公开(公告)号：US20150350242A1

公开(公告)日：2015-12-03

申请号：US14729709

申请日：2015-06-03

Applicant: Electronics and Telecommunications Research Institute

Inventor： Seon Gyoung SOHN ,  Young Jun HEO

IPC: H04L29/06

CPC classification number: H04L63/1408

Abstract: An apparatus and method of displaying a network security situation is provided. The apparatus includes an extraction unit configured to classify a characteristic factor including IP addresses of a transmission node and a reception node from a traffic flow, a network visualization unit configured to generate a domain circle visualizing each of a transmission domain and a reception domain as a circle shape by mapping the IP addresses of the transmission node and the reception node to points on circumference as one to one, arrange the generated domain circle on an axis, and visualize each of a transmission network area and a reception network area as a sphere shape, a session construction unit configured to a session of the visualized transmission network area and reception network visually, and a display unit configured to display the session which is visually constructed.

Abstract translation: 提供了显示网络安全情况的装置和方法。 该装置包括：提取单元，被配置为从业务流中分类包括发送节点的IP地址和接收节点的特征因子;网络可视化单元，被配置为生成可视化发送域和接收域中的每一个的域圈，作为 通过将发送节点和接收节点的IP地址映射到圆周上的点一一对应的圆形，将生成的域圆布置在轴上，并将传输网络区域和接收网络区域中的每一个可视化为球形 可视化的可视化传输网络区域和接收网络的会话的会话构造单元，以及配置为显示视觉构建的会话的显示单元。

公开(公告)号：US20150381642A1

公开(公告)日：2015-12-31

申请号：US14699449

申请日：2015-04-29

Applicant: Electronics and Telecommunications Research Institute

Inventor： Byoung Koo KIM ,  Dong Ho KANG ,  Jung Chan NA ,  Seon Gyoung SOHN ,  Young Jun HEO

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L12/40 ,  H04L41/142 ,  H04L43/026 ,  H04L67/12 ,  H04L69/16 ,  H04L69/329 ,  H04L2012/40228

Abstract: An abnormal traffic detection apparatus and method based on Modbus communication pattern learning is provided. The abnormal traffic detection apparatus based on the Modbus communication pattern learning previously detects and responds to abnormal traffic on a Modbus/TCP protocol. According to the present invention, a communication service between control systems can be stably provided by previously detecting the abnormal traffic capable of interfering with a stable operation of the control system. Particularly, since the effective abnormal traffic on the Modbus/TCP protocol can be previously detected, security of the control system can be increased by rapid detection and response with respect to security threats on the Intranet of the control system, and availability can be secured.

Abstract translation: 提供了基于Modbus通信模式学习的异常流量检测装置和方法。 基于Modbus通信模式学习的异常流量检测装置可以检测并响应Modbus / TCP协议上的异常流量。 根据本发明，通过预先检测能够干扰控制系统的稳定运行的异常通信，可以稳定地提供控制系统之间的通信服务。 特别是，由于可以先检测到Modbus / TCP协议上的有效异常流量，因此可以通过对控制系统的内联网上的安全威胁的快速检测和响应来提高控制系统的安全性，并且可以确保可用性。

公开(公告)号：US20150341380A1

公开(公告)日：2015-11-26

申请号：US14667137

申请日：2015-03-24

Applicant: Electronics and Telecommunications Research Institute

Inventor： Young Jun HEO ,  Seon Gyoung SOHN ,  Byoung Koo KIM ,  Dong Ho KANG ,  Jung Chan NA

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1425 ,  H04L63/1458 ,  H04L69/22

Abstract: Provided are a system and method for detecting an abnormal behavior of a control system by analyzing flows of the control system. Flow information of the control network is collected, and flows are classified according to the collected flow information and a flow group is generated. An abnormal behavior of the control system is detected by analyzing flows of the generate flow group. That is, internal systems of the control network are grouped according to functions, and a situation of a system of a group performing the same function is managed to thus quickly detect an abnormal behavior of the control system.

Abstract translation: 提供了一种通过分析控制系统的流程来检测控制系统的异常行为的系统和方法。 收集控制网络的流量信息，根据收集的流量信息对流量进行分类，生成流量组。 通过分析生成流组的流量来检测控制系统的异常行为。 也就是说，控制网络的内部系统根据功能进行分组，并且管理执行相同功能的组的系统的情况，从而快速检测控制系统的异常行为。