公开(公告)号：US20160065600A1

公开(公告)日：2016-03-03

申请号：US14748396

申请日：2015-06-24

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Suk won LEE ,  Geun Yong KIM ,  Taek kyu LEE ,  Myeong Ryeol CHOI ,  Soonjwa HONG ,  Seongtaek CHEE

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F16/148 ,  G06F16/9566

Abstract: An apparatus and method for automatically detecting a malicious link. The apparatus includes a threat information collection unit, a priority management unit, a malicious link collection unit, a malicious link analysis unit, and a malicious link tracking unit. The threat information collection unit collects threat information, and identifies whether a malicious link is present in each target site. The priority management unit determines the priorities of the target sites, and performs the assignment and management of the target sites in order to collect and analyze a malicious link. The malicious link collection unit collects the uniform resource locator (URL) of the malicious link from the target sites. The malicious link analysis unit analyzes a call correlation based on the collected URL, and analyzes the malicious link through pattern matching. The malicious link tracking unit tracks the real-time changing state of the malicious link.

Abstract translation: 一种用于自动检测恶意链接的装置和方法。 该装置包括威胁信息收集单元，优先管理单元，恶意链路收集单元，恶意链路分析单元和恶意链路跟踪单元。 威胁信息收集单元收集威胁信息，并识别每个目标站点中是否存在恶意链接。 优先级管理单元确定目标站点的优先级，执行目标站点的分配和管理，以收集和分析恶意链接。 恶意链接收集单元从目标站点收集恶意链接的统一资源定位符（URL）。 恶意链接分析单元根据收集的URL分析呼叫关联，并通过模式匹配分析恶意链接。 恶意链路跟踪单元跟踪恶意链路的实时变化状态。

公开(公告)号：US20170139783A1

公开(公告)日：2017-05-18

申请号：US15224853

申请日：2016-08-01

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyunuk HWANG ,  Kibom KIM ,  Seungyong LEE ,  Seongtaek CHEE

IPC: G06F11/14 ,  G06F17/30

CPC classification number: G06F11/1469 ,  G06F11/1435 ,  G06F16/1727 ,  G06F2201/80

Abstract: A method and an apparatus for recovery of a file system using metadata and data clusters. The apparatus for recovery of a file system generates an MFT entry list in a disc or an evidence image, collects at least one data cluster candidate, and uses at least one MFT entry and at least one data cluster candidate within the MFT entry list to generate at least one MFT entry-data cluster pair candidate. The apparatus for recovery of a file system analyzes the at least one MFT entry-data cluster pair candidate to determine attribute values of a virtual partition and generate the virtual partition based on the attribute values.