公开(公告)号：US09537887B2

公开(公告)日：2017-01-03

申请号：US14635962

申请日：2015-03-02

Applicant: Electronics and Telecommunications Research Institute

Inventor： Yang Seo Choi ,  Ik Kyun Kim ,  Min Ho Han ,  Jung Tae Kim ,  Jong Hyun Kim

IPC: G06F21/00 ,  H04L29/06 ,  H04L12/26 ,  G06F21/55

CPC classification number: H04L63/1441 ,  H04L63/1416 ,  H04L63/1425

Abstract: Disclosed are provided a method and a system for network connection chain traceback by using network flow data in order to trace an attack source site for cyber hacking attacks that goes by way of various sites without addition of new equipment of a network or modification a standard protocol when the cyber hacking attack occurs in the Internet and an internal network.

Abstract translation: 提供了一种通过使用网络流数据来网络连接链追溯的方法和系统，以便跟踪通过各种站点进行的网络黑客攻击的攻击源站点，而不添加网络的新设备或修改标准协议 当网络黑客攻击发生在互联网和内部网络时。

公开(公告)号：US10264004B2

公开(公告)日：2019-04-16

申请号：US15345354

申请日：2016-11-07

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung Tae Kim ,  Koo Hong Kang ,  Ik Kyun Kim

IPC: H04L12/26 ,  H04L29/06

Abstract: The method for tracking a cyber hacking is provided. The method of connection fingerprint generation and stepping-stone traceback based on NetFlow includes receiving a traceback request including IP packet attribute information of a victim and an attacker which corresponds to a target connection that is the last connection on a connection chain, generating a fingerprint for an associated connection based on the IP packet attribute information and requesting a NetFlow collector for relevant information, detecting a stepping-stone connection to the target connection which is generated at the time of generation of the fingerprint and instructing to check whether sorted candidate connections are present on the same connection chain as the target connection, and determining an order of the candidate connections based on an attacker host when the candidate connections are determined to be present on the same connection chain as the target connection.

公开(公告)号：US09374381B2

公开(公告)日：2016-06-21

申请号：US14249811

申请日：2014-04-10

Applicant: Electronics and Telecommunications Research Institute

Inventor： Jung Tae Kim ,  Min Ho Han ,  Jong Hoon Lee ,  Ik Kyun Kim ,  Hyun Sook Cho

IPC: G06F11/00 ,  G08B23/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1416 ,  H04L67/2842

Abstract: According to a method and system for real-time malware detection based on web browser plugin, the method and system may connect a web server of a web site through a web browser module, execute a security module through a browser plugin of the web site, update a database for a browser cache of the web site from the web server by the security module, cache a web content of the web site from the web server, match cache data of the web content with the database, and warn about the web content if data matched with the cache data of the web content does not exist in the database.

Abstract translation: 根据基于web浏览器插件的实时恶意软件检测方法和系统，该方法和系统可以通过Web浏览器模块连接网站的Web服务器，通过网站的浏览器插件执行安全模块， 通过安全模块从Web服务器更新网站的浏览器缓存的数据库，从Web服务器缓存网站的网页内容，将网页内容的缓存数据与数据库匹配，并提醒Web内容 如果数据库中不存在与Web内容的缓存数据匹配的数据。

公开(公告)号：US10447715B2

公开(公告)日：2019-10-15

申请号：US15251134

申请日：2016-08-30

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung Tae Kim ,  Koo Hong Kang ,  Ik Kyun Kim

IPC: H04L29/06

Abstract: Disclosed is an apparatus of detecting a distributed reflection denial of service attack, including: a monitoring unit obtaining flow information including an IP and a port number of a source, an IP and a port number of a destination of data, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit detecting the DRDoS attack by using at least one of the number and the size of packets of the first entry and the flow information of the first entry.