专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

US20070297410A1 Real-time stateful packet inspection method and apparatus 有权
标题翻译：实时状态报文检测方法及装置
公开(公告)号：US20070297410A1
公开(公告)日：2007-12-27
申请号：US11633174
申请日：2006-12-04
申请人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
发明人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
IPC分类号： H04L12/56
CPC分类号： H04L63/0227 , H04L63/0254 , H04L67/14
摘要： A real-time stateful packet inspection method and apparatus is provided, which uses a session table processing method that can efficiently generate state information. In the apparatus, a session table stores session data of a packet received from an external network. A hash key generator hashes a parameter extracted from the received packet and generates a hash pointer of the session table corresponding to the packet. A session detection module searches the session table for a session corresponding to the received packet. A session management module performs management of the session table such as addition, deletion, and change of sessions of the session table. A packet inspection module generates state information corresponding to the received packet from both directionality information of the packet and entry header information of the packet stored in the session table and then inspects the packet based on the generated state information.
摘要翻译：提供了一种实时状态包检测方法和装置，其使用可以有效地生成状态信息的会话表处理方法。在该装置中，会话表存储从外部网络接收到的分组的会话数据。哈希密钥生成器从接收到的分组中提取参数，并生成与分组对应的会话表的哈希指针。会话检测模块在会话表中搜索与接收到的分组相对应的会话。会话管理模块执行会话表的管理，例如会话表的会话的添加，删除和更改。分组检查模块从分组的方向性信息和存储在会话表中的分组的条目标题信息两者生成对应于接收到的分组的状态信息，然后基于生成的状态信息来检查分组。

12. 发明授权

US07831822B2 Real-time stateful packet inspection method and apparatus 有权
标题翻译：实时状态报文检测方法及装置
公开(公告)号：US07831822B2
公开(公告)日：2010-11-09
申请号：US11633174
申请日：2006-12-04
申请人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
发明人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
IPC分类号： H04L9/00 , H04L9/32 , G06F11/00
CPC分类号： H04L63/0227 , H04L63/0254 , H04L67/14
摘要： A real-time stateful packet inspection method and apparatus is provided, which uses a session table processing method that can efficiently generate state information. In the apparatus, a session table stores session data of a packet received from an external network. A hash key generator hashes a parameter extracted from the received packet and generates a hash pointer of the session table corresponding to the packet. A session detection module searches the session table for a session corresponding to the received packet. A session management module performs management of the session table such as addition, deletion, and change of sessions of the session table. A packet inspection module generates state information corresponding to the received packet from both directionality information of the packet and entry header information of the packet stored in the session table and then inspects the packet based on the generated state information.
摘要翻译：提供了一种实时状态包检测方法和装置，其使用可以有效地生成状态信息的会话表处理方法。在该装置中，会话表存储从外部网络接收到的分组的会话数据。哈希密钥生成器从接收到的分组中提取参数，并生成与分组对应的会话表的哈希指针。会话检测模块在会话表中搜索与接收到的分组相对应的会话。会话管理模块执行会话表的管理，例如会话表的会话的添加，删除和更改。分组检查模块从分组的方向性信息和存储在会话表中的分组的条目标题信息两者生成对应于接收到的分组的状态信息，然后基于生成的状态信息来检查分组。

13. 发明授权

US07818786B2 Apparatus and method for managing session state 有权
标题翻译：用于管理会话状态的装置和方法
公开(公告)号：US07818786B2
公开(公告)日：2010-10-19
申请号：US11298114
申请日：2005-12-08
申请人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
发明人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
IPC分类号： G06F7/04
CPC分类号： H04L63/0254 , H04L63/1458
摘要： An apparatus and method for managing a session state are provided. The apparatus for managing a session state during transmission control protocol (TCP) handshaking includes: a session index unit producing and managing an index including 5-tuple information of a session corresponding to an input packet; a detailed information manager generating and managing an entry by extracting state information of a session in which a predetermined time does not pass after the session has been completely established, to respond to an intrusion detection against the input packet when the index is produced; a brief information manager generating and managing an entry including state information, which includes states of session connection and disconnection and directionality of the input packet, of a session in which a predetermined time elapses after the session has been completely established; and a search unit searching an index of the session corresponding to the input packet in the session index unit, and, if an index does not exist, searching the brief information manager after the session has been completely established.
摘要翻译：提供了一种用于管理会话状态的装置和方法。用于在传输控制协议（TCP）握手期间管理会话状态的装置包括：会话索引单元，产生和管理包括对应于输入分组的会话的5元组信息的索引; 详细信息管理器，通过提取在会话完全建立之后预定时间不通过的会话的状态信息来生成和管理条目，以在产生索引时响应对输入分组的入侵检测; 生成和管理包括状态信息的条目的条目，该状态信息包括在会话已经完全建立之后经过预定时间的会话的会话连接和断开的状态以及输入分组的方向性; 以及搜索单元，在会话索引单元中搜索对应于输入分组的会话的索引，并且如果索引不存在，则在会话完全建立之后搜索简要信息管理器。

14. 发明授权

US07386733B2 Alert transmission apparatus and method for policy-based intrusion detection and response 失效
标题翻译：用于基于策略的入侵检测和响应的警报传输设备和方法
公开(公告)号：US07386733B2
公开(公告)日：2008-06-10
申请号：US10448414
申请日：2003-05-30
申请人： Seung Yong Yoon , Gae II Ahn , Ki Young Kim , Jong Soo Jang
发明人： Seung Yong Yoon , Gae II Ahn , Ki Young Kim , Jong Soo Jang
IPC分类号： G06F11/00 , G06F12/14 , H04B17/00 , H04L29/06 , G06F11/30
CPC分类号： H04L63/1408
摘要： An alert transmission apparatus for a policy-based intrusion detection and response has a central policy server (CPS) and an intrusion detection and response system (IDRS). In the CPS, a policy management tool generates security policy information and then stores the generated security policy information in a policy repository. A COPS-IDR server sends the information to the IDRS and an IDMEF-XML-type alert transmission message to a high-level module. An IDMEF-XML message parsing and translation module stores a parsed and translated IDMEF-XML-type alert transmission message in an alert DB or provides the message to an alert viewer. In the IDRS, a COPS-IDR client generates the IDMEF-XML-type alert transmission message and provides the message to the CPS. An intrusion detection module detects an intrusion. An intrusion response module responds to the intrusion. An IDMEF-XML message building module generates an IDMEF-XML alert message and provides the message to the COPS-IDR client.
摘要翻译：用于基于策略的入侵检测和响应的警报传输装置具有中央策略服务器（CPS）和入侵检测和响应系统（IDRS）。在CPS中，策略管理工具生成安全策略信息，然后将生成的安全策略信息存储在策略存储库中。 COPS-IDR服务器将信息发送到IDRS和IDMEF-XML型警报传输消息到高级模块。 IDMEF-XML消息解析和翻译模块将解析和翻译的IDMEF-XML类型警报传输消息存储在警报DB中，或者将消息提供给警报查看器。在IDRS中，COPS-IDR客户端生成IDMEF-XML类型的警报传输消息，并将消息提供给CPS。入侵检测模块检测入侵。入侵响应模块响应入侵。 IDMEF-XML消息构建模块生成IDMEF-XML警报消息，并将消息提供给COPS-IDR客户端。

15. 发明授权

US07613669B2 Method and apparatus for storing pattern matching data and pattern matching method using the same 有权
标题翻译：用于存储模式匹配数据的方法和装置以及使用其的模式匹配方法
公开(公告)号：US07613669B2
公开(公告)日：2009-11-03
申请号：US11453954
申请日：2006-06-14
申请人： Seung Won Shin , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
发明人： Seung Won Shin , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06N5/02 , G06F9/26 , G06F9/34 , G06F7/00 , G06F17/30
CPC分类号： G06F21/56 , G06F17/30949 , G06F21/55 , G06F21/567 , G06K9/62 , Y10S707/99936
摘要： A method and apparatus for storing pattern matching data and a pattern matching method using the method and apparatus are provided. The method of storing original data for pattern matching in a pattern matching apparatus includes: dividing the original data into segments of a predetermined size; performing a hash operation on each of the divided segments; determining whether or not the hash operation value of each segment causes a hash collision with a hash operation value stored in a first external memory disposed outside the pattern matching apparatus; and controlling the hash operation value of each segment determined not to cause a hash collision to be stored in the first external memory. According to the method and apparatus, the original data desired to be used for pattern matching can be stored at a faster speed in a pattern matching data storing apparatus.
摘要翻译：提供一种用于存储模式匹配数据的方法和装置以及使用该方法和装置的模式匹配方法。在模式匹配装置中存储用于模式匹配的原始数据的方法包括：将原始数据划分成预定大小的段; 对每个分割的段执行散列操作; 确定每个段的散列操作值是否与存储在布置在模式匹配装置外部的第一外部存储器中的散列操作值引起哈希冲突; 并且将被确定为不引起散列冲突的每个段的散列操作值控制在第一外部存储器中。根据该方法和装置，可以在模式匹配数据存储装置中以更快的速度存储期望用于模式匹配的原始数据。

16. 发明申请

US20110016523A1 APPARATUS AND METHOD FOR DETECTING DISTRIBUTED DENIAL OF SERVICE ATTACK 审中-公开
标题翻译：用于检测分布式服务攻击的装置和方法
公开(公告)号：US20110016523A1
公开(公告)日：2011-01-20
申请号：US12633121
申请日：2009-12-08
申请人： Jintae Oh , YouRi Lee , Yang-Seo Choi , Jong Soo Jang
发明人： Jintae Oh , YouRi Lee , Yang-Seo Choi , Jong Soo Jang
IPC分类号： G06F11/30 , G06F15/16
CPC分类号： H04L63/1458
摘要： An apparatus for detecting a distributed denial of service (DDoS) attack includes: a monitoring unit for monitoring multiple GET requests and responses transmitted and received depending on a session establishment between a client and a server; and an attack detection unit for analyzing the monitored multiple GET requests and responses between the client and the server to detect a traffic of the DDoS attack against the server.
摘要翻译：一种用于检测分布式拒绝服务（DDoS）攻击的装置，包括：监视单元，用于根据客户端和服务器之间的会话建立来监视多个GET请求和响应发送和接收; 以及攻击检测单元，用于分析所监视的多个GET请求和客户端与服务器之间的响应，以检测针对服务器的DDoS攻击的流量。

17. 发明申请

US20110016208A1 APPARATUS AND METHOD FOR SAMPLING SECURITY EVENT BASED ON CONTENTS OF THE SECURITY EVENT 有权
标题翻译：基于安全事件内容采集安全事件的装置和方法
公开(公告)号：US20110016208A1
公开(公告)日：2011-01-20
申请号：US12667130
申请日：2007-11-19
申请人： Chi Yoon Jeong , Beom Hwan Chang , Seon Gyoung Sohn , Geon Lyang Kim , Jong Hyun Kim , Jong Ho Ryu , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
发明人： Chi Yoon Jeong , Beom Hwan Chang , Seon Gyoung Sohn , Geon Lyang Kim , Jong Hyun Kim , Jong Ho Ryu , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F15/173
CPC分类号： H04L63/1416 , G06Q10/06
摘要： There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.
摘要翻译：提供了一种基于安全事件的内容对安全事件进行采样的装置和方法，该装置包括：安全事件累积模块，其收集网络系统中发生的安全事件，并根据所述安全事件的内容存储每种类型的安全事件安全事件; 安全事件分析模块，通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

18. 发明申请

US20100277600A1 SYSTEM AND METHOD FOR IMAGE INFORMATION PROCESSING 有权
标题翻译：用于图像信息处理的系统和方法
公开(公告)号：US20100277600A1
公开(公告)日：2010-11-04
申请号：US12808501
申请日：2008-10-10
申请人： Yun Kyung Lee , Jong Wook Han , Geon Woo Kim , Deok Gyu Lee , Kyo Il Chung , Jong Soo Jang
发明人： Yun Kyung Lee , Jong Wook Han , Geon Woo Kim , Deok Gyu Lee , Kyo Il Chung , Jong Soo Jang
IPC分类号： H04N5/225
CPC分类号： H04L67/16 , H04L67/36
摘要： A system and method for image information processing are disclosed. The system for image information processing includes: at least one image pickup terminal for providing image data picked up through a camera; an image information processing server for processing data collected from at least one image pickup terminal into data of a new format; and an application server for receiving the processed data from the image information processing server and providing the same to at least one user terminal. The amount of transmission data can be reduced and the reliability of information security can be increased since it is possible to allocate unique IDS to a plurality of image pickup terminals and application servers and identify the image pickup terminals and application servers only by their unique IDs without containing any particular information upon data transmission.
摘要翻译：公开了一种用于图像信息处理的系统和方法。用于图像信息处理的系统包括：用于提供通过照相机拾取的图像数据的至少一个图像拾取终端; 图像信息处理服务器，用于处理从至少一个图像拾取终端收集的数据到新格式的数据; 以及应用服务器，用于从图像信息处理服务器接收处理的数据，并将其提供给至少一个用户终端。可以减少传输数据量，并且可以增加信息安全性的可靠性，因为可以向多个图像拾取终端和应用服务器分配唯一的IDS，并且仅通过其唯一的ID识别图像拾取终端和应用服务器，而没有在数据传输时包含任何特定信息。

19. 发明授权

US07596810B2 Apparatus and method of detecting network attack situation 有权
标题翻译：检测网络攻击情况的方法及装置
公开(公告)号：US07596810B2
公开(公告)日：2009-09-29
申请号：US11081682
申请日：2005-03-17
申请人： Jin Oh Kim , Seon Gyoung Sohn , Hyochan Bang , Soo Hyung Lee , Dongyoung Kim , Beom Hwan Chang , Geon Lyang Kim , Hyun Joo Kim , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
发明人： Jin Oh Kim , Seon Gyoung Sohn , Hyochan Bang , Soo Hyung Lee , Dongyoung Kim , Beom Hwan Chang , Geon Lyang Kim , Hyun Joo Kim , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
IPC分类号： G08B23/00 , G06F15/173
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/85 , H04L63/1441
摘要： Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory. Equal numbers of hash engines and detection engines for processing the alarms in the network to the number of data groups classified as network attack situations are formed in a line. Therefore, a network attack situation can be detected in real time based on a great number of alarms indicating intrusion detection.
摘要翻译：提供了一种用于检测网络攻击情况的装置。该装置包括接收在连接有报警接收器的网络中升起的多个报警的报警接收机，将报警转换成预定报警数据，并输出报警数据; 报警处理器根据报警数据的属性和产生报警数据的次数分析网络中的攻击情况; 存储器，用于存储分析网络状态并将基本数据提供给报警处理器所需的基本数据; 以及将所述报警处理器的分析结果发送到外部设备的接口，从外部设备接收预定的临界值，所述临时值是用于确定所述攻击情况的发生的基础，并且将所述临界值输出到所述报警处理器使得报警处理器可以将临界值存储在存储器中。在网络中形成等同数量的散列引擎和检测引擎，用于将网络中的警报处理为分类为网络攻击情况的数据组的数量。因此，可以基于大量表示入侵检测的告警来实时检测网络攻击情况。

20. 发明授权

US07571477B2 Real-time network attack pattern detection system for unknown network attack and method thereof 有权
标题翻译：用于未知网络攻击的实时网络攻击模式检测系统及其方法
公开(公告)号：US07571477B2
公开(公告)日：2009-08-04
申请号：US11088975
申请日：2005-03-24
申请人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
发明人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F21/00
CPC分类号： H04L63/1408
摘要： In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.
摘要翻译：在实时网络攻击模式检测系统和方法中，从被怀疑是网络攻击（如蠕虫）的数据包实时检测到一个共同的模式，以有效地阻止攻击。该系统包括：可疑包检测器，用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元，用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元，用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器，用于接收可疑包检测器的输出数据，第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表，用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式