公开(公告)号：US20230161879A1

公开(公告)日：2023-05-25

申请号：US18056141

申请日：2022-11-16

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Ki Jong KOO ,  Jung Tae KIM ,  Jong Hyun KIM ,  Dae Sung MOON ,  Sang Min LEE ,  Ik Kyun KIM ,  Ji Hyeon SONG

IPC: G06F21/55

CPC classification number: G06F21/554 ,  G06F2221/034

Abstract: Disclosed herein a method and apparatus for detecting a malicious code based on an assembly language model. According to an embodiment of the present disclosure, there is provided a method for detecting a malicious code. The method comprising: generating an instruction code sequence by converting an input file, for which a malicious code is to be detected, into an assembly code; embedding the instruction code sequence by using a prelearned assembly language model for instruction code embedding and outputting an embedding result of the instruction code sequence; and detecting whether or not the input file is a malicious code, by using a prelearned malicious code classification model with the embedding result as an input.

公开(公告)号：US20160205118A1

公开(公告)日：2016-07-14

申请号：US14937498

申请日：2015-11-10

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jong Hyun KIM

IPC: H04L29/06 ,  H04L12/743

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04L2463/146

Abstract: Provided is a cyber black box system. The cyber black box system includes a data collector configured to collect entire packet data, flow data, and a portable executable (PE) file from monitored network traffic and a server configured to analyze a cause of a cyber intrusion event and reproduce the cyber intrusion event, based on the collected entire packet data, flow data, and PE file.

Abstract translation: 提供一个网络黑箱系统。 网络黑盒系统包括数据收集器，其被配置为从监测的网络流量收集整个分组数据，流数据和便携式可执行（PE）文件，以及被配置为分析网络入侵事件的原因并再现网络入侵事件的服务器 ，基于收集的整个数据包，流数据和PE文件。

公开(公告)号：US20170237716A1

公开(公告)日：2017-08-17

申请号：US15246027

申请日：2016-08-24

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jong Hyun KIM ,  Ik Kyun KIM ,  Joo Young LEE ,  Sun Oh CHOI ,  Yang Seo CHOI

IPC: H04L29/06

CPC classification number: H04L63/0435 ,  H04L63/0272 ,  H04L63/045 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/1425 ,  H04L63/166

Abstract: The present invention relates to a system and method for interlocking intrusion information. An intrusion information interlocking system includes at least one interlocking client which is connected to a client system which collects session information of intrusion in different network domains to transmit the intrusion information collected by the client system to the control system and requests analysis information on the intrusion information in accordance with a request of the client system to provide the analysis information to the client system, and an interlocking server which is connected to a control system which analyzes intrusion information to transmit the intrusion information of different network domains provided from one or more interlocking clients to the control system, stores the intrusion analysis information from the control system, and shares the stored intrusion analysis information with the interlocking client in accordance with the request of the interlocking client.

公开(公告)号：US20150256555A1

公开(公告)日：2015-09-10

申请号：US14635962

申请日：2015-03-02

Applicant: Electronics and Telecommunications Research Institute

Inventor： Yang Seo CHOI ,  Ik Kyun KIM ,  Min Ho HAN ,  Jung Tae KIM ,  Jong Hyun KIM

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/1416 ,  H04L63/1425

Abstract: Disclosed are provided a method and a system for network connection chain traceback by using network flow data in order to trace an attack source site for cyber hacking attacks that goes by way of various sites without addition of new equipment of a network or modification a standard protocol when the cyber hacking attack occurs in the Internet and an internal network.

Abstract translation: 提供了一种通过使用网络流数据来网络连接链追溯的方法和系统，以便跟踪通过各种站点进行的网络黑客攻击的攻击源站点，而不添加网络的新设备或修改标准协议 当网络黑客攻击发生在互联网和内部网络时。

公开(公告)号：US20170270299A1

公开(公告)日：2017-09-21

申请号：US15240319

申请日：2016-08-18

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyun Joo KIM ,  Jong Hyun KIM ,  Ik Kyun KIM

IPC: G06F21/56 ,  G06N5/02

CPC classification number: G06F21/566 ,  G06N5/022

Abstract: The present invention relates to an apparatus and a method for detecting a malware code by generating and analyzing behavior pattern. A malware code detecting apparatus includes a behavior pattern generating unit which defines a characteristic parameter which distinguishes and specifies behaviors of a malware code and normally executable programs, converts an API calling event corresponding to the defined characteristic parameter and generates a behavior pattern in accordance with a similarity for behaviors of converted API call sequences to store the behavior pattern in a behavior pattern DB; and a malware code detecting unit which converts the API calling event corresponding to the defined characteristic parameter when the target process is executed into the API call sequence and determines whether the behavior pattern is a malware code in accordance with a similarity for behaviors of the converted API call sequence and the sequence stored in the behavior pattern DB.