公开(公告)号：US08800037B2

公开(公告)日：2014-08-05

申请号：US13320263

申请日：2010-06-22

申请人： Seung Hyun Paek ,  In Sung Park ,  Eun Young Lee ,  Joo Beom Yun ,  Ki Wook Sohn ,  Seok Jin Choi

发明人： Seung Hyun Paek ,  In Sung Park ,  Eun Young Lee ,  Joo Beom Yun ,  Ki Wook Sohn ,  Seok Jin Choi

IPC分类号： G06F11/00 ,  H04L29/06 ,  G06F21/55 ,  G06F21/57

CPC分类号： G06F21/577 ,  G06F21/552 ,  G06F2221/0775 ,  G06F2221/2129 ,  G06F2221/2145 ,  G06F2221/2151 ,  H04L63/1416

摘要： A system for an engine for forecasting cyber threats and a method enabling the forecast of a low-level cyber threat and the forecast of a high-level cyber threat using the low-level cyber threat in a hierarchical structure of cyber threats are provided. The system includes a forecast information database which stores forecast information including cyber threat forecast items, a forecast schedule related to the items, forecast simulation information, forecast item hierarchical structure information, time series data on cyber threats, and sample data on cyber threats; a forecast engine core subsystem which forecasts the levels of threats for the cyber threat forecast items having a hierarchical structure using the forecast information stored in the forecast information database; and a forecast engine control interface which receives control commands for the forecast engine core subsystem from a user or external system, and delivers the received control commands to the forecast engine core subsystem.

摘要翻译： 提供了一种用于预测网络威胁的引擎系统，并提供了一种能够预测低级网络威胁的方法，并使用网络威胁分层结构中的低级网络威胁来预测高级网络威胁。 该系统包括一个预测信息数据库，存储预测信息，包括网络威胁预测项目，与项目有关的预测进度，预测模拟信息，预测项目分层结构信息，网络威胁时间序列数据和网络威胁示例数据; 预测引擎核心子系统，使用存储在预测信息数据库中的预测信息来预测具有分级结构的网络威胁预测项目的威胁级别; 以及预测引擎控制接口，其从用户或外部系统接收用于预测引擎核心子系统的控制命令，并将接收的控制命令传递到预测引擎核心子系统。

公开(公告)号：US20090138590A1

公开(公告)日：2009-05-28

申请号：US12103266

申请日：2008-04-15

申请人： Eun Young LEE ,  Seung Hyun PAEK ,  In Sung PARK ,  Joo Beom YUN ,  Ki Wook SOHN

发明人： Eun Young LEE ,  Seung Hyun PAEK ,  In Sung PARK ,  Joo Beom YUN ,  Ki Wook SOHN

IPC分类号： G06F15/173

CPC分类号： H04L63/1425 ,  H04L43/045

摘要： An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.

摘要翻译： 提供了一种用于检测异常流量的装置和方法。 更具体地，提供了一种用于基于网络流量熵来检测异常业务的装置和方法。 检测异常流量的装置包括：熵抽取模块，用于从网络流量提取熵; 用于基于所述熵产生熵图的可视化模块; 用于基于熵图更新每个网络攻击的图形模型的图形模型体验模块; 以及用于根据每个网络攻击的熵图和图形模型检测异常流量的异常流量检测模块，并将检测结果输出给用户。 在装置和方法中，基于网络熵而不是基于业务量的简单统计来检测异常业务，从而可以减少用于检测异常业务的装置的误报率。

公开(公告)号：US08839440B2

公开(公告)日：2014-09-16

申请号：US12103069

申请日：2008-04-15

申请人： JooBeom Yun ,  Seung-Hyun Paek ,  InSung Park ,  Eun Young Lee ,  Ki Wook Sohn

发明人： JooBeom Yun ,  Seung-Hyun Paek ,  InSung Park ,  Eun Young Lee ,  Ki Wook Sohn

IPC分类号： G06F21/00

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.

摘要翻译： 提供了一种用于预测网络的安全威胁级别的装置和方法。 该装置包括：安全数据收集单元，用于收集从外部网络发送到被管理网络的流量数据和入侵检测数据; 用于收集从安全企业网络发送的恶意代码数据的恶意代码数据收集单元; 时间序列数据变换单元，用于将由安全数据收集单元收集的数据变换为时间序列数据; 网络流量分析单元，用于使用由所述安全数据收集单元收集的数据来分析所述被管理网络的流量分布; 以及用于使用由时间数据变换单元获得的时间序列数据，由网络流量分析单元分析的数据和由恶意代码数据收集单元收集的数据来预测托管网络的安全数据的安全预测引擎。

公开(公告)号：US08590016B2

公开(公告)日：2013-11-19

申请号：US12106571

申请日：2008-04-21

申请人： Won Ho Kim ,  Jung Hwan Moon ,  Ki Wook Sohn

发明人： Won Ho Kim ,  Jung Hwan Moon ,  Ki Wook Sohn

IPC分类号： H04L29/06

CPC分类号： G06F21/568 ,  H04L51/00 ,  H04L63/145

摘要： Provided are an apparatus and method for safely removing a malicious code from a file, or reporting the probable presence of a malicious code when it cannot be removed safely.The method includes: determining whether a file is a document or image file; opening and saving the document file as a new file by using an application associated with the document file to remove a malicious code from the document file, when it is determined that the file is the document file; and converting the image file into a different file format from a present file format and saving the converted image file to remove a malicious code from the image file, when it is determined that the file is the image file.

摘要翻译： 提供了一种用于从文件安全地去除恶意代码或者当不能安全地去除恶意代码时可能存在恶意代码的装置和方法。 该方法包括：确定文件是文档还是图像文件; 当确定文件是文档文件时，通过使用与文档文件相关联的应用程序将文档文件作为新文件打开并保存为从文档文件中删除恶意代码; 并且当确定文件是图像文件时，将图像文件从当前文件格式转换成不同的文件格式并保存转换的图像文件以从图像文件中去除恶意代码。

公开(公告)号：US08584101B2

公开(公告)日：2013-11-12

申请号：US12270897

申请日：2008-11-14

申请人： Jung Hwan Moon ,  Won Ho Kim ,  Ki Wook Sohn

发明人： Jung Hwan Moon ,  Won Ho Kim ,  Ki Wook Sohn

IPC分类号： G06F9/44

CPC分类号： G06F11/3612 ,  G06F21/53

摘要： Provided is an apparatus and method for automatically analyzing a program in order to detect window malicious codes that are programmed to perform malicious behaviors when a specific event occurs, when the specific event does not occur, when a specific program execution condition is satisfied, and when the specific program execution condition is not satisfied.

摘要翻译： 提供了一种用于自动分析程序的装置和方法，以便当特定事件发生时，当特定事件不发生时，当满足特定程序执行条件时，检测被编程为执行恶意行为的窗口恶意代码，以及何时 具体程序执行条件不满足。

公开(公告)号：US20090150419A1

公开(公告)日：2009-06-11

申请号：US12106571

申请日：2008-04-21

申请人： Won Ho Kim ,  Jung Hwan Moon ,  Ki Wook Sohn

发明人： Won Ho Kim ,  Jung Hwan Moon ,  Ki Wook Sohn

IPC分类号： G06F7/00

CPC分类号： G06F21/568 ,  H04L51/00 ,  H04L63/145

摘要： Provided are an apparatus and method for safely removing a malicious code from a file, or reporting the probable presence of a malicious code when it cannot be removed safely.The method includes: determining whether a file is a document or image file; opening and saving the document file as a new file by using an application associated with the document file to remove a malicious code from the document file, when it is determined that the file is the document file; and converting the image file into a different file format from a present file format and saving the converted image file to remove a malicious code from the image file, when it is determined that the file is the image file.

摘要翻译： 提供了一种用于从文件安全地去除恶意代码或者当不能安全地去除恶意代码时可能存在恶意代码的装置和方法。 该方法包括：确定文件是文档还是图像文件; 当确定文件是文档文件时，通过使用与文档文件相关联的应用程序将文档文件作为新文件打开并保存为从文档文件中删除恶意代码; 并且当确定文件是图像文件时，将图像文件从当前文件格式转换成不同的文件格式并保存转换的图像文件以从图像文件中去除恶意代码。

公开(公告)号：US20090126023A1

公开(公告)日：2009-05-14

申请号：US12103069

申请日：2008-04-15

申请人： JooBeom YUN ,  Seung-Hyun PAEK ,  InSung PARK ,  Eun Young LEE ,  Ki Wook SOHN

发明人： JooBeom YUN ,  Seung-Hyun PAEK ,  InSung PARK ,  Eun Young LEE ,  Ki Wook SOHN

IPC分类号： G06F21/00

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.

摘要翻译： 提供了一种用于预测网络的安全威胁级别的装置和方法。 该装置包括：安全数据收集单元，用于收集从外部网络发送到被管理网络的流量数据和入侵检测数据; 用于收集从安全企业网络发送的恶意代码数据的恶意代码数据收集单元; 时间序列数据变换单元，用于将由安全数据收集单元收集的数据变换为时间序列数据; 网络流量分析单元，用于使用由所述安全数据收集单元收集的数据来分析所述被管理网络的流量分布; 以及用于使用由时间数据变换单元获得的时间序列数据，由网络流量分析单元分析的数据和由恶意代码数据收集单元收集的数据来预测托管网络的安全数据的安全预测引擎。

公开(公告)号：US20140020067A1

公开(公告)日：2014-01-16

申请号：US13607762

申请日：2012-09-09

申请人： Deok-Jin KIM ,  Byoung-Jin HAN ,  Chul-Woo LEE ,  Man-Hee LEE ,  Byung-Chul BAE ,  Hyung-Geun OH ,  Ki-Wook SOHN

发明人： Deok-Jin KIM ,  Byoung-Jin HAN ,  Chul-Woo LEE ,  Man-Hee LEE ,  Byung-Chul BAE ,  Hyung-Geun OH ,  Ki-Wook SOHN

IPC分类号： G06F21/00

CPC分类号： H04L63/0861 ,  G06F2221/2133

摘要： An apparatus and method for controlling traffic based on a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) are provided. The traffic control apparatus includes a traffic monitoring unit, a CAPTCHA verification unit, a list management unit, and a traffic control unit. The traffic monitoring unit monitors a packet between an internal network and an external network. The CAPTCHA verification unit, if packet information is not present in an access control list, sends a CAPTCHA request message to a client computer, receives a CAPTCHA response message, and verifies the CAPTCHA response message. The list management unit, if the packet information is present in the access control list, detects an access control policy corresponding to the packet information in the access control list. The traffic control unit controls traffic based the verification of the CAPTCHA response message and the control policy.

摘要翻译： 提供了一种基于全自动公共图灵测试来控制流量的装置和方法，用于告知计算机和人体（CAPTCHA）。 交通控制装置包括交通监控单元，人机验证验证单元，列表管理单元和交通控制单元。 流量监控单元监视内部网络和外部网络之间的数据包。 如果访问控制列表中不存在分组信息，则CAPTCHA验证单元向客户端计算机发送CAPTCHA请求消息，接收到CAPTCHA响应消息，并验证CAPTCHA响应消息。 列表管理单元，如果分组信息存在于访问控制列表中，则检测与访问控制列表中的分组信息相对应的访问控制策略。 流量控制单元根据CAPTCHA响应消息和控制策略的验证来控制流量。

公开(公告)号：US20140013389A1

公开(公告)日：2014-01-09

申请号：US13615942

申请日：2012-09-14

申请人： Byoung-Jin HAN ,  Deok-Jin KIM ,  Chul-Woo LEE ,  Man-Hee LEE ,  Byung-Chul BAE ,  Hyung-Geun OH ,  Ki-Wook SOHN

发明人： Byoung-Jin HAN ,  Deok-Jin KIM ,  Chul-Woo LEE ,  Man-Hee LEE ,  Byung-Chul BAE ,  Hyung-Geun OH ,  Ki-Wook SOHN

IPC分类号： G06F21/20

CPC分类号： H04L63/10 ,  G06F21/36 ,  G06F21/556 ,  G06F21/74 ,  G06F2221/2133 ,  H04L63/1408

摘要： A communication blocking control method includes receiving a communication blocking request from a terminal in an idle state in which it is difficult to find out whether information is leaked or not; registering a state of the terminal in a communication blocked list according to the communication blocking request; and blocking external communication of the terminal through a network.

摘要翻译： 通信阻断控制方法包括从空闲状态的终端接收通信阻塞请求，其中难以发现信息是否泄漏; 根据通信阻塞请求，在通信阻塞列表中注册终端的状态; 并通过网络阻止终端的外部通信。

公开(公告)号：US20110271343A1

公开(公告)日：2011-11-03

申请号：US12985252

申请日：2011-01-05

申请人： Yo Sik Kim ,  Sang Kyun Noh ,  Yoon Jung Chung ,  Dong Soo Kim ,  Won Ho Kim ,  Yu Jung Han ,  Young Tae Yun ,  Ki Wook Sohn ,  Cheol Won Lee

发明人： Yo Sik Kim ,  Sang Kyun Noh ,  Yoon Jung Chung ,  Dong Soo Kim ,  Won Ho Kim ,  Yu Jung Han ,  Young Tae Yun ,  Ki Wook Sohn ,  Cheol Won Lee

IPC分类号： G06F21/00

CPC分类号： G06F21/566

摘要： Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.

摘要翻译： 提供了一种用于检测插入到伪装的正常进程中的恶意代码的装置，系统和方法。 该装置包括恶意代码检测模块，用于提取由计算机系统上运行的进程生成的线程的信息，以识别与该线程相关的代码，初步确定所识别的代码是否是恶意的，并提取初步确定为恶意的代码 ; 以及强制恶意代码终止模块，用于基于在虚拟环境中执行的提取的代码的行为的分析结果，最终将代码确定为恶意代码，并强制终止代码的执行。