公开(公告)号：US20150113646A1

公开(公告)日：2015-04-23

申请号：US14338917

申请日：2014-07-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： NamHoon LEE ,  Seokwon LEE ,  Soonjwa HONG ,  TaekKyu LEE ,  KyuCheol JUNG ,  Geunyong KIM ,  Hyung Geun OH ,  Ki Wook SOHN

IPC: G06F21/55

CPC classification number: G06F21/554 ,  H04L63/1408

Abstract: An apparatus for improving detection performance of an intrusion detection system includes a transformed detected data generation unit for changing original detected data, detected based on current detection rules, to transformed detected data complying with transformed detected data standard. A transformed detected data classification unit classifies the transformed detected data by attack type, classifies transformed detected data for attack types by current detection rule, and classifies transformed detected data for detection rules into true positives/false positives. A transformed keyword tree generation unit generates a true positive transformed keyword tree and a false positive transformed keyword tree. A true positive path identification unit generates a true positive node, and identifies a true positive path connecting a base node to the true positive node in the true positive transformed keyword tree. A true positive detection pattern generation unit generates a true positive detection pattern based on the true positive path.

Abstract translation: 用于提高入侵检测系统的检测性能的装置包括：变换检测数据生成单元，用于将根据当前检测规则检测到的原始检测数据改变为符合变换后的检测数据标准的变换检测数据。 经变换的检测数据分类单元通过攻击类型对经变换的检测数据进行分类，根据当前检测规则对转换后的检测数据进行分类，将检测规则的变换检测数据分类为真阳性/假阳性。 变换关键字树生成单元生成真正变换关键词树和假正变换关键字树。 真正的正路径识别单元生成真正的正节点，并且识别在真正的正变换关键词树中连接基本节点与真正的正节点的真正的正路径。 真正的检测图案生成单元基于真正的正路径生成真正的检测图案。

公开(公告)号：US20160065600A1

公开(公告)日：2016-03-03

申请号：US14748396

申请日：2015-06-24

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Suk won LEE ,  Geun Yong KIM ,  Taek kyu LEE ,  Myeong Ryeol CHOI ,  Soonjwa HONG ,  Seongtaek CHEE

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F16/148 ,  G06F16/9566

Abstract: An apparatus and method for automatically detecting a malicious link. The apparatus includes a threat information collection unit, a priority management unit, a malicious link collection unit, a malicious link analysis unit, and a malicious link tracking unit. The threat information collection unit collects threat information, and identifies whether a malicious link is present in each target site. The priority management unit determines the priorities of the target sites, and performs the assignment and management of the target sites in order to collect and analyze a malicious link. The malicious link collection unit collects the uniform resource locator (URL) of the malicious link from the target sites. The malicious link analysis unit analyzes a call correlation based on the collected URL, and analyzes the malicious link through pattern matching. The malicious link tracking unit tracks the real-time changing state of the malicious link.

Abstract translation: 一种用于自动检测恶意链接的装置和方法。 该装置包括威胁信息收集单元，优先管理单元，恶意链路收集单元，恶意链路分析单元和恶意链路跟踪单元。 威胁信息收集单元收集威胁信息，并识别每个目标站点中是否存在恶意链接。 优先级管理单元确定目标站点的优先级，执行目标站点的分配和管理，以收集和分析恶意链接。 恶意链接收集单元从目标站点收集恶意链接的统一资源定位符（URL）。 恶意链接分析单元根据收集的URL分析呼叫关联，并通过模式匹配分析恶意链接。 恶意链路跟踪单元跟踪恶意链路的实时变化状态。