-
公开(公告)号:US20160006740A1
公开(公告)日:2016-01-07
申请号:US14693782
申请日:2015-04-22
Inventor: Jeong-Han YUN , Heemin KIM , Kyoung-Ho KIM , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
CPC classification number: H04L63/101 , H04L61/6022 , H04L63/0236 , H04L63/162
Abstract: A method and system for extracting an access control list having a predetermined format from packets collected for a predetermined period of time, without requiring TCP flag information. By an information collection unit, network packets and network traffic logs are collected. By the information collection unit, a network traffic log including Media Access Control (MAC), Internet Protocol (IP), and port information is extracted from each network packet. By an information analysis unit, an access control list is generated based on the network traffic log.
Abstract translation: 一种用于从预定时间段内收集的分组提取具有预定格式的访问控制列表的方法和系统,而不需要TCP标志信息。 通过信息采集单元收集网络报文和网络流量日志。 通过信息收集单元,从每个网络包中提取包括媒体访问控制(MAC),因特网协议(IP)和端口信息的网络流量日志。 通过信息分析单元,基于网络流量日志生成访问控制列表。
-
公开(公告)号:US20140344888A1
公开(公告)日:2014-11-20
申请号:US14277360
申请日:2014-05-14
Inventor: Jeong-Han YUN , Heemin KIM , Kyoung-Ho KIM , Woonyon KIM , Byung-gil MIN
IPC: H04L29/06
CPC classification number: H04L63/20 , H04L63/1408
Abstract: A network security apparatus includes a management unit, a security policies monitoring unit, a security monitoring unit, a log security check unit, and a log transmission unit. The management unit receives network security apparatus setting information, security policies and log generation policies from the outside. The security policies monitoring unit checks whether the security policies comply with a set format. If the security policies comply with the set format, the security monitoring unit monitors whether a communication node communicates in compliance with the security policies. The log security check unit generates a monitoring log based on the log generation policies, and checks whether the monitoring log complies with a log setting format. If the monitoring log complies with the log setting format, the log transmission unit transmits the security log to the outside, thereby performing the outside network security.
Abstract translation: 网络安全装置包括管理单元,安全策略监视单元,安全监视单元,日志安全检查单元和日志传输单元。 管理单元从外部接收网络安全设备设置信息,安全策略和日志生成策略。 安全策略监控单元检查安全策略是否符合设置的格式。 如果安全策略符合设定的格式,则安全监控单元监视通信节点是否按照安全策略进行通信。 日志安全检查单元根据日志生成策略生成监控日志,并检查监控日志是否符合日志设置格式。 如果监控日志符合日志设置格式,则日志发送单元将安全日志发送到外部,从而执行外部网络安全。
-
公开(公告)号:US20160080033A1
公开(公告)日:2016-03-17
申请号:US14790074
申请日:2015-07-02
Inventor: Kyoung-Ho KIM , Jeong-Han YUN , Heemin KIM , Manhyun CHUNG , Woonyon KIM , Eung Ki PARK , Sangwoo PARK
CPC classification number: H04B3/50 , H04L45/60 , H04L49/20 , H04L63/02 , H04L63/1425 , H04L63/162
Abstract: A physical unidirectional communication apparatus and method intended to utilize a structure that exploits an electrical signal by which data cannot be transmitted and to guarantee the reliability of data transmission via a transmission method that uses the structure. The physical unidirectional communication apparatus includes a unidirectional data transmission line, a data reception status transmission line, an internal network connection system unit for performing communication with an internal network transmission host and transmitting transmission data to an external network connection system unit through the unidirectional data transmission line, and the external network connection system unit for performing communication with an external network reception host, receiving the transmission data from the internal network connection system unit, generating reception status information of the transmission data, and transmitting the reception status information to the internal network connection system unit through the data reception status transmission line.
Abstract translation: 一种物理单向通信装置和方法,其目的是利用利用不能发送数据的电信号的结构,并且通过使用该结构的传输方法来保证数据传输的可靠性。 物理单向通信装置包括单向数据传输线,数据接收状态传输线,用于与内部网络传输主机进行通信的内部网络连接系统单元,并通过单向数据传输向外部网络连接系统单元发送传输数据 线路和用于与外部网络接收主机进行通信的外部网络连接系统单元,从内部网络连接系统单元接收发送数据,生成发送数据的接收状态信息,以及将接收状态信息发送到内部网络 连接系统单元通过数据接收状态传输线。
-
公开(公告)号:US20150343967A1
公开(公告)日:2015-12-03
申请号:US14475631
申请日:2014-09-03
Inventor: Sungho JEON , Jeong-Han YUN , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
IPC: B60R16/023 , H04L29/06
CPC classification number: B60R16/023 , B60R25/00 , B60R25/30 , H04L9/3228 , H04L12/6418 , H04L63/04 , H04L63/067 , H04L63/0838 , H04L63/1475 , H04L63/1491 , H04L67/12 , H04L2012/40215 , H04L2012/40273 , H04L2209/84 , H04W4/046 , H04W4/48 , H04W12/02 , H04W12/12
Abstract: An apparatus and method for preventing the leakage of vehicle information in a normal communication environment by inserting fake communication data into vehicle communication traffic on a vehicle network. In the method for preventing leakage of vehicle information, a vehicle information leakage prevention apparatus connected to an in-vehicle module analyzes a vehicle communication protocol between the module and another module. It is determined whether encryption has been applied to the vehicle communication protocol, based on results of analysis of the vehicle communication protocol. A method of generating fake communication data is selected depending on whether encryption has been applied to the vehicle communication protocol. A fake communication data is generated depending on the selected method, and the generated fake communication data is transferred to a vehicle information leakage prevention apparatus connected to the other module.
Abstract translation: 一种用于通过将假通信数据插入车辆网络上的车辆通信业务来防止在正常通信环境中泄漏车辆信息的装置和方法。 在防止车辆信息泄漏的方法中,连接到车载模块的车辆信息泄漏防止装置分析模块与另一模块之间的车辆通信协议。 基于车辆通信协议的分析结果,确定是否将加密应用于车辆通信协议。 根据是否将加密应用于车辆通信协议来选择产生假通信数据的方法。 根据所选择的方法产生假通信数据,并且将生成的假通信数据传送到连接到另一个模块的车辆信息泄漏防止装置。
-
5.发明申请APPARATUS AND METHOD FOR IDENTIFYING WEB PAGE FOR INDUSTRIAL CONTROL SYSTEM 审中-公开用于识别工业控制系统网页的装置和方法公开(公告)号:US20160062344A1
公开(公告)日:2016-03-03
申请号:US14741529
申请日:2015-06-17
Inventor: Sungho JEON , Jeong-Han YUN , Woonyon KIM , Eung Ki PARK , Sangwoo PARK
IPC: G05B19/409 , G05B19/408
CPC classification number: G05B19/409 , G05B19/408 , G05B2219/34444 , H04L63/1433
Abstract: An apparatus for identifying a web page for an industrial control system includes an information collection unit and an industrial control system identification unit. The information collection unit receives IP targets, from which web pages are to be collected, from a user, and collects web pages and information from the IP targets. The industrial control system identification unit identifies web pages for one or more industrial control systems with respect to the IP targets based on the information collected by the information collection unit.
Abstract translation: 用于识别工业控制系统的网页的装置包括信息收集单元和工业控制系统识别单元。 信息收集单元从用户接收要收集网页的IP目标,并从IP目标收集网页和信息。 工业控制系统识别单元基于由信息收集单元收集的信息来识别关于IP目标的一个或多个工业控制系统的网页。
-
Patent Agency Ranking
6.发明申请METHOD FOR TRANSMITTING AND RECEIVING FAKE COMMUNICATION DATA AND TERMINAL PERFORMING THE SAME 有权用于发送和接收假信息通信数据的终端和终端执行该方法公开(公告)号:US20150304839A1
公开(公告)日:2015-10-22
申请号:US14474250
申请日:2014-09-01
Inventor: Sungho JEON , Jeong-Han YUN , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
CPC classification number: H04W12/02 , G06Q50/265 , H04K3/65 , H04K3/825 , H04K2203/16 , H04K2203/18 , H04L63/04 , H04L63/1475 , H04M1/68 , H04W4/16
Abstract: A technology for preventing leakage of personal information from traffics of terminals by transmitting and receiving fake communication data artificially generated so that an attacker does not identify normal communication between terminals is provided. A method for transmitting fake communication data includes: making a response request to whether or not a fake communication application is presented in an opponent terminal using an address book registered in a terminal; receiving a response corresponding to the response request and selecting targets to and from which the fake communication data are to be transmitted and received in a terminal list corresponding to the received response; controlling a communication amount depending on the selected targets; and transmitting the fake communication data to a corresponding receiving terminal depending on a control result.
Abstract translation: 提供一种用于通过发送和接收伪造的通信数据来防止个人信息从终端的流量泄漏的技术,从而使攻击者不识别终端之间的正常通信。 用于发送假通信数据的方法包括:使用登记在终端中的地址簿对对手终端中是否呈现假通信应用做出响应请求; 接收对应于所述响应请求的响应,并且在对应于接收到的响应的终端列表中选择要发送和接收假通信数据的目标; 根据所选择的目标控制通信量; 以及根据控制结果将假通信数据发送到对应的接收终端。
-
7.发明申请公开(公告)号:US20150109936A1
公开(公告)日:2015-04-23
申请号:US14289803
申请日:2014-05-29
Inventor: Heemin KIM , Jeong-Han YUN , Kyoung-Ho KIM , Woonyon KIM , Jungtaek SEO , Eungki PARK
IPC: H04L12/26 , H04L12/947
CPC classification number: H04L49/25 , H04L43/022 , H04L43/026 , H04L43/028 , H04L43/14 , H04L63/1408
Abstract: The present invention presents a network apparatus and a selective information monitoring method using the network apparatus, which allow a user to monitor only required information (the field information of packets) from all received packets. The network apparatus one or more physical interfaces connected to a monitoring target host and configured to receive network packets from the monitoring target host, and a switch fabric module including a configurable monitoring module configured to perform filtering so that selective information is extracted from the network packets collected through the one or more physical interfaces.
Abstract translation: 本发明提出一种使用该网络装置的网络装置和选择性信息监视方法,其允许用户仅从所有接收到的分组监视所需信息(分组的字段信息)。 所述网络装置与监控对象主机连接并被配置为从所述监视目标主机接收网络分组的一个或多个物理接口,以及包括配置为执行过滤的可配置监视模块的交换结构模块,从而从所述网络分组中提取出选择性信息 通过一个或多个物理接口收集。
-
公开(公告)号:US20150365378A1
公开(公告)日:2015-12-17
申请号:US14726496
申请日:2015-05-30
Inventor: Dongwook KIM , Byunggil MIN , Yeop JANG , Woonyon KIM , Jungtaek SEO
IPC: H04L29/06 , H04L12/823 , H04L29/08 , H04L29/12
CPC classification number: H04L63/0245 , H04L47/193 , H04L47/323 , H04L61/6022 , H04L61/6063 , H04L63/0209 , H04L63/0281 , H04L63/101 , H04L63/105 , H04L63/1408 , H04L67/14 , H04L69/163
Abstract: A one-way data transmission and reception system and method, which mitigate the problem of a buffer overflow that may occur on a reception system while also mitigating the problem of data loss caused by a link error that may occur in the unidirectional line of a physical one-way data transmission system. The one-way data transmission system includes a first interface unit connected to a first network. A second interface unit is unidirectionally connected to a reception system connected to a second network. An interface integration module unit transmits a delayed Transmission Control Protocol (TCP) Acknowledgement (ACK) frame to a TCP session established with a device of the first network unit through the first interface unit, and transmits one or more identical data frames to the reception system through the second interface unit.
Abstract translation: 一种单向数据发送和接收系统和方法,其减轻可能在接收系统上发生的缓冲器溢出的问题,同时还减轻了可能在物理的单向线路中发生的链路错误引起的数据丢失的问题 单向数据传输系统。 单向数据传输系统包括连接到第一网络的第一接口单元。 第二接口单元被单向连接到连接到第二网络的接收系统。 接口集成模块单元通过第一接口单元向与第一网络单元的设备建立的TCP会话发送延迟的传输控制协议(TCP)确认(ACK)帧,并且向接收系统发送一个或多个相同的数据帧 通过第二接口单元。
-
9.发明申请METHOD FOR TRANSMITTING AND RECEIVING FAKE COMMUNICATION DATA AND BASE STATION PERFORMING THE SAME 审中-公开用于发送和接收假想通信数据的方法以及执行该通信数据的基站公开(公告)号:US20150350889A1
公开(公告)日:2015-12-03
申请号:US14475725
申请日:2014-09-03
Inventor: Sungho JEON , Jeong-Han YUN , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
IPC: H04W12/02
CPC classification number: H04W12/02 , H04L63/04 , H04L63/1491 , H04W12/1208
Abstract: A method for transmitting and receiving fake communication data and a base station performing the same are provided. The base station transmits the fake communication data based on a step of selecting targets to and from which the fake communication data are to be transmitted and received among terminals positioned in a set region, a step of controlling a communication amount depending on the selected targets, and a step of transferring the fake communication data to a corresponding terminal depending on a control result or receives the fake communication data through a step of receiving data from a terminal including a fake communication application, a step of confirming whether an identification value meaning fake communication is present in the data, and a step of filtering a traffic with the terminal in the case in which the identification value is present in the data.
Abstract translation: 提供了一种用于发送和接收假通信数据的方法以及执行该通信数据的基站。 基站基于在位于设定区域的终端中选择要发送和接收假通信数据的目标的步骤来发送假通信数据,根据所选择的目标来控制通信量的步骤, 以及根据控制结果将假通信数据传送到对应终端的步骤,或者通过从包括假通信应用的终端接收数据的步骤接收假通信数据的步骤,确认是否有意图假通信的识别值 存在于数据中,并且在数据中存在识别值的情况下,与终端进行流量过滤的步骤。
-
公开(公告)号:US20150261810A1
公开(公告)日:2015-09-17
申请号:US14561783
申请日:2014-12-05
Inventor: Kyoung-Ho KIM , Jeong-Han YUN , Heemin KIM , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
CPC classification number: G06F21/6218 , H04L63/10 , H04L63/12
Abstract: A data transfer apparatus and method, which fundamentally prevent the possibility of intrusion from an external network into an internal network that provides files, thus enabling data to be reliability transferred in a situation in which information cannot be exchanged. The data transfer apparatus includes an internal network connection unit for receiving data from a host of an internal network. An internal network control unit for performing control such that the data is unidirectionally transmitted. A write control unit checks integrity of the data received from the internal network control unit and detects status of the storage unit. An external network connection unit receives a request from a host of an external network. A read/write control unit searches for, reads, and deletes data stored in the storage unit at a request of the external network host.
Abstract translation: 一种从根本上防止从外部网络入侵提供文件的内部网络的可能性的数据传送装置和方法,从而使得在不能交换信息的情况下使数据可靠地传送。 数据传送装置包括用于从内部网络的主机接收数据的内部网络连接单元。 一个内部网络控制单元,用于执行控制使得数据被单向发送。 写入控制单元检查从内部网络控制单元接收到的数据的完整性并检测存储单元的状态。 外部网络连接单元从外部网络的主机接收请求。 读/写控制单元根据外部网络主机的请求搜索,读取和删除存储在存储单元中的数据。
-
-
-
-
-
-
-
-
-
Search Results
15
records
(took 0.017 seconds)
