会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明授权
    • Apparatus and method of detecting network attack situation
    • 检测网络攻击情况的方法及装置
    • US07596810B2
    • 2009-09-29
    • US11081682
    • 2005-03-17
    • Jin Oh KimSeon Gyoung SohnHyochan BangSoo Hyung LeeDongyoung KimBeom Hwan ChangGeon Lyang KimHyun Joo KimJung Chan NaJong Soo JangSung Won Sohn
    • Jin Oh KimSeon Gyoung SohnHyochan BangSoo Hyung LeeDongyoung KimBeom Hwan ChangGeon Lyang KimHyun Joo KimJung Chan NaJong Soo JangSung Won Sohn
    • G08B23/00G06F15/173
    • H04L63/1416G06F21/552G06F21/85H04L63/1441
    • Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory. Equal numbers of hash engines and detection engines for processing the alarms in the network to the number of data groups classified as network attack situations are formed in a line. Therefore, a network attack situation can be detected in real time based on a great number of alarms indicating intrusion detection.
    • 提供了一种用于检测网络攻击情况的装置。 该装置包括接收在连接有报警接收器的网络中升起的多个报警的报警接收机,将报警转换成预定报警数据,并输出报警数据; 报警处理器根据报警数据的属性和产生报警数据的次数分析网络中的攻击情况; 存储器,用于存储分析网络状态并将基本数据提供给报警处理器所需的基本数据; 以及将所述报警处理器的分析结果发送到外部设备的接口,从外部设备接收预定的临界值,所述临时值是用于确定所述攻击情况的发生的基础,并且将所述临界值输出到所述报警处理器 使得报警处理器可以将临界值存储在存储器中。 在网络中形成等同数量的散列引擎和检测引擎,用于将网络中的警报处理为分类为网络攻击情况的数据组的数量。 因此,可以基于大量表示入侵检测的告警来实时检测网络攻击情况。
    • 5. 发明申请
    • APPARATUS AND METHOD OF DETECTING NETWORK ATTACK SITUATION
    • 检测网络攻击状况的装置和方法
    • US20090094699A1
    • 2009-04-09
    • US12275906
    • 2008-11-21
    • Jin Oh KIMSeon Gyoung SohnHyochan BangSoo Hyung LeeDongyoung KimBeom Hwan ChangGeon Lyang KimHyun Joo KimJung Chan NaJong Soo JangSung Won Sohn
    • Jin Oh KIMSeon Gyoung SohnHyochan BangSoo Hyung LeeDongyoung KimBeom Hwan ChangGeon Lyang KimHyun Joo KimJung Chan NaJong Soo JangSung Won Sohn
    • G06F15/18G08B23/00
    • H04L63/1416G06F21/552G06F21/85H04L63/1441
    • Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory. Equal numbers of hash engines and detection engines for processing the alarms in the network to the number of data groups classified as network attack situations are formed in a line. Therefore, a network attack situation can be detected in real time based on a great number of alarms indicating intrusion detection.
    • 提供了一种用于检测网络攻击情况的装置。 该装置包括接收在连接有报警接收器的网络中升起的多个报警的报警接收机,将报警转换成预定报警数据,并输出报警数据; 报警处理器根据报警数据的属性和产生报警数据的次数分析网络中的攻击情况; 存储器,用于存储分析网络状态并将基本数据提供给报警处理器所需的基本数据; 以及将所述报警处理器的分析结果发送到外部设备的接口,从外部设备接收预定的临界值,所述临时值是用于确定所述攻击情况的发生的基础,并且将所述临界值输出到所述报警处理器 使得报警处理器可以将临界值存储在存储器中。 在网络中形成等同数量的散列引擎和检测引擎,用于将网络中的警报处理为分类为网络攻击情况的数据组的数量。 因此,可以基于大量表示入侵检测的告警来实时检测网络攻击情况。
    • 6. 发明授权
    • Web-based traceback system and method using reverse caching proxy
    • 基于Web的追溯系统和使用反向缓存代理的方法
    • US08341721B2
    • 2012-12-25
    • US12467462
    • 2009-05-18
    • Jong Hyun KimGeon Lyang KimJong Ho RyuChi Yoon JeongSeon Gyoung SohnBeom Hwan ChangJung-Chan NaHyun Sook Cho
    • Jong Hyun KimGeon Lyang KimJong Ho RyuChi Yoon JeongSeon Gyoung SohnBeom Hwan ChangJung-Chan NaHyun Sook Cho
    • G06F15/16G06F15/173
    • H04L67/22H04L63/0281H04L63/1441H04L67/2857
    • Provided are a web-based traceback system and method using reverse caching proxy, which can effectively protect a web server against various attacks launched by illegitimate user by acquiring network information and location information of users who attempt to access the web server through an anonymous server, without a requirement of installing any agent program in the users' clients. The web-based traceback system may include a reverse caching proxy server receiving a hypertext transfer protocol (HTTP) packet transmitted to a web server by a client, analyzing the header of the HTTP packet and determining whether the client has attempted to access the web server through an anonymous server based on the results of the analysis; and a web tracking server generating a response page for the HTTP packet upon receiving the results of the determination performed by the reverse caching proxy server, inserting a tracking code in the response page, and providing the response page to the client through the reverse caching proxy server, wherein the tracking code is automatically executed in a web browser of the client and thus provides network information of the client to the web tracking server.
    • 提供了一种使用反向缓存代理的基于web的追溯系统和方法,可以通过获取尝试通过匿名服务器访问Web服务器的用户的网络信息和位置信息,有效地保护Web服务器免受非法用户发起的各种攻击, 而不需要在用户的客户端中安装任何代理程序。 基于web的追溯系统可以包括反向高速缓存代理服务器,其接收由客户端发送到web服务器的超文本传输​​协议(HTTP)分组,分析HTTP分组的报头并确定客户端是否尝试访问web服务器 通过匿名服务器根据分析结果; 以及网页跟踪服务器,在接收到反向高速缓存代理服务器执行的确定结果时,为HTTP分组生成响应页面,在响应页面中插入跟踪代码,并通过反向缓存代理向客户端提供响应页面 服务器,其中跟踪代码在客户端的web浏览器中自动执行,从而将该客户端的网络信息提供给web跟踪服务器。
    • 10. 发明申请
    • GIS BASED NETWORK INFORMATION MONITORING-SYSTEM
    • 基于GIS的网络信息监控系统
    • US20100030892A1
    • 2010-02-04
    • US12471005
    • 2009-05-22
    • Chi Yoon JeongBeom Hwan ChangSeon Gyoung SohnGeon Lyang KimJong Hyun KimJong Ho RyuJung Chan NaHyun Sook Cho
    • Chi Yoon JeongBeom Hwan ChangSeon Gyoung SohnGeon Lyang KimJong Hyun KimJong Ho RyuJung Chan NaHyun Sook Cho
    • G06F15/173
    • H04L63/1416H04L63/1441
    • Disclosed is a GIS based network information monitoring system that intuitively combines GIS based geographic information with traffic information and a security event, expresses the combined geographic information on a display, and does not need position calibration of network information when the traffic information and the security event are expressed. The GIS based network information monitoring system includes: a geographic information processing module receiving network information from an external network device, containing GIS based geographic information, and creating geographic information corresponding to location information in response to the location information; and a network information processing module mapping the network information to geographic information corresponding to the location information to express the mapped network information, connecting an attack site of a packet causing a security problem, an intermediate site, and a target site using lines, and intuitively expressing the network information by varying the widths and colors of the lines according to the attack type and danger level of the packet.
    • 公开了一种基于GIS的网络信息监控系统,其将基于GIS的地理信息与交通信息和安全事件直观结合,在显示器上表示组合的地理信息,并且当交通信息和安全事件不需要网络信息的位置校准 被表达。 基于GIS的网络信息监控系统包括:地理信息处理模块,从外部网络设备接收包含GIS的地理信息的网络信息,并响应于位置信息创建与位置信息对应的地理信息; 以及网络信息处理模块,将网络信息映射到与位置信息对应的地理信息,以表示映射的网络信息,使用线连接引起安全问题的分组的攻击位置,中间站点和目标站点,并且直观地 通过根据分组的攻击类型和危险等级改变线路的宽度和颜色来表达网络信息。