专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20130148510A1 SYSTEM AND METHOD FOR PREVENTING INTRUSION OF ABNORMAL GTP PACKET 有权
标题翻译：防止异常GTP包的侵入的系统和方法
公开(公告)号：US20130148510A1
公开(公告)日：2013-06-13
申请号：US13549273
申请日：2012-07-13
申请人： Dong Wan KANG , Joo Hyung OH , Se Kwon KIM , Jung Sik CHO , Chae Tae IM
发明人： Dong Wan KANG , Joo Hyung OH , Se Kwon KIM , Jung Sik CHO , Chae Tae IM
IPC分类号： H04L12/26 , H04L12/24
CPC分类号： H04L63/1441 , H04L43/12
摘要： Provided are a system and method for preventing the intrusion of an abnormal GPRS tunneling protocol (GTP) packet. The system includes: a system management unit including a monitoring unit which monitors a state of the system and a mode changing unit which changes an operation mode of the system based on the state of the system; a packet capture unit including a packet management unit which stores information about a GTP packet based on the operation mode of the system and a detection result checking unit which determines whether to drop the GTP packet; and a packet detection unit including a packet parsing unit which parses the information about the GTP packet and a packet analysis unit which analyzes the parsed information about the GTP packet, wherein the operation mode of the system is an intrusion prevention system (IPS) mode or a bypass mode.
摘要翻译：提供了防止异常GPRS隧道协议（GTP）分组入侵的系统和方法。该系统包括：系统管理单元，其包括监视系统的状态的监视单元和根据系统的状态改变系统的操作模式的模式改变单元; 分组捕获单元，包括基于系统的操作模式存储关于GTP分组的信息的分组管理单元和确定是否丢弃GTP分组的检测结果检查单元; 以及分组检测单元，其包括解析关于GTP分组的信息的分组解析单元和分析关于GTP分组的解析信息的分组分析单元，其中，系统的操作模式是入侵防御系统（IPS）模式或旁路模式。

2. 发明申请

US20120311709A1 AUTOMATIC MANAGEMENT SYSTEM FOR GROUP AND MUTANT INFORMATION OF MALICIOUS CODES 审中-公开
标题翻译：自动管理系统，用于组合和错误信息的恶意代码
公开(公告)号：US20120311709A1
公开(公告)日：2012-12-06
申请号：US13304981
申请日：2011-11-28
申请人： Hong-Koo Kang , Chae-Tae Im , Joo-Hyung Oh , Jong-Il Jeong , Jin-Kyung Lee , Byoung-Ik Kim , Hyun-Cheol Jeong , Seung-Goo Ji , Tai-Jin Lee
发明人： Hong-Koo Kang , Chae-Tae Im , Joo-Hyung Oh , Jong-Il Jeong , Jin-Kyung Lee , Byoung-Ik Kim , Hyun-Cheol Jeong , Seung-Goo Ji , Tai-Jin Lee
IPC分类号： G06F21/00
CPC分类号： G06F21/56 , G06F8/75
摘要： An automatic management system includes a malicious code group-mutant storage module that receives a malicious codes analysis result from a malicious code collection-analysis system and extracts group information and mutant information of the malicious codes based on the malicious code analysis result, a malicious code group-mutant DB that stores the extracted group information and mutant information, a malicious code group-mutant management module that provides interface to allow a user to detect the group information and mutant information stored in the malicious code group-mutant DB, and a visualizing module that outputs the detection result to the user, wherein the malicious code group-mutant management module that groups malicious codes having action associations using the group information and mutant information stored in the malicious code group-mutant DB, outputs the group information through the visualizing module and outputs the mutant information based on CFG similarity and string similarity through the visualizing module.
摘要翻译：自动管理系统包括恶意代码组 - 突变存储模块，其从恶意代码收集分析系统接收恶意代码分析结果，并基于恶意代码分析结果提取恶意代码的组信息和突变信息，恶意代码存储提取的组信息和突变体信息的组突变体DB，恶意代码组突变体管理模块，其提供接口以允许用户检测存储在恶意代码组突变体DB中的组信息和突变信息，以及可视化向用户输出检测结果的模块，其中，使用存储在恶意代码组突变体DB中的组信息和突变信息分组具有动作关联的恶意代码的恶意代码组突变体管理模块通过可视化输出组信息模块并输出基于CFG相似度的突变信息通过可视化模块进行字符串相似。

3. 发明申请

US20120167220A1 SEED INFORMATION COLLECTING DEVICE AND METHOD FOR DETECTING MALICIOUS CODE LANDING/HOPPING/DISTRIBUTION SITES 审中-公开
标题翻译：收集信息的收集信息和检测恶意代码登陆/篡改/分发站点的方法
公开(公告)号：US20120167220A1
公开(公告)日：2012-06-28
申请号：US13304986
申请日：2011-11-28
申请人： Jong-Il Jeong , Chae-Tae Im , Joo-Hyung Oh , Hong-Koo Kang , Jin-Kyung Lee , Byoung-Ik Kim , Seung-Goo Ji , Tai-Jin Lee , Hyun-Cheol Jeong
发明人： Jong-Il Jeong , Chae-Tae Im , Joo-Hyung Oh , Hong-Koo Kang , Jin-Kyung Lee , Byoung-Ik Kim , Seung-Goo Ji , Tai-Jin Lee , Hyun-Cheol Jeong
IPC分类号： G06F11/00
CPC分类号： G06F21/563
摘要： Provided is seed information collecting device for detecting malicious code landing/hopping/distribution sites. The device comprises: a seed information collecting module collecting social issue keywords from a seed information collecting channel and collecting address information of potential malicious code landing/hopping/distribution sites using the collected social issue keywords; a web source code collecting module collecting web source code of the potential malicious code landing/hopping/distribution sites using the address information of the potential malicious code landing/hopping/distribution sites collected by the seed information collecting module; and a policy management module managing collection policies of the seed information collecting module and the web source code collecting module.
摘要翻译：提供了用于检测恶意代码登陆/跳跃/分发站点的种子信息收集装置。该装置包括：种子信息收集模块，从种子信息采集通道收集社会问题关键词，并使用所收集的社会问题关键词收集潜在的恶意代码登陆/跳出/分发站点的地址信息; 网站源代码收集模块，利用种子信息收集模块收集的潜在恶意代码登陆/跳跃/分发站点的地址信息，收集潜在恶意代码登陆/分发站点的网站源代码; 以及策略管理模块，其管理种子信息收集模块和web源代码收集模块的收集策略。

4. 发明申请

US20110153811A1 SYSTEM AND METHOD FOR MODELING ACTIVITY PATTERNS OF NETWORK TRAFFIC TO DETECT BOTNETS 审中-公开
标题翻译：用于建模网络交通活动模式以检测网络的系统和方法
公开(公告)号：US20110153811A1
公开(公告)日：2011-06-23
申请号：US12821510
申请日：2010-06-23
申请人： Hyun Cheol Jeong , Chae Tae IM , Seung Gao Ji , Joo Hyung Oh , Dong Wan Kang , Tae Jin Lee , Yong Geun Won
发明人： Hyun Cheol Jeong , Chae Tae IM , Seung Gao Ji , Joo Hyung Oh , Dong Wan Kang , Tae Jin Lee , Yong Geun Won
IPC分类号： G06F15/173
CPC分类号： H04L63/14 , H04L2463/144
摘要： The invention relates to a system and method that can detect botnets by classifying the communication activities for each client according to destination or based on similarity between the groups of collected traffic. According to certain aspects of the invention, the communication activities for each client can be classified to model network activity by differentiating the protocols of the collected network traffic based on destination and patterning the subgroups for the respective protocols. Those servers that are estimated to be C&C servers can be classified into download and upload, spam servers and command control servers, within a botnet group detected by modeling network activity, i.e. analyzing network-based activity patterns. Also, botnet groups can be detected by way of a group information management function, for generating an activity pattern-based group matrix based on group data, and a mutual similarity analysis, performed on groups suspected to be botnets from the group information.
摘要翻译：本发明涉及一种系统和方法，可以通过根据目的地对每个客户端的通信活动进行分类，或者根据收集的业务组之间的相似性来检测僵尸网络。根据本发明的某些方面，每个客户端的通信活动可以通过基于目的地区分所收集的网络业务的协议并对各个协议的子组进行构图来分类为对网络活动的建模。估计为C＆C服务器的那些服务器可以分类为下载和上传，垃圾邮件服务器和命令控制服务器，通过建模网络活动检测到的僵尸网络组，即分析基于网络的活动模式。此外，可以通过组信息管理功能来检测僵尸网络组，用于基于组数据生成基于活动模式的组矩阵，以及对从组信息中怀疑为僵尸网络的组执行相互相似性分析。

5. 发明申请

US20110154489A1 SYSTEM FOR ANALYZING MALICIOUS BOTNET ACTIVITY IN REAL TIME 审中-公开
标题翻译：用于实时分析恶意网络活动的系统
公开(公告)号：US20110154489A1
公开(公告)日：2011-06-23
申请号：US12821576
申请日：2010-06-23
申请人： Hyun Cheol Jeong , Chae Tae Im , Seung Goo Ji , Joo Hyung Oh , Dong Wan Kang
发明人： Hyun Cheol Jeong , Chae Tae Im , Seung Goo Ji , Joo Hyung Oh , Dong Wan Kang
IPC分类号： G06F21/00
CPC分类号： H04L63/1416 , H04L2463/144
摘要： A system for analyzing malicious botnet activity in real time is disclosed. This system may include: a control server configured to generate botnet activity information relating to a type of malicious botnet activity, and transmit the botnet activity information to the outside, after receiving bot occurrence information from the outside;and a bot executing server configured to execute a malicious bot corresponding to the bot occurrence information received from the outside in a virtual environment operating system and transmit a real-time botnet detection result to the control server for generating the botnet activity information, according to a control of the control server, wherein the real-time botnet detection result includes information on whether or not the malicious bot performs malicious activity based on a command from a remote command/control server existing independently outside.
摘要翻译：披露了实时分析恶意僵尸网络活动的系统。该系统可以包括：控制服务器，被配置为在从外部接收到bot发生信息之后，生成与一种恶意僵尸网络活动有关的僵尸网络活动信息，并将僵尸网络活动信息发送到外部; 以及机器人执行服务器，被配置为执行与在虚拟环境操作系统中从外部接收到的机器人发生信息相对应的恶意机器人，并且根据一个实施例，将实时僵尸网络检测结果发送到控制服务器以产生僵尸网络活动信息控制服务器的控制，其中实时僵尸网络检测结果包括关于恶意bot是否基于来自独立外部存在的远程命令/控制服务器的命令执行恶意活动的信息。

6. 发明申请

US20100169973A1 System and Method For Detecting Unknown Malicious Code By Analyzing Kernel Based System Actions 审中-公开
标题翻译：通过分析基于内核的系统动作来检测未知恶意代码的系统和方法
公开(公告)号：US20100169973A1
公开(公告)日：2010-07-01
申请号：US12571825
申请日：2009-10-01
申请人： Ki Hong Kim , Ga Ram Jung , Hyun Cheol Jeong , Chae Tae Im , Seung Goo Ji , Sang Kyun Noh , Joo Hyung Oh
发明人： Ki Hong Kim , Ga Ram Jung , Hyun Cheol Jeong , Chae Tae Im , Seung Goo Ji , Sang Kyun Noh , Joo Hyung Oh
IPC分类号： G06F11/00
CPC分类号： G06F21/566
摘要： There is provided a system and method for detecting unknown malicious code by analyzing kernel based system actions. More particularly, the system and method provides an advantage of actively countering unknown malicious code or viruses by monitoring kernel based system events in real time, organizing action data based on the collected event data, determining whether the action data corresponds to predetermined malicious actions, backtracking a subject of a malicious action when the action data is determined to correspond to the malicious action, and processing the malicious action.
摘要翻译：提供了一种通过分析基于内核的系统动作来检测未知恶意代码的系统和方法。更具体地说，系统和方法提供了通过基于所收集的事件数据来监视基于内核的系统事件来主动对抗未知恶意代码或病毒的优点，确定动作数据是否对应于预定的恶意动作，回溯当确定动作数据以对应于恶意动作时的恶意动作的主题，以及处理恶意动作。

7. 发明申请

US20120079594A1 MALWARE AUTO-ANALYSIS SYSTEM AND METHOD USING KERNEL CALLBACK MECHANISM 审中-公开
标题翻译：恶意自动分析系统和使用KERNEL回拨机制的方法
公开(公告)号：US20120079594A1
公开(公告)日：2012-03-29
申请号：US12942700
申请日：2010-11-09
申请人： HYUN CHEOL JEONG , Chae Tae Im , Joo Hyung Oh
发明人： HYUN CHEOL JEONG , Chae Tae Im , Joo Hyung Oh
IPC分类号： G06F11/00
CPC分类号： G06F21/57
摘要： In a malware auto-analysis method using a kernel callback mechanism, a function, present in a kernel driver within a PsSetCreateProcessNotifyRoutine function, is registered by a process monitor driver as a callback function when a computer boot. A function present in a registry monitor driver is registered by the registry monitor driver as a callback function in a CmRegisterCallback function when the driver is loaded. A kernel driver is registered by a file monitor driver as a mini-filter driver in a Filter Manager present in a Windows system. At least one of a process event, a registry event, or an Input/Output (I/O) event is received by a behavior event collector from the process monitor driver, the registry monitor driver, or the file monitor driver, respectively.
摘要翻译：在使用内核回调机制的恶意软件自动分析方法中，存在于PsSetCreateProcessNotifyRoutine函数中的内核驱动程序中的函数在计算机引导时由进程监视器驱动程序注册为回调函数。当驱动程序加载时，注册表监视器驱动程序中存在的功能由注册表监视器驱动程序注册为CmRegisterCallback函数中的回调函数。文件监视器驱动程序将内核驱动程序注册为Windows系统中存在的过滤器管理器中的微型过滤器驱动程序。行为事件收集器分别从进程监视器驱动程序，注册表监视器驱动程序或文件监视器驱动程序接收至少一个进程事件，注册表事件或输入/输出（I / O）事件。

8. 发明申请

US20110154492A1 MALICIOUS TRAFFIC ISOLATION SYSTEM AND METHOD USING BOTNET INFORMATION 审中-公开
标题翻译：恶性交通隔离系统和使用BOTNET信息的方法
公开(公告)号：US20110154492A1
公开(公告)日：2011-06-23
申请号：US12821549
申请日：2010-06-23
申请人： Hyun Cheol Jeong , Chae Tae Im , Seung Goo Ji , Joo Hyung Oh , Dong Wan Kang , Tae Jin Lee , Yong Geun Won
发明人： Hyun Cheol Jeong , Chae Tae Im , Seung Goo Ji , Joo Hyung Oh , Dong Wan Kang , Tae Jin Lee , Yong Geun Won
IPC分类号： G06F21/00
CPC分类号： H04L63/1416 , H04L63/0236 , H04L63/1441 , H04L2463/144
摘要： The present invention relates to a malicious traffic isolation system and method using botnet information, and more particularly, to a malicious traffic isolation system and method using botnet information, in which traffics for a set of clients having the same destination are routed to the isolation system based on a destination IP/Port, and botnet traffics are isolated using botnet information based on similarity among groups of the routed and flowed in traffics. The present invention may provide a malicious traffic isolation method using botnet information, which can accommodate traffics received from a PC or a C&C server infected with a bot into a quarantine area, isolate traffics generated by normal users from traffics transmitted from malicious bots, and block the malicious traffics. In addition, the present invention may provide a malicious traffic isolation method using botnet information, which can provide a function of mitigating DDoS attacks of a botnet.
摘要翻译：本发明涉及使用僵尸网络信息的恶意流量隔离系统和方法，更具体地，涉及使用僵尸网络信息的恶意流量隔离系统和方法，其中具有相同目的地的一组客户端的流量被路由到隔离系统基于目的地IP /端口，并且使用基于路由和流量在业务中的组之间的相似性的僵尸网络信息来分离僵尸网络流量。本发明可以提供一种使用僵尸网络信息的恶意流量隔离方法，其可以将从被感染机器人的PC或C＆C服务器接收到的流量容纳到隔离区域，从而将普通用户生成的流量与恶意机器人传输的流量隔离，并阻止恶意的流量。另外，本发明可以提供使用僵尸网络信息的恶意流量隔离方法，其可以提供减轻僵尸网络的DDoS攻击的功能。

9. 发明授权

US08948019B2 System and method for preventing intrusion of abnormal GTP packet 有权
标题翻译：防止入侵异常GTP包的系统和方法
公开(公告)号：US08948019B2
公开(公告)日：2015-02-03
申请号：US13549273
申请日：2012-07-13
申请人： Dong Wan Kang , Joo Hyung Oh , Se Kwon Kim , Jung Sik Cho , Chae Tae Im
发明人： Dong Wan Kang , Joo Hyung Oh , Se Kwon Kim , Jung Sik Cho , Chae Tae Im
IPC分类号： G06F11/00
CPC分类号： H04L63/1441 , H04L43/12
摘要： Provided are a system and method for preventing the intrusion of an abnormal GPRS tunneling protocol (GTP) packet. The system includes: a system management unit including a monitoring unit which monitors a state of the system and a mode changing unit which changes an operation mode of the system based on the state of the system; a packet capture unit including a packet management unit which stores information about a GTP packet based on the operation mode of the system and a detection result checking unit which determines whether to drop the GTP packet; and a packet detection unit including a packet parsing unit which parses the information about the GTP packet and a packet analysis unit which analyzes the parsed information about the GTP packet, wherein the operation mode of the system is an intrusion prevention system (IPS) mode or a bypass mode.
摘要翻译：提供了防止异常GPRS隧道协议（GTP）分组入侵的系统和方法。该系统包括：系统管理单元，其包括监视系统的状态的监视单元和根据系统的状态改变系统的操作模式的模式改变单元; 分组捕获单元，包括基于系统的操作模式存储关于GTP分组的信息的分组管理单元和确定是否丢弃GTP分组的检测结果检查单元; 以及分组检测单元，其包括解析关于GTP分组的信息的分组解析单元和分析关于GTP分组的解析信息的分组分析单元，其中，系统的操作模式是入侵防御系统（IPS）模式或旁路模式。

10. 发明申请

US20100162350A1 SECURITY SYSTEM OF MANAGING IRC AND HTTP BOTNETS, AND METHOD THEREFOR 审中-公开
标题翻译： IRC和HTTP BOTNETS的安全系统及其方法
公开(公告)号：US20100162350A1
公开(公告)日：2010-06-24
申请号：US12544569
申请日：2009-08-20
申请人： Hyun Cheol JEONG , Chae Tae IM , Seung Goo JI , Sang Kyun NOH , Joo Hyung OH
发明人： Hyun Cheol JEONG , Chae Tae IM , Seung Goo JI , Sang Kyun NOH , Joo Hyung OH
IPC分类号： H04L29/06 , G06F17/00
CPC分类号： H04L63/1416 , H04L2463/144
摘要： The present invention relates to a security system of managing IRC and HTTP botnets and a method therefor. More specifically, the present invention relates to a system and a method that detects a botnet in an Internet service provider network to store information related to the detected botnet in a database and performs security management of IRC and HTTP botnets, including a botnet management security management (BMSM) system, configured to visualize the information related to the detected botnet and establish an against policy related to the detected botnet. Accordingly, the present invention provides a security system of managing IRC and HTTP botnets that can efficiently performs the security management of IRC and HTTP botnets by using the BMSM system
摘要翻译：本发明涉及一种管理IRC和HTTP僵尸网络的安全系统及其方法。更具体地，本发明涉及一种检测互联网服务提供商网络中的僵尸网络的系统和方法，用于将与检测到的僵尸网络相关的信息存储在数据库中，并执行IRC和HTTP僵尸网络的安全管理，包括僵尸网络管理安全管理（BMSM）系统，被配置为可视化与检测到的僵尸网络相关的信息，并建立与检测到的僵尸网络相关的策略。因此，本发明提供了一种管理IRC和HTTP僵尸网络的安全系统，其可以通过使用BMSM系统来有效地执行IRC和HTTP僵尸网络的安全管理

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式