公开(公告)号：US20150222689A1

公开(公告)日：2015-08-06

申请号：US14471816

申请日：2014-08-28

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： YuJeong HAN ,  Dong Su NAM ,  HyungGeun OH ,  Kiwook SOHN

IPC: H04L29/08

CPC classification number: H04L67/146 ,  H04L63/14

Abstract: An apparatus and method for processing packets are disclosed. The apparatus for processing packets includes a session processing unit, a parallel processing unit, and a storage unit. The session processing unit divides a packet group, including a plurality of HTTP packets, into a plurality of session files, and then distributes the session files. The parallel processing unit generates metadata and extracts content from each of the distributed session files based on the plurality of session files. The storage unit stores the metadata generated by the parallel processing unit and the content extracted by the parallel processing unit.

Abstract translation: 公开了一种用于处理分组的装置和方法。 用于处理分组的装置包括会话处理单元，并行处理单元和存储单元。 会话处理单元将包括多个HTTP分组的分组组分割成多个会话文件，然后分发会话文件。 并行处理单元基于多个会话文件生成元数据并从每个分布式会话文件中提取内容。 存储单元存储由并行处理单元生成的元数据和由并行处理单元提取的内容。

公开(公告)号：US20140351643A1

公开(公告)日：2014-11-27

申请号：US14087925

申请日：2013-11-22

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jaehun LEE ,  Yosik KIM ,  Eunyoung KIM ,  Jinmo PARK ,  Youngtae YUN ,  Kiwook SOHN

IPC: G06F11/22

CPC classification number: G06F11/3668 ,  G06F11/3676 ,  G06F11/3688 ,  G06F21/577

Abstract: The present invention relates to a smart terminal fuzzing apparatus and method using a multi-node structure. The smart terminal fuzzing apparatus includes a fuzzing command management unit for managing fuzzing instructions corresponding to performance of fuzzing. An algorithm management unit creates fuzzing commands based on the fuzzing instructions, and distributes the fuzzing commands to a plurality of fuzzing nodes connected to a fuzzing client depending on a distribution algorithm. A fuzzing client management unit performs control such that fuzzing is performed by the plurality of fuzzing nodes in compliance with the fuzzing commands through the fuzzing client. A log management unit receives results of performance of fuzzing from the plurality of fuzzing nodes and manages the fuzzing results.

Abstract translation: 本发明涉及一种使用多节点结构的智能终端模糊装置和方法。 智能终端模糊装置包括用于管理与模糊性能相对应的模糊指令的模糊命令管理单元。 算法管理单元基于模糊指令创建模糊命令，并根据分布算法将模糊命令分配到连接到模糊客户端的多个模糊节点。 模糊客户管理单元执行控制，使得通过模糊客户端遵循模糊命令，由多个模糊节点执行模糊化。 日志管理单元从多个模糊节点接收模糊的性能结果，并管理模糊结果。

公开(公告)号：US20150067868A1

公开(公告)日：2015-03-05

申请号：US14337306

申请日：2014-07-22

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Dong-Phil KIM ,  Jun-Young CHOI ,  Tae-Hyung KIM ,  Ji-Eun LEE ,  Hyung-Geun OH ,  Kiwook SOHN

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034 ,  H04L63/00 ,  H04W4/00

Abstract: An apparatus and method for manifesting an event to verify the security of a mobile application are provided. The apparatus for manifesting an event to verify the security of a mobile application includes a tester application production unit, a tester application execution unit, and a tester application daemon execution unit. The tester application production unit produces a tester application for testing an application to be tested based on application information which is extracted from the application to be tested. The tester application execution unit executes the application to be tested by manifesting an event included in the extracted application information, and extracts a user view object output to a screen of a smart device when the application to be tested is executed. The tester application daemon execution unit generates a touch event based on the extracted user view object, and performs a screen change.

Abstract translation: 提供了用于显示事件以验证移动应用的安全性的装置和方法。 用于显示用于验证移动应用的安全性的事件的装置包括测试者应用程序生产单元，测试者应用程序执行单元和测试应用程序守护程序执行单元。 测试者应用程序生产单元根据从被测试应用程序提取的应用程序信息生成测试应用程序，以测试要测试的应用程序。 测试者应用程序执行单元通过显示提取的应用程序信息中包含的事件来执行要测试的应用程序，并且当执行要测试的应用程序时，提取输出到智能设备的屏幕的用户视图对象。 测试者应用程序守护程序执行单元基于所提取的用户视图对象生成触摸事件，并且执行画面改变。

公开(公告)号：US20140109105A1

公开(公告)日：2014-04-17

申请号：US14053655

申请日：2013-10-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Junghee LEE ,  Sungryoul LEE ,  Deokjin KIM ,  Young Han CHOI ,  Byungchul BAE ,  HyungGeun OH ,  Kiwook SOHN ,  KyoungSoo PARK ,  Yung YI ,  Jihyung LEE ,  Sangwoo MOON

IPC: G06F9/50

CPC classification number: G06F9/505 ,  G06F9/5027 ,  G06F21/554 ,  G06F21/85 ,  H04L63/1416

Abstract: An intrusion detection apparatus and method using a load balancer responsive to traffic conditions between a central processing unit (CPU) and a graphics processing unit (GPU) are provided. The intrusion detection apparatus includes a packet acquisition unit, a character string check task allocation unit, a CPU character string check unit, and a GPU character string check unit. The packet acquisition unit receives packets, and stores the packets in a single task queue. The character string check task allocation unit determines the number of packets in the packet acquisition unit, and allocates character string check tasks to the CPU or the GPU. The CPU character string check unit compares the character strings of the packets with a character string defined in at least one detection rule inside the CPU. The GPU character string check unit compares the character strings of the packets with the character string inside the GPU.

Abstract translation: 提供了一种响应于中央处理单元（CPU）和图形处理单元（GPU）之间的交通状况的负载平衡器的入侵检测装置和方法。 入侵检测装置包括分组获取单元，字符串检查任务分配单元，CPU字符串检查单元和GPU字符串检查单元。 分组获取单元接收分组，并将分组存储在单个任务队列中。 字符串检查任务分配单元确定分组获取单元中的分组数量，并将字符串检查任务分配给CPU或GPU。 CPU字符串检查单元将分组的字符串与在CPU内的至少一个检测规则中定义的字符串进行比较。 GPU字符串检查单元将数据包的字符串与GPU内的字符串进行比较。

公开(公告)号：US20160197957A1

公开(公告)日：2016-07-07

申请号：US14909580

申请日：2014-07-14

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jaesung LEE ,  Yujeong HAN ,  Byungchul BAE ,  HyungGeun OH ,  Kiwook SOHN

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/1416

Abstract: The present invention relates to an apparatus and method that check similarity between intrusion detection rules used by an Intrusion Detection System. The apparatus for measuring similarity between intrusion detection rules includes a normalization unit for modifying a plurality of detection rules in a predetermined form, a division unit for dividing each of detection rules among a plurality of modified detection rules into a detection rule header and a detection rule option, a relationship operation unit for determining an inclusion relationship between a detection rule headers, and determining an inclusion relationship between a detection rule options, and a similarity measurement unit for measuring similarity between the detection rules based on the inclusion relationship between the detection rule headers and the inclusion relationship between the detection rule options.

Abstract translation: 本发明涉及一种检查入侵检测系统使用的入侵检测规则之间的相似性的装置和方法。 用于测量入侵检测规则之间的相似性的装置包括用于以预定形式修改多个检测规则的归一化单元，用于将多个修改的检测规则中的每个检测规则划分为检测规则报头和检测规则的分割单元 选项，关系运算单元，用于确定检测规则标题之间的包含关系，以及确定检测规则选项和相似度测量单元之间的包含关系，用于基于检测规则标题之间的包含关系来测量检测规则之间的相似度 以及检测规则选项之间的包含关系。

公开(公告)号：US20150195251A1

公开(公告)日：2015-07-09

申请号：US14470604

申请日：2014-08-27

Applicant: Electronics and Telecommunications Research Institute

Inventor： YuJeong HAN ,  Jung Hwan MOON ,  Dong Su NAM ,  HyungGeun OH ,  Kiwook SOHN

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L63/0428 ,  H04L63/14

Abstract: A packet analysis apparatus and method and a VPN server, which secure evidence against a situation in which a hacker disguises a packet as a normal packet so as to make an attack using a VPN server as a router. The packet analysis apparatus includes a packet classification unit for classifying packets provided and collected from a host into encrypted VPN packets and plaintext packets. A first comparative analysis unit compares contents of an encapsulated IP datagram of each encrypted VPN packet, obtained by decrypting the encrypted VPN packet, with contents of a plaintext IP datagram that is included in each plaintext packet and that is present for a target to which the host desires to transfer the encrypted VPN packet. A second comparative analysis unit compares lengths of the encapsulated IP datagram and the plaintext IP datagram with each other.

Abstract translation: 一种分组分析装置和方法以及VPN服务器，用于防止黑客将数据包伪装成普通分组的情况，以便使用VPN服务器作为路由器进行攻击。 分组分析装置包括：分组分类单元，用于将从主机提供和收集的分组分类为加密的VPN分组和明文分组。 第一比较分析单元将通过解密加密的VPN分组获得的每个加密的VPN分组的封装IP数据报的内容与包含在每个明文分组中的明文IP数据报的内容进行比较， 主机希望传输加密的VPN数据包。 第二比较分析单元将封装的IP数据报和明文IP数据报的长度彼此进行比较。

公开(公告)号：US20150089655A1

公开(公告)日：2015-03-26

申请号：US14492177

申请日：2014-09-22

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Young Han CHOI ,  Haksoo KIM ,  Deokjin KIM ,  JungMin KANG ,  HyungGeun OH ,  Kiwook SOHN

IPC: H04L29/06 ,  G06F21/56

CPC classification number: H04L63/145 ,  G06F21/566 ,  H04L63/1425

Abstract: A system and method for detecting malware based on a virtual host are provided. The system for detecting malware based on a virtual host includes a terminal network behavior analysis server and a virtual host. The terminal network behavior analysis server extracts network behavior information by monitoring the network behavior of an actual host, and outputs the extracted the network behavior information. The virtual host detects malware corresponding to abnormal behavior in the actual host, by receiving the network behavior information and then performing corresponding behavior.

Abstract translation: 提供了一种基于虚拟主机来检测恶意软件的系统和方法。 用于基于虚拟主机检测恶意软件的系统包括终端网络行为分析服务器和虚拟主机。 终端网络行为分析服务器通过监控实际主机的网络行为来提取网络行为信息，并输出提取的网络行为信息。 虚拟主机通过接收网络行为信息，然后执行相应的行为来检测与实际主机异常行为相对应的恶意软件。

公开(公告)号：US20150067854A1

公开(公告)日：2015-03-05

申请号：US14305614

申请日：2014-06-16

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Eunyoung KIM ,  Jaehun LEE ,  Jinmo PARK ,  Yosik KIM ,  Youngtae YUN ,  Kiwook SOHN

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04L63/1441

Abstract: An apparatus and method for multi-checking for mobile malware are provided. The apparatus for multi-checking for mobile malware includes a communication unit and a user interface (UI) unit. The communication unit communicates with at least one relay server. The UI unit receives an app to be checked from a user before sending the app to the relay server, or provides the user with the check results of the app obtained by a plurality of collection agents located in respective user terminals or emulators based on the app.

Abstract translation: 提供了一种用于多重检查移动恶意软件的设备和方法。 用于移动恶意软件的多重检查的装置包括通信单元和用户界面（UI）单元。 通信单元与至少一个中继服务器进行通信。 在将应用程序发送到中继服务器之前，UI单元从用户接收要检查的应用程序，或者向用户提供基于应用程序的位于相应用户终端或仿真器中的多个收集代理获得的应用的检查结果 。