公开(公告)号：US20190332823A1

公开(公告)日：2019-10-31

申请号：US16384252

申请日：2019-04-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyeok-Chan KWON ,  Sok-Joon LEE ,  Byung-Ho CHUNG ,  Joong-Yong CHOI

IPC: G06F21/85 ,  G06F21/55 ,  H04L12/40

Abstract: Disclosed herein are an intrusion response apparatus and method for a vehicle network. The intrusion response method for a vehicle network is performed by an intrusion response apparatus for the vehicle network, and includes receiving attack detection information about an intrusive attack on the vehicle network from an intrusion detection system, selecting at least one target electronic control unit that is to be instructed to respond to the intrusive attack from among multiple electronic control units, and sending a response instruction message to the at least one target electronic control unit so that the target electronic control unit responds to the intrusive attack.

公开(公告)号：US20180013832A1

公开(公告)日：2018-01-11

申请号：US15638133

申请日：2017-06-29

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sok-Joon LEE ,  Hyeok-Chan KWON ,  Gae-Il AN ,  Do-Young CHUNG ,  Byung-Ho CHUNG

IPC: H04L29/08 ,  H04W12/02 ,  H04L29/06 ,  G06F19/00 ,  H04W12/08 ,  G06Q50/22

CPC classification number: H04L67/12 ,  A61B5/0022 ,  G06Q50/22 ,  G16H10/60 ,  G16H40/67 ,  H04L63/0846 ,  H04L63/1441 ,  H04L67/146 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Disclosed herein are a health device, a gateway device, and a method for securing a protocol using the health device and the gateway device. The method includes performing, by the health device and the gateway device, authentication and key exchange based on security session information; sending, by any one of the health device and the gateway device, an application message protected based on the security session information; and receiving, by a remaining one of the health device and the gateway device, the protected application message.

公开(公告)号：US20230199005A1

公开(公告)日：2023-06-22

申请号：US17978164

申请日：2022-10-31

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyeok-Chan KWON ,  Byung-Ho CHUNG

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425

Abstract: Disclosed herein is a method for detecting a network attack based on a fusion feature vector. The method includes extracting feature vectors corresponding to a preset unit time from network traffic, generating fusion feature vectors based on the extracted feature vectors, and performing training using the generated fusion feature vectors.

公开(公告)号：US20160234205A1

公开(公告)日：2016-08-11

申请号：US15007073

申请日：2016-01-26

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Gae-Il AN ,  Hyeok-Chan KWON ,  Sin-Hyo KIM ,  Jong-Sik MOON ,  Sok-Joon LEE ,  Do-Young CHUNG ,  Byung-Ho CHUNG

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08

CPC classification number: H04W12/06 ,  H04L63/20 ,  H04W12/08 ,  H04W12/12

Abstract: Disclosed are a method for providing a security service for a wireless device and an apparatus thereof. The method includes obtaining a wireless fingerprint of a wireless device, determining a wireless device type corresponding to the obtained wireless fingerprint by referring to a first database, determining a security policy corresponding to the determined wireless device type by referring to a second database, and applying the determined security policy to a service for the wireless device, so that the wireless device is provided with a tight security service.

Abstract translation: 公开了一种用于为无线设备提供安全服务的方法及其装置。 该方法包括获取无线设备的无线指纹，通过参考第一数据库来确定与获得的无线指纹相对应的无线设备类型，通过参考第二数据库确定与所确定的无线设备类型相对应的安全策略，以及应用 所确定的安全策略到无线设备的服务，使得向无线设备提供紧密的安全服务。

公开(公告)号：US20240205242A1

公开(公告)日：2024-06-20

申请号：US18512891

申请日：2023-11-17

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyeok-Chan KWON ,  Byung-Ho CHUNG

IPC: H04L9/40 ,  H04L41/22

CPC classification number: H04L63/1416 ,  H04L41/22

Abstract: Disclosed herein is a method for visualizing a medical device network and a security threat. The method includes representing nodes in zones that are divided into a server zone including nodes corresponding to server devices, a medical device zone including nodes corresponding to medical devices, a white zone including registered nodes excluding the server devices and the medical devices, and a gray zone including nodes included in none of the above-mentioned zones, representing links between the nodes, and representing a node and a link in which a security attack is detected using a different color when the security attack is detected in the node.

公开(公告)号：US20220150145A1

公开(公告)日：2022-05-12

申请号：US17507730

申请日：2021-10-21

Applicant: Electronics and Telecommunications Research Institute

Inventor： Hyeok-Chan KWON ,  Byung-Ho CHUNG

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/06

Abstract: Disclosed herein are a device identification apparatus and method based on network behavior. The device identification apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect packet data of a device connected to a network through port mirroring and extract behavior features from the packet data, analyze the behavior features and then generate unique information based on a previously created detection model, and extract an identification number corresponding to the unique information from a database and then identify the device.

公开(公告)号：US20240205241A1

公开(公告)日：2024-06-20

申请号：US18453703

申请日：2023-08-22

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Byung-Ho CHUNG ,  Hyeok-Chan KWON

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425

Abstract: Disclosed herein are self-learning-based intrusion detection apparatus and method. The self-learning-based intrusion detection apparatus includes memory configured to store at least one program, and a processor configured to execute the program, wherein the program is configured to perform detecting an anomaly behavior in network traffic based on a first detection model, and as a self-learning event is published, generating a second detection model through self-learning in parallel with detecting the anomaly behavior, and wherein the program is configured to perform, as the second detection model is generated, in detecting the anomaly behavior, replacing the first detection model with the second detection model, and thereafter detecting the anomaly behavior in the network traffic.

公开(公告)号：US20230208866A1

公开(公告)日：2023-06-29

申请号：US18057056

申请日：2022-11-18

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Byung-Ho CHUNG ,  Hyeok-Chan KWON

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  G06F2221/033

Abstract: Disclosed herein are an attack detection apparatus and method based on measurement of networking behavior abnormalities in symbolic spaces. The attack detection method based on measurement of networking behavior abnormalities in symbolic spaces includes creating profiles based on a transmission address of a flow received from a network, measuring a behavior abnormality of a device corresponding to the transmission address of the flow on the network, and mapping the measured behavior abnormality to behavior symbols in symbolic spaces, generating a behavior symbol sequence pattern, in which the behavior symbols are sequentially connected, for each profile, and detecting presence or non-presence of an attack and a device associated with the attack based on an output of the abnormal behavior prediction model that receives the behavior symbol sequence pattern as input.

公开(公告)号：US20200183373A1

公开(公告)日：2020-06-11

申请号：US16702741

申请日：2019-12-04

Applicant: Electronics and Telecommunications Research Institute

Inventor： Joong-Yong CHOI ,  Sok-Joon LEE ,  Hyeok-Chan KWON ,  Byung-Ho CHUNG

IPC: G05B23/02 ,  H04L12/40 ,  H04L29/12

Abstract: A method for detecting anomalies in a controller area network of a vehicle and an apparatus for the same. The method for detecting anomalies in a Controller Area Network (CAN) of a vehicle includes monitoring the controller area network of the vehicle and generating sequence trees for respective multiple sub-networks included in the controller area network at a time at which monitoring is performed, comparing at least one normal sequence tree, generated in accordance with the controller area network when a status of the vehicle is normal, with the generated sequence trees, and calculating differences between traffic proportions for respective nodes based on a result of the comparison between the sequence trees, and detecting an anomaly in the vehicle in consideration of the differences.

公开(公告)号：US20190312892A1

公开(公告)日：2019-10-10

申请号：US16375288

申请日：2019-04-04

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Byung-Ho CHUNG ,  Hyeok-Chan KWON ,  Sok-Joon LEE ,  Joong-Yong CHOI

IPC: H04L29/06 ,  G06F21/85 ,  G07C5/08 ,  H04L12/40

Abstract: Disclosed herein is an onboard cybersecurity diagnostic system for a vehicle, which may include at least one In-Vehicle Network (IVN) security diagnostic sensor configured to detect and diagnose an Electronic Control Unit (ECU) attack command on a communication bus; at least one ECU configured to control an actuator based on sensor data collected from a sensor, autonomously diagnose the integrity of ECU electronic control software, and diagnose the integrity of ECU electronic control data by combining the sensor data with a security diagnostic packet received from the at least one IVN security diagnostic sensor; and a cyber dashboard configured to display a security problem in the event of the security problem in the integrity of the ECU electronic control software or the ECU electronic control data.