公开(公告)号：US11783034B2

公开(公告)日：2023-10-10

申请号：US17100541

申请日：2020-11-20

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung-Tae Kim ,  Ji-Hyeon Song ,  Ik-Kyun Kim ,  Young-Su Kim ,  Jong-Hyun Kim ,  Jong-Geun Park ,  Sang-Min Lee ,  Jong-Hoon Lee

IPC: G06F21/56 ,  G06N5/04 ,  G06N20/00

CPC classification number: G06F21/563 ,  G06N5/04 ,  G06N20/00 ,  G06F2221/033

Abstract: Disclosed herein are an apparatus and method for detecting a malicious script. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to extract token-type features, each of which corresponds to a lexical unit, and tree-node-type features of an abstract syntax tree from an input script, to train two learning models to respectively learn two pieces of learning data that are generated in consideration of features extracted respectively from the token-type features and the node-type features as having the highest frequency, and to detect whether the script is a malicious script based on the result of ensemble-based malicious script detection performed for the script, which is acquired using an ensemble detection model generated from the two learning models.

公开(公告)号：US10805319B2

公开(公告)日：2020-10-13

申请号：US15807425

申请日：2017-11-08

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jung-Tae Kim ,  Ik-Kyun Kim ,  Koo-Hong Kang

IPC: H04L29/06 ,  H04L12/721 ,  H04L12/733 ,  H04L12/751

Abstract: Disclosed herein are a stepping-stone detection apparatus and method. The stepping-stone detection apparatus includes a target connection information reception unit for receiving information about a target connection from an intrusion detection system (IDS), a fingerprint generation unit for generating a target connection fingerprint based on the information about the target connection, and generating one or more candidate connection fingerprints using information about one or more candidate connections corresponding to one or more flow information collectors, and a stepping-stone detection unit for detecting a stepping stone by comparing the target connection fingerprint, in which a maximum allowable delay time is reflected, with the candidate connection fingerprints.

公开(公告)号：US10523697B2

公开(公告)日：2019-12-31

申请号：US15823209

申请日：2017-11-27

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jong-Hoon Lee ,  Ik-Kyun Kim

IPC: H04L29/06

Abstract: Disclosed is a method for detecting a cyberthreat through correlation analysis of security events, which includes extracting a false-positive data set by extracting, from source data, information about security events occurring during a predetermined time period based on a time at which erroneous detection occurred; extracting a true-positive data set by extracting, from the source data, information about security events occurring during the predetermined time period based on a time at which an intrusion threat was correctly detected; extracting a current data set by extracting information about security events occurring during the predetermined time period from data to be analyzed; generating event coincidence statistics by extracting a frequency of each security event in the respective data sets and by compiling statistics thereon; generating an event vector based on the event coincidence statistics; and performing intrusion threat detection through a vector space model based on the event vector.

公开(公告)号：US10509796B2

公开(公告)日：2019-12-17

申请号：US15860828

申请日：2018-01-03

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyun-Joo Kim ,  Jong-Hyun Kim ,  Ik-Kyun Kim

IPC: G06F16/248 ,  G06F8/34 ,  G06K9/62 ,  G06F16/2458

Abstract: An apparatus and method for visualizing data. The apparatus for visualizing data includes a behavior information collection unit for executing an application from which information is to be collected and collecting behavior information from a process of the executed application, a behavior feature extraction unit for extracting behavior features in an order in which the behavior information is called, a behavior sequence generation unit for generating a behavior sequence by arranging the behavior features in chronological order, and a behavior sequence visualization unit for visualizing the behavior sequence as a 3D sequence object.

公开(公告)号：US10404782B2

公开(公告)日：2019-09-03

申请号：US15331436

申请日：2016-10-21

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Yang-Seo Choi ,  Jong-Hyun Kim ,  Joo-Young Lee ,  Sun-Oh Choi ,  Ik-Kyun Kim ,  Dae-Sung Moon

IPC: H04L12/26 ,  H04L29/08 ,  H04L12/851 ,  H04L12/861

Abstract: Disclosed are an apparatus and method for reconstructing a transmitted file with high performance in real time, which select analysis target packets for reconstruction by first checking using hardware whether data file-related information is present in packets transmitted via large-capacity traffic over a broadband network, and which reconstruct a file in real time only from the selected analysis target packets. The file reconstruction apparatus for reconstructing a data file from packets on a network includes a packet monitoring unit for extracting packets on the network, a collected packet selection unit for determining whether, for the extracted packets, each packet is a reconstruction target based on flow information, and selecting a reconstruction target packet, and a file reconstruction unit for performing file reconstruction by extracting data from the reconstruction target packet and by storing the extracted data as data of a reconstructed file in a relevant flow.