专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08095973B2 Apparatus and method for detecting network attack 有权
标题翻译：网络攻击检测装置及方法
公开(公告)号：US08095973B2
公开(公告)日：2012-01-10
申请号：US11926132
申请日：2007-10-29
申请人： Ik Kyun Kim , Yang Seo Choi , Dae Won Kim , Jin Tae Oh , Jong Soo Jang
发明人： Ik Kyun Kim , Yang Seo Choi , Dae Won Kim , Jin Tae Oh , Jong Soo Jang
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： H04L63/1408
摘要： There are provided a network attack detection apparatus and method capable of determining even unknown network attack, the apparatus connected between two networks or connected by port mirroring of an Ethernet switch to real-time monitor all packets flowing through the networks. The apparatus decodes a payload portion of an inputted network packet into a machine code instruction, determines whether an executable code is included in the decoded machine code by analyzing relationship between instructions, and determines whether the packet is harmful based on statistics with respect to a possibility that an executable code exists in a service and a certain transaction of the service when the executable code is included.
摘要翻译：提供了能够确定甚至未知网络攻击的网络攻击检测装置和方法，连接在两个网络之间的装置或通过以太网交换机的端口镜像连接的实时监视通过网络流动的所有分组的网络攻击检测装置和方法。该装置将输入的网络分组的有效载荷部分解码为机器码指令，通过分析指令之间的关系来确定解码的机器码中是否包括可执行代码，并且基于关于可能性的统计来确定分组是否有害当包括可执行代码时，可执行代码存在于服务和服务的某个事务中。

12. 发明申请

US20080134334A1 APPARATUS AND METHOD FOR DETECTING NETWORK ATTACK 有权
标题翻译：用于检测网络攻击的装置和方法
公开(公告)号：US20080134334A1
公开(公告)日：2008-06-05
申请号：US11926132
申请日：2007-10-29
申请人： Ik Kyun Kim , Yang Seo Choi , Dae Won Kim , Jin Tae Oh , Jong Soo Jang
发明人： Ik Kyun Kim , Yang Seo Choi , Dae Won Kim , Jin Tae Oh , Jong Soo Jang
IPC分类号： G06F11/00
CPC分类号： H04L63/1408
摘要： There are provided a network attack detection apparatus and method capable of determining even unknown network attack, the apparatus connected between two networks or connected by port mirroring of an Ethernet switch to real-time monitor all packets flowing through the networks. The apparatus decodes a payload portion of an inputted network packet into a machine code instruction, determines whether an executable code is included in the decoded machine code by analyzing relationship between instructions, and determines whether the packet is harmful based on statistics with respect to a possibility that an executable code exists in a service and a certain transaction of the service when the executable code is included.
摘要翻译：提供了能够确定甚至未知网络攻击的网络攻击检测装置和方法，连接在两个网络之间的装置或通过以太网交换机的端口镜像连接的实时监视通过网络流动的所有分组的网络攻击检测装置和方法。该装置将输入的网络分组的有效载荷部分解码为机器码指令，通过分析指令之间的关系来确定解码的机器码中是否包括可执行代码，并且基于关于可能性的统计来确定分组是否有害当包括可执行代码时，可执行代码存在于服务和服务的某个事务中。

13. 发明授权

US07831822B2 Real-time stateful packet inspection method and apparatus 有权
标题翻译：实时状态报文检测方法及装置
公开(公告)号：US07831822B2
公开(公告)日：2010-11-09
申请号：US11633174
申请日：2006-12-04
申请人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
发明人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
IPC分类号： H04L9/00 , H04L9/32 , G06F11/00
CPC分类号： H04L63/0227 , H04L63/0254 , H04L67/14
摘要： A real-time stateful packet inspection method and apparatus is provided, which uses a session table processing method that can efficiently generate state information. In the apparatus, a session table stores session data of a packet received from an external network. A hash key generator hashes a parameter extracted from the received packet and generates a hash pointer of the session table corresponding to the packet. A session detection module searches the session table for a session corresponding to the received packet. A session management module performs management of the session table such as addition, deletion, and change of sessions of the session table. A packet inspection module generates state information corresponding to the received packet from both directionality information of the packet and entry header information of the packet stored in the session table and then inspects the packet based on the generated state information.
摘要翻译：提供了一种实时状态包检测方法和装置，其使用可以有效地生成状态信息的会话表处理方法。在该装置中，会话表存储从外部网络接收到的分组的会话数据。哈希密钥生成器从接收到的分组中提取参数，并生成与分组对应的会话表的哈希指针。会话检测模块在会话表中搜索与接收到的分组相对应的会话。会话管理模块执行会话表的管理，例如会话表的会话的添加，删除和更改。分组检查模块从分组的方向性信息和存储在会话表中的分组的条目标题信息两者生成对应于接收到的分组的状态信息，然后基于生成的状态信息来检查分组。

14. 发明授权

US07818786B2 Apparatus and method for managing session state 有权
标题翻译：用于管理会话状态的装置和方法
公开(公告)号：US07818786B2
公开(公告)日：2010-10-19
申请号：US11298114
申请日：2005-12-08
申请人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
发明人： Seung Yong Yoon , Jin Tae Oh , Jong Soo Jang
IPC分类号： G06F7/04
CPC分类号： H04L63/0254 , H04L63/1458
摘要： An apparatus and method for managing a session state are provided. The apparatus for managing a session state during transmission control protocol (TCP) handshaking includes: a session index unit producing and managing an index including 5-tuple information of a session corresponding to an input packet; a detailed information manager generating and managing an entry by extracting state information of a session in which a predetermined time does not pass after the session has been completely established, to respond to an intrusion detection against the input packet when the index is produced; a brief information manager generating and managing an entry including state information, which includes states of session connection and disconnection and directionality of the input packet, of a session in which a predetermined time elapses after the session has been completely established; and a search unit searching an index of the session corresponding to the input packet in the session index unit, and, if an index does not exist, searching the brief information manager after the session has been completely established.
摘要翻译：提供了一种用于管理会话状态的装置和方法。用于在传输控制协议（TCP）握手期间管理会话状态的装置包括：会话索引单元，产生和管理包括对应于输入分组的会话的5元组信息的索引; 详细信息管理器，通过提取在会话完全建立之后预定时间不通过的会话的状态信息来生成和管理条目，以在产生索引时响应对输入分组的入侵检测; 生成和管理包括状态信息的条目的条目，该状态信息包括在会话已经完全建立之后经过预定时间的会话的会话连接和断开的状态以及输入分组的方向性; 以及搜索单元，在会话索引单元中搜索对应于输入分组的会话的索引，并且如果索引不存在，则在会话完全建立之后搜索简要信息管理器。

15. 发明授权

US07865955B2 Apparatus and method for extracting signature candidates of attacking packets 失效
标题翻译：用于提取攻击包的签名候选者的装置和方法
公开(公告)号：US07865955B2
公开(公告)日：2011-01-04
申请号：US11924100
申请日：2007-10-25
申请人： Hwa Shin Moon , Sung Won Yi , Jin Tae Oh
发明人： Hwa Shin Moon , Sung Won Yi , Jin Tae Oh
IPC分类号： G06F11/00 , G06F12/14 , H04L9/00
CPC分类号： H04L63/1416 , H04L63/0227 , H04L69/22
摘要： An apparatus and method for extracting signature candidates and optimizing a corresponding signature are provided. The apparatus includes a packet separator, a header parser, a traffic information generator, a substring extractor, and a signature candidate extractor. The packet separator separates a packet into a header and a payload. The header information parser parses the header information, and the traffic information generator generates traffic information. The substring extractor measures a frequency of appearing of a substring with a predetermined length in the separated payload for a constant observation period, and extracts a substring having a frequency higher than a predetermined setup value by updating the measured frequency information to a substring frequency table. The signature candidate extractor generates a signature by collecting the extracted substring information and the generated traffic information, updates a signature frequency table, and extracts a signature candidate with reference to information of the signature frequency table.
摘要翻译：提供了一种用于提取签名候选和优化对应签名的装置和方法。该装置包括分组分离器，头解析器，交通信息发生器，子串提取器和签名候选提取器。分组分离器将分组分离成报头和有效载荷。标题信息解析器解析标题信息，并且交通信息生成器生成交通信息。子串提取器测量在分离的有效载荷中具有预定长度的子串的出现频率用于恒定观察周期，并且通过将测量的频率信息更新为子串频率表来提取具有高于预定设置值的频率的子串。签名候选提取器通过收集所提取的子字符串信息和生成的交通信息来生成签名，更新签名频率表，并且参考签名频率表的信息来提取签名候选。

16. 发明授权

US08065729B2 Method and apparatus for generating network attack signature 有权
标题翻译：用于生成网络攻击签名的方法和装置
公开(公告)号：US08065729B2
公开(公告)日：2011-11-22
申请号：US11947673
申请日：2007-11-29
申请人： Sung Won Yi , Hwa Shin Moon , Young Chan Shin , Jin Tae Oh
发明人： Sung Won Yi , Hwa Shin Moon , Young Chan Shin , Jin Tae Oh
IPC分类号： G06F11/00 , G06F12/14 , G06F15/173 , H04L9/32
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/56
摘要： Provided is a method and apparatus for generating a network attack signature capable of generating a signature having a high reliability while minimizing a whitelist used to prevent false positive. An application header and application data are separated from each other to measure byte distributions of the application header and the application data from an input packet. When an attack signature is generated by analyzing the measured byte distributions, a substring of the application data is used to generate the attack signature, and a substring of the application header is used as supporting information on the signature.
摘要翻译：提供了一种用于生成能够生成具有高可靠性的签名的网络攻击签名的方法和装置，同时最小化用于防止假阳性的白名单。应用程序头和应用程序数据彼此分离，以测量来自输入分组的应用程序头部和应用程序数据的字节分布。当通过分析测量的字节分布生成攻击签名时，应用数据的子字符串用于生成攻击签名，应用头的子字符串用作签名的支持信息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式