公开(公告)号：US08530749B2

公开(公告)日：2013-09-10

申请号：US12810511

申请日：2008-12-23

申请人： Jong Ho Ryu ,  Chang Yol Yang ,  Joung Ah Kang

发明人： Jong Ho Ryu ,  Chang Yol Yang ,  Joung Ah Kang

IPC分类号： H05K1/03 ,  H05K1/09

CPC分类号： H05K3/025 ,  B32B15/01 ,  C22C9/00 ,  C22C19/03 ,  C22C27/04 ,  C25D1/04 ,  C25D5/12 ,  H05K2203/0152 ,  H05K2203/0264

摘要： Provided is an ultra-thin copper foil to which a carrier foil is attached, including: a carrier foil, a peeling layer, and an ultra-thin copper foil, wherein the peeling layer includes a first metal A having peelability, a second metal B and a third metal C facilitating coating of the first metal, wherein the amount (a) of the first metal A is in a range of about 30 to about 89% by total weight of the peeling layer, the amount (b) of the second metal B is in a range of about 10 to about 60% by total weight of the peeling layer, and the amount (c) of the third metal C is in a range of about 1 to about 20% by total weight of the peeling layer.

摘要翻译： 本发明提供一种载体箔附着的超薄铜箔，其具有：载体箔，剥离层，超薄铜箔，其中，所述剥离层包括具有剥离性的第一金属A，第二金属B 以及促进所述第一金属的第三金属C，其中所述第一金属A的量（a）在所述剥离层的总重量的范围内在约30至约89％的范围内，所述第二金属的量（b） 金属B的剥离层总重量约为10〜60％，第3金属C的含量（c）为剥离层总重量的1〜20质量％ 。

公开(公告)号：US20110016208A1

公开(公告)日：2011-01-20

申请号：US12667130

申请日：2007-11-19

申请人： Chi Yoon Jeong ,  Beom Hwan Chang ,  Seon Gyoung Sohn ,  Geon Lyang Kim ,  Jong Hyun Kim ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Chi Yoon Jeong ,  Beom Hwan Chang ,  Seon Gyoung Sohn ,  Geon Lyang Kim ,  Jong Hyun Kim ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F15/173

CPC分类号： H04L63/1416 ,  G06Q10/06

摘要： There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

摘要翻译： 提供了一种基于安全事件的内容对安全事件进行采样的装置和方法，该装置包括：安全事件累积模块，其收集网络系统中发生的安全事件，并根据所述安全事件的内容存储每种类型的安全事件 安全事件; 安全事件分析模块，通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。 该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

公开(公告)号：US08307441B2

公开(公告)日：2012-11-06

申请号：US12669633

申请日：2007-11-21

申请人： Jong Hyun Kim ,  Geon Lyang Kim ,  Seon Gyoung Sohn ,  Beom Hwan Chang ,  Chi Yoon Jeong ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Jong Hyun Kim ,  Geon Lyang Kim ,  Seon Gyoung Sohn ,  Beom Hwan Chang ,  Chi Yoon Jeong ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/34

CPC分类号： H04L45/00 ,  H04L45/12 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

摘要： There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack.

摘要翻译： 提供了一种通过使用质心分解技术跟踪攻击者的系统和方法，该系统包括：日志数据输入模块，从入侵检测系统收集入侵警报的日志数据; 质心节点检测模块，通过对网络管理服务器收集的网络路由器连接信息应用最短路径算法，生成最短路径树，通过应用质心分解技术检测质心节点，去除叶节点到最短路径树，并生成 每个级别的节点是检测到的质心节点的质心树; 以及回溯处理模块，请求与质心树的每个级别的节点匹配的路由器的日志数据，并且通过比较来跟踪与收集的入侵警报器的日志数据相同的路由器作为连接到攻击者的源的路由器 路由器的日志数据与收集的入侵报警的日志数据。 根据系统和方法，可以快速地检测到导致安全入侵事件的攻击者，系统上的负载减少，并且易于识别暴露于危险或具有弱点的通道主机，从而容易地应对攻击。

公开(公告)号：US08014310B2

公开(公告)日：2011-09-06

申请号：US12516494

申请日：2007-08-23

申请人： Beom-Hwan Chang ,  Chi-Yoon Jeong ,  Seon-Gyoung Sohn ,  Soo-Hyung Lee ,  Hyo-Chan Bang ,  Geon-Lyang Kim ,  Hyun-Joo Kim ,  Won-Joo Park ,  Jong-Ho Ryu ,  Jong-Hyun Kim ,  Jong-Soo Jang ,  Sung-Won Sohn ,  Jung-Chan Na

发明人： Beom-Hwan Chang ,  Chi-Yoon Jeong ,  Seon-Gyoung Sohn ,  Soo-Hyung Lee ,  Hyo-Chan Bang ,  Geon-Lyang Kim ,  Hyun-Joo Kim ,  Won-Joo Park ,  Jong-Ho Ryu ,  Jong-Hyun Kim ,  Jong-Soo Jang ,  Sung-Won Sohn ,  Jung-Chan Na

IPC分类号： H04L12/26

CPC分类号： H04L63/1441 ,  H04L63/20

摘要： An apparatus and method for visualizing a network condition related to a network security are provided. The apparatus includes a traffic feature extracting unit, a network condition displaying unit, and a traffic abnormal condition determining unit. The traffic feature extracting unit extracts information including source address, source port, destination address, and destination port from network traffics, selects two of the extracted information, and calculates unique dispersion degrees of two unselected information. The network condition displaying unit displays a two-dimensional cube expressed using the calculated unique dispersion degrees for the classified traffics. The traffic abnormal condition determining unit determines whether the traffics are in an abnormal condition or not based on the two-dimensional security cube.

摘要翻译： 提供了一种用于可视化与网络安全相关的网络条件的装置和方法。 该装置包括交通特征提取单元，网络状态显示单元和交通异常状况判定单元。 流量特征提取单元从网络流量提取包括源地址，源端口，目的地址和目的地端口的信息，选择两个提取的信息，并计算两个未选择信息的唯一色散度。 网络条件显示单元显示使用所计算的分类业务的唯一色散度表示的二维立方体。 交通异常判定单元基于二维安全立方体来判定是否处于异常状态。

公开(公告)号：US20100212013A1

公开(公告)日：2010-08-19

申请号：US12669633

申请日：2007-11-21

申请人： Jong Hyun Kim ,  Geon Lyang Kim ,  Seon Gyoung Sohn ,  Beom Hwan Chang ,  Chi Yoon Jeong ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Jong Hyun Kim ,  Geon Lyang Kim ,  Seon Gyoung Sohn ,  Beom Hwan Chang ,  Chi Yoon Jeong ,  Jong Ho Ryu ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/34

CPC分类号： H04L45/00 ,  H04L45/12 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

摘要： There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack.

摘要翻译： 提供了一种通过使用质心分解技术跟踪攻击者的系统和方法，该系统包括：日志数据输入模块，从入侵检测系统收集入侵警报的日志数据; 质心节点检测模块，通过对网络管理服务器收集的网络路由器连接信息应用最短路径算法，生成最短路径树，通过应用质心分解技术检测质心节点，去除叶节点到最短路径树，并生成 每个级别的节点是检测到的质心节点的质心树; 以及回溯处理模块，请求与质心树的每个级别的节点匹配的路由器的日志数据，并且通过比较来跟踪与收集的入侵警报器的日志数据相同的路由器作为连接到攻击者的源的路由器 路由器的日志数据与收集的入侵报警的日志数据。 根据系统和方法，可以快速地检测到导致安全入侵事件的攻击者，系统上的负载减少，并且易于识别暴露于危险或具有弱点的通道主机，从而容易地应对攻击。

公开(公告)号：US20100067391A1

公开(公告)日：2010-03-18

申请号：US12516494

申请日：2007-08-23

申请人： Beom-Hwan Chang ,  Chi-Yoon Jeong ,  Seon-Gyoung Sohn ,  Soo-Hyung Lee ,  Hyo-Chan Bang ,  Geon-Lyang Kim ,  Hyun-Joo Kim ,  Won-Joo Park ,  Jong-Ho Ryu ,  Jong-Hyun Kim ,  Jong-Soo Jang ,  Sung-Won Sohn ,  Jung-Chan Na

发明人： Beom-Hwan Chang ,  Chi-Yoon Jeong ,  Seon-Gyoung Sohn ,  Soo-Hyung Lee ,  Hyo-Chan Bang ,  Geon-Lyang Kim ,  Hyun-Joo Kim ,  Won-Joo Park ,  Jong-Ho Ryu ,  Jong-Hyun Kim ,  Jong-Soo Jang ,  Sung-Won Sohn ,  Jung-Chan Na

IPC分类号： H04L12/26

CPC分类号： H04L63/1441 ,  H04L63/20

摘要： An apparatus and method for visualizing a network condition related to a network security are provided. The apparatus includes a traffic feature extracting unit, a network condition displaying unit, and a traffic abnormal condition determining unit. The traffic feature extracting unit extracts information including source address, source port, destination address, and destination port from network traffics, selects two of the extracted information, and calculates unique dispersion degrees of two unselected information. The network condition displaying unit displays a two-dimensional cube expressed using the calculated unique dispersion degrees for the classified traffics. The traffic abnormal condition determining unit determines whether the traffics are in an abnormal condition or not based on the two-dimensional security cube.

摘要翻译： 提供了一种用于可视化与网络安全相关的网络状况的装置和方法。 该装置包括交通特征提取单元，网络状态显示单元和交通异常状况判定单元。 流量特征提取单元从网络流量提取包括源地址，源端口，目的地址和目的地端口的信息，选择两个提取的信息，并计算两个未选择信息的唯一色散度。 网络条件显示单元显示使用所计算的分类业务的唯一色散度表示的二维立方体。 交通异常判定单元基于二维安全立方体来判定是否处于异常状态。

公开(公告)号：US08341721B2

公开(公告)日：2012-12-25

申请号：US12467462

申请日：2009-05-18

申请人： Jong Hyun Kim ,  Geon Lyang Kim ,  Jong Ho Ryu ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Beom Hwan Chang ,  Jung-Chan Na ,  Hyun Sook Cho

发明人： Jong Hyun Kim ,  Geon Lyang Kim ,  Jong Ho Ryu ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Beom Hwan Chang ,  Jung-Chan Na ,  Hyun Sook Cho

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L67/22 ,  H04L63/0281 ,  H04L63/1441 ,  H04L67/2857

摘要： Provided are a web-based traceback system and method using reverse caching proxy, which can effectively protect a web server against various attacks launched by illegitimate user by acquiring network information and location information of users who attempt to access the web server through an anonymous server, without a requirement of installing any agent program in the users' clients. The web-based traceback system may include a reverse caching proxy server receiving a hypertext transfer protocol (HTTP) packet transmitted to a web server by a client, analyzing the header of the HTTP packet and determining whether the client has attempted to access the web server through an anonymous server based on the results of the analysis; and a web tracking server generating a response page for the HTTP packet upon receiving the results of the determination performed by the reverse caching proxy server, inserting a tracking code in the response page, and providing the response page to the client through the reverse caching proxy server, wherein the tracking code is automatically executed in a web browser of the client and thus provides network information of the client to the web tracking server.

摘要翻译： 提供了一种使用反向缓存代理的基于web的追溯系统和方法，可以通过获取尝试通过匿名服务器访问Web服务器的用户的网络信息和位置信息，有效地保护Web服务器免受非法用户发起的各种攻击， 而不需要在用户的客户端中安装任何代理程序。 基于web的追溯系统可以包括反向高速缓存代理服务器，其接收由客户端发送到web服务器的超文本传输​​协议（HTTP）分组，分析HTTP分组的报头并确定客户端是否尝试访问web服务器 通过匿名服务器根据分析结果; 以及网页跟踪服务器，在接收到反向高速缓存代理服务器执行的确定结果时，为HTTP分组生成响应页面，在响应页面中插入跟踪代码，并通过反向缓存代理向客户端提供响应页面 服务器，其中跟踪代码在客户端的web浏览器中自动执行，从而将该客户端的网络信息提供给web跟踪服务器。

公开(公告)号：US20100169479A1

公开(公告)日：2010-07-01

申请号：US12603010

申请日：2009-10-21

申请人： Chi Yoon JEONG ,  Beom-Hwan CHANG ,  Seon-Gyoung SOHN ,  Geon Lyang KIM ,  Jong Ho RYU ,  Jong Hyun KIM ,  Jung-Chan NA ,  Hyun Sook CHO ,  Chae Kyu KIM

发明人： Chi Yoon JEONG ,  Beom-Hwan CHANG ,  Seon-Gyoung SOHN ,  Geon Lyang KIM ,  Jong Ho RYU ,  Jong Hyun KIM ,  Jung-Chan NA ,  Hyun Sook CHO ,  Chae Kyu KIM

IPC分类号： G06F15/16

CPC分类号： H04L63/1416

摘要： Provided are an apparatus and method for extracting user information using a client-based script in which user information including the internet protocol (IP) addresses of an attacking host and an anonymous proxy server used by the attacking host can be collected using a client-based script that can be automatically executed in the web browser of the attacking host. According to the apparatus and the method, it is possible to detect the location of an attacking host without alerting the attacking host by using a script that can be automatically executed in a web browser of the attacking host without any program installation. In addition, according to the apparatus and the method, it is possible to collect the IP addresses of an attacking host and an anonymous proxy server, if any, used by the attacking host by directly connecting the attacking host and a monitoring server.

摘要翻译： 提供了一种使用基于客户端的脚本来提取用户信息的装置和方法，其中可以使用基于客户端的脚本来收集包括攻击主机的互联网协议（IP）地址和由攻击主机使用的匿名代理服务器的用户信息 脚本可以在攻击主机的Web浏览器中自动执行。 根据该装置和方法，可以通过使用可以在攻击主机的网络浏览器中自动执行的脚本，而无需任何程序安装，来检测攻击主机的位置，而不会提示攻击主机。 此外，根据该装置和方法，可以通过直接连接攻击主机和监视服务器来收集攻击主机使用的攻击主机和匿名代理服务器的IP地址（如果有的话）。

公开(公告)号：US20100100619A1

公开(公告)日：2010-04-22

申请号：US12517091

申请日：2007-10-24

申请人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

发明人： Beom Hwan Chang ,  Chi Yoon Jeong ,  Seon Gyoung Sohn ,  Soo Hyung Lee ,  Hyo Chan Bang ,  Geon Lyang Kim ,  Hyun Joo Kim ,  Won Joo Park ,  Jong Ho Ryu ,  Jong Hyun Kim ,  Jung Chan Na ,  Jong Soo Jang ,  Sung Won Sohn

IPC分类号： G06F11/32

CPC分类号： H04L41/28 ,  H04L41/0631 ,  H04L41/22 ,  H04L63/1425 ,  H04L63/20

摘要： There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed.

摘要翻译： 提供了网络安全状态可视化设备和方法，该设备包括：安全事件收集器，从网络安全设备收集原始安全事件信息; 分析安全事件收集器收集的原始安全事件信息并提取对应于安全事件的特征数据的安全事件分析器; 以及三维可视化显示单元，将由安全事件分析器提取的特征数据之间的相关性可视化为要显示的三维屏幕。

公开(公告)号：US20100030891A1

公开(公告)日：2010-02-04

申请号：US12467462

申请日：2009-05-18

申请人： Jong Hyun KIM ,  Geon Lyang KIM ,  Jong Ho RYU ,  Chi Yoon JEONG ,  Seon Gyoung SOHN ,  Beom Hwan CHANG ,  Jung-Chan NA ,  Hyun Sook CHO

发明人： Jong Hyun KIM ,  Geon Lyang KIM ,  Jong Ho RYU ,  Chi Yoon JEONG ,  Seon Gyoung SOHN ,  Beom Hwan CHANG ,  Jung-Chan NA ,  Hyun Sook CHO

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： H04L67/22 ,  H04L63/0281 ,  H04L63/1441 ,  H04L67/2857

摘要： Provided are a web-based traceback system and method using reverse caching proxy, which can effectively protect a web server against various attacks launched by illegitimate user by acquiring network information and location information of users who attempt to access the web server through an anonymous server, without a requirement of installing any agent program in the users' clients. The web-based traceback system may include a reverse caching proxy server receiving a hypertext transfer protocol (HTTP) packet transmitted to a web server by a client, analyzing the header of the HTTP packet and determining whether the client has attempted to access the web server through an anonymous server based on the results of the analysis; and a web tracking server generating a response page for the HTTP packet upon receiving the results of the determination performed by the reverse caching proxy server, inserting a tracking code in the response page, and providing the response page to the client through the reverse caching proxy server, wherein the tracking code is automatically executed in a web browser of the client and thus provides network information of the client to the web tracking server.

摘要翻译： 提供了一种使用反向缓存代理的基于web的追溯系统和方法，可以通过获取尝试通过匿名服务器访问Web服务器的用户的网络信息和位置信息，有效地保护Web服务器免受非法用户发起的各种攻击， 而不需要在用户的客户端中安装任何代理程序。 基于web的追溯系统可以包括反向高速缓存代理服务器，其接收由客户端发送到web服务器的超文本传输​​协议（HTTP）分组，分析HTTP分组的报头并确定客户端是否尝试访问web服务器 通过匿名服务器根据分析结果; 以及网页跟踪服务器，在接收到反向高速缓存代理服务器执行的确定结果时，为HTTP分组生成响应页面，在响应页面中插入跟踪代码，并通过反向缓存代理向客户端提供响应页面 服务器，其中跟踪代码在客户端的web浏览器中自动执行，从而将该客户端的网络信息提供给web跟踪服务器。