公开(公告)号：US20140355440A1

公开(公告)日：2014-12-04

申请号：US13955795

申请日：2013-07-31

Applicant: Electronics and Telecommunications Research Institute

Inventor： Kyoung-Soon KANG ,  Kyeong Ho LEE ,  Byungjun AHN ,  Ki Cheol JEON ,  Hea Sook PARK

IPC: H04L12/851

CPC classification number: H04L47/24 ,  H04L47/822

Abstract: An apparatus for allocating a network bandwidth includes an information collection unit configured to collect flow information of a network; and a traffic check unit configured to check traffic of the collected flow information. Further, the apparatus includes a traffic respond unit configured to suppress the network bandwidth depending on a check result of the traffic; and a control unit configured to the information collection unit, the traffic check unit, and the traffic respond unit.

Abstract translation: 用于分配网络带宽的装置包括：信息收集单元，被配置为收集网络的流信息; 以及流量检查单元，被配置为检查所收集的流信息的流量。 此外，该装置包括：业务响应单元，被配置为根据业务的检查结果来抑制网络带宽; 以及控制单元，被配置为信息收集单元，交通检查单元和交通响应单元。

公开(公告)号：US20140189867A1

公开(公告)日：2014-07-03

申请号：US14080439

申请日：2013-11-14

Applicant: Electronics and Telecommunications Research Institute

Inventor： Boo Geum JUNG ,  Young Min KIM ,  Kyoung-Soon KANG ,  Kyeong Ho LEE ,  Hea Sook PARK

IPC: H04L29/06

CPC classification number: H04L63/1458

Abstract: An OpenFlow switch in an OpenFlow environment includes an attack determination module to collect statistical information on packet processing with respect to incoming packets to be processed in the OpenFlow switch at a predetermined period interval to determine whether a DDoS attack occurs. The Openflow switch also includes an attack responding module to perceive a feature of the DDoS attack by using the incoming packets introduced into the OpenFlow switch after the determination of the occurrence of the DDoS attack and process the incoming packets in line with the perceived feature of the DDoS attack. Therefore, it is possible to determine and responds to DDos attacks in the OpenFlow switches.

Abstract translation: OpenFlow环境中的OpenFlow交换机包括攻击确定模块，用于以预定周期间隔收集关于要在OpenFlow交换机中处理的输入分组的分组处理的统计信息，以确定是否发生DDoS攻击。 Openflow开关还包括一个攻击响应模块，用于在确定DDoS攻击发生后，通过使用引入到OpenFlow交换机中的传入数据包来感知DDoS攻击的特征，并处理传入的数据包符合 DDoS攻击 因此，可以确定并响应OpenFlow交换机中的DDos攻击。

公开(公告)号：US20130298220A1

公开(公告)日：2013-11-07

申请号：US13747776

申请日：2013-01-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyeonsik YOON ,  Kyoung-Soon KANG ,  Yoo Hwa KANG ,  Hyunjoo KANG ,  Hak Suh KIM ,  Byungjun AHN ,  Kyeong-Ho LEE ,  Ki Cheol JEON ,  Boo Geum JUNG ,  Hea Sook PARK ,  Soon Seok LEE

IPC: H04L29/06

CPC classification number: H04L63/0245 ,  H04L45/04 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/1458

Abstract: The present disclosure relates to a system and a method for managing filtering information of attack traffic, and more particularly, to a system and a method for managing filtering information of attack traffic that may block attack traffic in a front end from which the attack traffic is transmitted by transmitting traffic filtering information, to a first autonomous system of the front end from which the attack traffic is transmitted, through a border gateway protocol (BGP) and by applying, to a relevant router, the transmitted traffic filtering information in the corresponding first autonomous system, when an edge router of a second autonomous system (AS) positioned in a rear end sets the traffic filtering information by detecting the attack traffic.

Abstract translation: 本发明涉及一种用于管理攻击流量的过滤信息的系统和方法，更具体地，涉及一种用于管理攻击流量的过滤信息的系统和方法，所述系统和方法可以阻止攻击流量在前端的攻击流量 通过边界网关协议（BGP）发送流量过滤信息到发送攻击流量的前端的第一自治系统，并通过向相关路由器应用相应的第一个发送的流量过滤信息 自治系统，当位于后端的第二自治系统（AS）的边缘路由器通过检测攻击流量来设置流量过滤信息。

公开(公告)号：US20150074247A1

公开(公告)日：2015-03-12

申请号：US14245032

申请日：2014-04-04

Applicant: Electronics and Telecommunications Research Institute

Inventor： Kyoung-Soon KANG ,  Kyeong Ho LEE ,  Byungjun AHN ,  Ki Cheol JEON ,  Hea Sook PARK

IPC: H04L12/24

CPC classification number: H04L41/082

Abstract: A method for setting up a computing environment, which includes: storing data for setting up computing environments necessary for the update of a plurality of client terminals that are connected through a network; receiving information about computing environments that are configured on the client terminals from the client terminals; upon receiving a request for the update from the client terminals, classifying the client terminals that share the same system image; and transferring the latest version of the data for setting up the computing environments which are higher than the client terminals of the client terminals; and updating the classified client terminals with the latest version of the data.

Abstract translation: 一种用于建立计算环境的方法，包括：存储用于设置通过网络连接的多个客户终端的更新所需的计算环境的数据; 从客户终端接收关于在客户终端上配置的计算环境的信息; 在从客户终端接收到更新的请求时，对共享相同系统映像的客户终端进行分类; 并传送最新版本的数据，用于设置高于客户终端的客户终端的计算环境; 并用最新版本的数据更新分类的客户终端。