based on a great number of alarms indicating intrusion detection.

2. 发明申请

US20070206498A1 Network status display device and method using traffic flow-radar 有权
标题翻译：网络状态显示装置及方法采用交通流雷达
公开(公告)号：US20070206498A1
公开(公告)日：2007-09-06
申请号：US11599909
申请日：2006-11-15
申请人： Beom Chang , Jung Na , Geon Kim , Dong Kim , Jin Kim , Hyun Kim , Hyo Bang , Soo Lee , Seon Sohn , Jong Jang , Sung Sohn
发明人： Beom Chang , Jung Na , Geon Kim , Dong Kim , Jin Kim , Hyun Kim , Hyo Bang , Soo Lee , Seon Sohn , Jong Jang , Sung Sohn
IPC分类号： H04L12/26
CPC分类号： H04L43/045 , H04L43/0817 , H04L43/16
摘要： A network status display device using a traffic flow-radar is provided. The network status display device includes: a traffic feature extractor calculating flow occupancy rates for total flows, micro-flows and macro-flows with respect to each of a plurality of traffic features with reference to traffic information for each traffic feature such as a network address, a port, a transmitting/receiving host address or a protocol collected by an external traffic information collector, and storing the calculation result; a traffic status display unit displaying the flow occupancy rates for each traffic feature calculated and stored in the traffic feature extractor on a radar with dots for each traffic feature; and a traffic anomaly determination unit determining whether a network status is abnormal with reference to the radar for each traffic feature, detecting and reporting the type of the abnormal network status and harmful or abnormal traffic that generates the abnormal network status, when the abnormal status occurs.
摘要翻译：提供了使用交通流量雷达的网络状态显示装置。网络状态显示装置包括：业务特征提取器，参考每个业务特征（例如网络地址）的业务信息来计算关于多个业务特征中的每一个的总流量，微流量和宏流量的流量占用率，端口，发送/接收主机地址或由外部交通信息收集器收集的协议，并存储计算结果; 交通状态显示单元，其显示针对每个交通特征点的雷达上计算并存储在交通特征提取器中的每个交通特征的流量占用率; 以及交通异常判定单元，针对每个流量特征，参照雷达确定网络状态是否异常，检测和报告异常网络状态的类型以及产生异常网络状态的有害或异常流量，当发生异常状态时。

3. 发明申请

US20070074288A1 Network status display device and method using traffic pattern map 有权
标题翻译：网络状态显示设备和使用流量模式图的方法
公开(公告)号：US20070074288A1
公开(公告)日：2007-03-29
申请号：US11527850
申请日：2006-09-26
申请人： Beom Chang , Jung Na , Geon Kim , Dong Kim , Jin Kim , Hyun Kim , Hyo Bang , Soo Lee , Seon Shon , Jong Jang , Sung Sohn
发明人： Beom Chang , Jung Na , Geon Kim , Dong Kim , Jin Kim , Hyun Kim , Hyo Bang , Soo Lee , Seon Shon , Jong Jang , Sung Sohn
IPC分类号： G06F12/14
CPC分类号： H04L43/028 , H04L43/062 , H04L43/16 , H04L63/1408
摘要： A network status display device using a traffic pattern map is provided. The device includes: a traffic feature extractor extracting a port number of a port having the maximum occupancy of micro-flows and macro-flows for each network address section and host address section with reference to traffic information collected by an external traffic information collector, calculating and storing an occupancy rate of the port; a traffic status display unit making a network traffic pattern map expressed by destination-source network addresses and a host traffic pattern map expressed by destination-source host addresses and displaying the port information stored in the traffic feature extractor on the network traffic pattern map and the host traffic pattern map; and a traffic anomaly determination unit determining whether a network status is abnormal with reference to the network traffic pattern map and the host traffic pattern map and detecting and reporting a harmful or abnormal traffic which causes the abnormal network status. The device can determine whether the anomaly deteriorating the network performance exists and can easily and quickly detect the harmful or abnormal traffic which causes the anomaly by the use of the port information of the port having the maximum occupancy of the micro-flows and the macro-flows for each network address section and each host address section.
摘要翻译：提供了使用业务模式图的网络状态显示设备。该设备包括：流量特征提取器，参考由外部交通信息收集器收集的交通信息，提取每个网络地址部分和主机地址部分具有最大占用微流量和宏流量的端口的端口号，计算并存储所述端口的占用率; 形成由目的地源网络地址表示的网络流量模式图的流量状态显示单元和由目的地 - 源主机地址表示的主机流量模式图，并且在网络流量模式图上显示存储在流量特征提取器中的端口信息，并且主机流量模式图; 以及流量异常判定单元，基于网络流量模式图和主机流量模式图来判断网络状态是否异常，并检测并报告导致异常网络状态的有害或异常流量。该设备可以确定异常是否存在网络性能恶化，并可以通过使用具有微流量最大占用端口的端口信息和宏观流量来轻松快速地检测导致异常的有害或异常流量，每个网络地址部分和每个主机地址部分的流程。

4. 发明申请

US20050138425A1 Method of analyzing network attack situation 审中-公开
标题翻译：分析网络攻击情况的方法
公开(公告)号：US20050138425A1
公开(公告)日：2005-06-23
申请号：US10938113
申请日：2004-09-10
申请人： Jin Kim , Soo Lee , Dongyoung Kim , Beom Chang , Jung Na , Sung Sohn , Chee Park
发明人： Jin Kim , Soo Lee , Dongyoung Kim , Beom Chang , Jung Na , Sung Sohn , Chee Park
IPC分类号： H04L12/24 , H04L9/00 , H04L29/06
CPC分类号： H04L63/1408 , H04L63/1441
摘要： Provided is a method for analyzing a network attack situation. The method categorizes network intrusion detection alerts into network attack situations, counts the frequency of same-featured intrusion alert occurrence for each network attack situation using a counting algorithm based on time slots, and analyzes the network attack situation based on the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them. The network attack situation can be correctly detected in real time without relatively being influenced by the size of the network or amount of the occurrence of the intrusion detection alerts.
摘要翻译：提供了一种分析网络攻击情况的方法。该方法将网络入侵检测警报分为网络攻击情况，使用基于时隙的计数算法对每个网络攻击情况的同一入侵警报发生频率进行计数，并根据相同频率的频率分析网络攻击情况入侵检测警报发生，同一特征入侵检测警报发生率，或其AND / OR组合。可以实时正确检测网络攻击情况，而不会受到网络规模或入侵检测警报发生量的影响。

5. 发明申请

US20060098579A1 Apparatus and method for detecting and visualizing anomalies in network traffic 有权
公开(公告)号：US20060098579A1
公开(公告)日：2006-05-11
申请号：US11077638
申请日：2005-03-11
申请人： Beom Chang , Soo Lee , Jin Kim , Jung Na , Jong Jang , Sung Sohn
发明人： Beom Chang , Soo Lee , Jin Kim , Jung Na , Jong Jang , Sung Sohn
IPC分类号： H04L1/00
CPC分类号： H04L41/22 , H04L41/06 , H04L43/0817
摘要： Provided is an apparatus for detecting and visualizing anomalies in network traffic which includes a traffic information storing portion storing information on network traffic, a traffic state display portion presenting a status of the network traffic generated for a predetermined threshold time based on the information on network traffic on an orthogonal coordinates system in a form of a graph connecting at least one point data as a coordinate value, and a traffic anomalies determination portion determining an existence of anomalies in the network traffic based on a shape of the graph.

6. 发明申请

US20070147382A1 Method of storing pattern matching policy and method of controlling alert message 失效
标题翻译：存储模式匹配策略的方法和控制报警信息的方法
公开(公告)号：US20070147382A1
公开(公告)日：2007-06-28
申请号：US11635245
申请日：2006-12-07
申请人： Byoung Kim , Kwang Baik , Jin Oh , Jong Jang , Sung Sohn
发明人： Byoung Kim , Kwang Baik , Jin Oh , Jong Jang , Sung Sohn
IPC分类号： H04L12/56
CPC分类号： H04L12/5602
摘要： A method of storing a pattern matching policy and a method of controlling an alert message are provided. The method includes (a) generating a content structure as a sub-structure of a header combination structure of a stored traffic pattern which is a policy to be newly applied to a pattern matching apparatus; (b) determining whether a content of the stored traffic pattern is identical to a content of an original traffic pattern stored in advance in the pattern matching apparatus; (c) allocating a content index of the content of the original traffic pattern to the content of the stored traffic pattern if the content of the stored traffic pattern is identical to the content of the original traffic pattern; and (d) determining whether a header combination structure of the original traffic pattern comprises only one content structure or more than one content structure and allocating a header index of the header combination structure of the stored traffic pattern to the header combination structure of the original traffic pattern if the header combination structure of the original traffic pattern is found to comprise only one content structure. Accordingly, it is possible to efficiently use hardware memories with limited storage capacities and effectively perform a pattern matching function.
摘要翻译：提供了一种存储模式匹配策略的方法和一种控制警报消息的方法。该方法包括：（a）生成内容结构作为作为新应用于模式匹配装置的策略的存储的流量模式的头部组合结构的子结构; （b）确定存储的业务模式的内容是否与预先存储在模式匹配装置中的原始业务模式的内容相同; （c）如果存储的业务模式的内容与原始业务模式的内容相同，则将原始业务模式的内容的内容索引分配给所存储的业务模式的内容; 和（d）确定原始业务模式的报头组合结构是否仅包含一个内容结构或多于一个内容结构，并且将所存储的业务模式的报头组合结构的报头索引分配给原始业务的报头组合结构如果发现原始流量模式的头组合结构仅包含一个内容结构，则模式。因此，可以有效地使用具有有限存储容量的硬件存储器并且有效地执行模式匹配功能。

7. 发明申请

US20050141423A1 Method of and apparatus for sorting data flows based on bandwidth and liveliness 审中-公开
标题翻译：基于带宽和活力对数据流进行排序的方法和装置
公开(公告)号：US20050141423A1
公开(公告)日：2005-06-30
申请号：US11004426
申请日：2004-12-03
申请人： Jong Lee , Jintae Oh , Jong Jang , Sung Sohn
发明人： Jong Lee , Jintae Oh , Jong Jang , Sung Sohn
IPC分类号： H04L12/28 , H04L12/24 , H04L12/26
CPC分类号： H04L41/0896 , H04L43/026
摘要： A method of and an apparatus for sorting data traffic based on a predetermined priority such as a bandwidth and a liveliness is provided. The method includes operations of: receiving the data flows; sorting the data flows based on bandwidth by defining a plurality of bandwidth ranges and classifying the sorted data flows according to the bandwidth ranges to which the bandwidth of each data flow belongs; and sorting the classified data flows based on liveliness representing frequency of occurrence of the data flows. The sorting of the classified data lows determines that the data flow which is recently received has the higher liveliness and sorts the data flows based on the determination. The method and apparatus facilitates selecting data flows which are possible hostile attack attempts from a vast amount of data traffic and allowing selective and intensive monitoring of the selected data flows.
摘要翻译：提供了一种基于诸如带宽和活力之类的预定优先级对数据业务排序的方法和装置。该方法包括：接收数据流; 通过定义多个带宽范围，根据带宽分配数据流，并根据每个数据流的带宽所属的带宽范围对排序的数据流进行分类; 并根据表示数据流出现频率的生物活动对分类数据流进行排序。分类数据低的排序确定最近接收的数据流具有更高的活力并且基于确定对数据流进行排序。所述方法和装置有助于从大量的数据业务中选择可能的敌对攻击尝试的数据流，并允许选择性和密集地监视所选数据流。

8. 发明申请

US20060123031A1 Prefiltering method and apparatus for prefiltering data stream for pattern matching 审中-公开
标题翻译：用于模式匹配的预过滤数据流的预过滤方法和装置
公开(公告)号：US20060123031A1
公开(公告)日：2006-06-08
申请号：US11244188
申请日：2005-10-05
申请人： Seung Shin , Jin Oh , Ki Kim , Jong Jang , Sung Sohn
发明人： Seung Shin , Jin Oh , Ki Kim , Jong Jang , Sung Sohn
IPC分类号： G06F17/00 , G06F7/00
CPC分类号： H04L69/22 , G06F16/9017 , H04L63/0227
摘要： A prefiltering method and apparatus for prefiltering a data stream for pattern matching are provided. The prefiltering method includes: receiving a data stream; loading previously stored filtering policies; filtering the data stream according to the loaded filtering policies and generating additional filtering information regarding the filtered data stream; determining whether to transmit the data stream to a search engine apparatus that performs pattern matching based on the additional filtering information; and transmitting the data stream to the search engine apparatus if the data stream is determined as requiring transmission. Therefore, it is possible to provide a high-performance pattern matching system that can achieve a high precision of pattern matching.
摘要翻译：提供了一种用于预过滤数据流以进行模式匹配的预过滤方法和装置。预过滤方法包括：接收数据流; 加载以前存储的过滤策略; 根据所加载的过滤策略对数据流进行过滤，并产生关于过滤的数据流的附加过滤信息; 确定是否将数据流发送到基于附加过滤信息执行模式匹配的搜索引擎装置; 以及如果数据流被确定为需要传输，则将数据流发送到搜索引擎装置。因此，可以提供能够实现图案匹配的高精度的高性能图案匹配系统。

9. 发明申请

US20060100888A1 System for managing identification information via internet and method of providing service using the same 审中-公开
标题翻译：通过互联网管理身份信息的系统和使用该身份信息的服务的方法
公开(公告)号：US20060100888A1
公开(公告)日：2006-05-11
申请号：US10994148
申请日：2004-11-19
申请人： Soo Kim , Ki Moon , Jong Jang , Sung Sohn
发明人： Soo Kim , Ki Moon , Jong Jang , Sung Sohn
IPC分类号： G06Q99/00
CPC分类号： H04L63/0823 , G06Q20/3674 , H04L63/104
摘要： The present invention relates to a system for managing user identity information via the Internet and a method of providing a service using the same. The identity information managing system including: an electronic identification certificate issuing device for issuing an electronic identification certificate to authenticate and secure a user identity on the Internet; a service providing device for preparing an electronic contract with a user on the basis of the electronic identification certificate of the user, and providing a service to the user; and a user-side server receiving the service from the service providing device with which the electronic contract with the user is prepared.
摘要翻译：本发明涉及一种通过因特网管理用户身份信息的系统以及使用该系统提供服务的方法。所述身份信息管理系统包括：电子身份证明书发行装置，用于发行电子身份证明书以在互联网上认证和确保用户身份; 一种服务提供装置，用于根据用户的电子识别证书与用户准备电子合同，并向用户提供服务; 以及从所述服务提供装置接收与用户进行电子契约的服务的用户侧服务器。

10. 发明申请

US20070124815A1 Method and apparatus for storing intrusion rule 失效
标题翻译：存储入侵规则的方法和装置
公开(公告)号：US20070124815A1
公开(公告)日：2007-05-31
申请号：US11484257
申请日：2006-07-10
申请人： Kwang Baik , Byoung Kim , Jin Oh , Jong Jang , Sung Sohn
发明人： Kwang Baik , Byoung Kim , Jin Oh , Jong Jang , Sung Sohn
IPC分类号： G06F12/14
CPC分类号： H04L63/1416
摘要： A method and apparatus for storing an intrusion rule are provided. The method stores a new intrusion rule in an intrusion detection system having already stored intrusion rules, and includes: generating combinations of divisions capable of dividing the new intrusion rule into a plurality of partial intrusion rules; calculating the frequency of hash value collisions between each of the generated division combinations and the already stored intrusion rules; dividing the new intrusion rule according to the division combination which has the lowest calculated frequency of hash value collisions; and storing the divided new intrusion rule in a corresponding position of the intrusion detection system. According to the method and apparatus, the size of the storage unit occupied by the intrusion rule can be reduced, and by performing pattern matching, the performance of the intrusion detection system can be enhanced.
摘要翻译：提供了一种用于存储入侵规则的方法和装置。该方法在已经存储了入侵规则的入侵检测系统中存储新的入侵规则，并且包括：生成能够将新的入侵规则划分成多个部分入侵规则的分割组合; 计算每个生成的分割组合与已经存储的入侵规则之间的散列值冲突的频率; 根据哈希值碰撞计算频率最低的划分组合划分新的入侵规则; 并将分割的新入侵规则存储在入侵检测系统的相应位置。根据该方法和装置，可以减少入侵规则占用的存储单元的大小，通过执行模式匹配，能够提高入侵检测系统的性能。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式