专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090158427A1 SIGNATURE STRING STORAGE MEMORY OPTIMIZING METHOD, SIGNATURE STRING PATTERN MATCHING METHOD, AND SIGNATURE STRING MATCHING ENGINE 有权
标题翻译：签名STRING存储优化方法，签名字符串匹配方法和签名字符串匹配引擎
公开(公告)号：US20090158427A1
公开(公告)日：2009-06-18
申请号：US12331613
申请日：2008-12-10
申请人： Byoung Koo Kim , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
发明人： Byoung Koo Kim , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F21/00
CPC分类号： H04L63/0263 , G06F17/30985 , H04L63/1408
摘要： Enclosed are a signature string storage memory optimizing method, a signature string pattern matching method, and a signature matching engine. Signature is tokenized in units of substrings and the tokenized substrings are stored in an internal memory block and an external memory block to optimize a memory storage pattern. Therefore, matching of introduction data to signature patterns is effectively performed.
摘要翻译：封闭的是签名字符串存储内存优化方法，签名字符串模式匹配方法和签名匹配引擎。签名以子字符串为单位，令牌化子字符串存储在内部存储块和外部存储器块中，以优化存储器存储模式。因此，有效地执行引入数据与签名图案的匹配。

2. 发明授权

US08365277B2 Signature string storage memory optimizing method, signature string pattern matching method, and signature string matching engine 有权
标题翻译：签名字符串存储内存优化方法，签名字符串模式匹配方法和签名字符串匹配引擎
公开(公告)号：US08365277B2
公开(公告)日：2013-01-29
申请号：US12331613
申请日：2008-12-10
申请人： Byoung Koo Kim , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
发明人： Byoung Koo Kim , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F11/00 , G06F12/14 , G06F7/04
CPC分类号： H04L63/0263 , G06F17/30985 , H04L63/1408
摘要： Enclosed are a signature string storage memory optimizing method, a signature string pattern matching method, and a signature matching engine. Signature is tokenized in units of substrings and the tokenized substrings are stored in an internal memory block and an external memory block to optimize a memory storage pattern. Therefore, matching of introduction data to signature patterns is effectively performed.
摘要翻译：封闭的是签名字符串存储内存优化方法，签名字符串模式匹配方法和签名匹配引擎。签名以子字符串为单位，令牌化子字符串存储在内部存储块和外部存储器块中，以优化存储器存储模式。因此，有效地执行引入数据与签名图案的匹配。

3. 发明授权

US07735137B2 Method and apparatus for storing intrusion rule 失效
标题翻译：存储入侵规则的方法和装置
公开(公告)号：US07735137B2
公开(公告)日：2010-06-08
申请号：US11484257
申请日：2006-07-10
申请人： Kwang Ho Baik , Byoung Koo Kim , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
发明人： Kwang Ho Baik , Byoung Koo Kim , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： H04L63/1416
摘要： A method and apparatus for storing an intrusion rule are provided. The method stores a new intrusion rule in an intrusion detection system having already stored intrusion rules, and includes: generating combinations of divisions capable of dividing the new intrusion rule into a plurality of partial intrusion rules; calculating the frequency of hash value collisions between each of the generated division combinations and the already stored intrusion rules; dividing the new intrusion rule according to the division combination which has the lowest calculated frequency of hash value collisions; and storing the divided new intrusion rule in a corresponding position of the intrusion detection system. According to the method and apparatus, the size of the storage unit occupied by the intrusion rule can be reduced, and by performing pattern matching, the performance of the intrusion detection system can be enhanced.
摘要翻译：提供了一种用于存储入侵规则的方法和装置。该方法在已经存储了入侵规则的入侵检测系统中存储新的入侵规则，并且包括：生成能够将新的入侵规则划分成多个部分入侵规则的分割组合; 计算每个生成的分割组合与已经存储的入侵规则之间的散列值冲突的频率; 根据哈希值碰撞计算频率最低的划分组合划分新的入侵规则; 并将分割的新入侵规则存储在入侵检测系统的相应位置。根据该方法和装置，可以减少入侵规则占用的存储单元的大小，通过执行模式匹配，能够提高入侵检测系统的性能。

4. 发明授权

US07735128B2 Method of storing pattern matching policy and method of controlling alert message 失效
标题翻译：存储模式匹配策略的方法和控制报警信息的方法
公开(公告)号：US07735128B2
公开(公告)日：2010-06-08
申请号：US11635245
申请日：2006-12-07
申请人： Byoung Koo Kim , Kwang Ho Baik , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
发明人： Byoung Koo Kim , Kwang Ho Baik , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F9/00 , G06F7/04 , H04L9/00
CPC分类号： H04L12/5602
摘要： A method of storing a pattern matching policy and a method of controlling an alert message are provided. The method includes (a) generating a content structure as a sub-structure of a header combination structure of a stored traffic pattern which is a policy to be newly applied to a pattern matching apparatus; (b) determining whether a content of the stored traffic pattern is identical to a content of an original traffic pattern stored in advance in the pattern matching apparatus; (c) allocating a content index of the content of the original traffic pattern to the content of the stored traffic pattern if the content of the stored traffic pattern is identical to the content of the original traffic pattern; and (d) determining whether a header combination structure of the original traffic pattern comprises only one content structure or more than one content structure and allocating a header index of the header combination structure of the stored traffic pattern to the header combination structure of the original traffic pattern if the header combination structure of the original traffic pattern is found to comprise only one content structure. Accordingly, it is possible to efficiently use hardware memories with limited storage capacities and effectively perform a pattern matching function.
摘要翻译：提供了一种存储模式匹配策略的方法和一种控制警报消息的方法。该方法包括：（a）生成内容结构作为作为新应用于模式匹配装置的策略的存储的流量模式的头部组合结构的子结构; （b）确定存储的业务模式的内容是否与预先存储在模式匹配装置中的原始业务模式的内容相同; （c）如果存储的业务模式的内容与原始业务模式的内容相同，则将原始业务模式的内容的内容索引分配给所存储的业务模式的内容; 和（d）确定原始业务模式的报头组合结构是否仅包含一个内容结构或多于一个内容结构，并且将所存储的业务模式的报头组合结构的报头索引分配给原始业务的报头组合结构如果发现原始流量模式的头组合结构仅包含一个内容结构，则模式。因此，可以有效地使用具有有限存储容量的硬件存储器并且有效地执行模式匹配功能。

5. 发明申请

US20100146621A1 METHOD OF EXTRACTING WINDOWS EXECUTABLE FILE USING HARDWARE BASED ON SESSION MATCHING AND PATTERN MATCHING AND APPRATUS USING THE SAME 有权
标题翻译：使用基于会话匹配和图案匹配的硬件提取WINDOWS可执行文件的方法和使用该方法的方法
公开(公告)号：US20100146621A1
公开(公告)日：2010-06-10
申请号：US12503288
申请日：2009-08-17
申请人： Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
发明人： Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
IPC分类号： G06F17/30 , G06F12/14 , G06F11/00 , G06F12/16 , G08B23/00
CPC分类号： H04L63/145 , G06F21/564
摘要： A method and apparatus for extracting a windows executable file that can search for a pattern related to windows executable files among a large quantity of network packets using a hardware-based session tracking and pattern matching technology and that can extract all packets included in the corresponding session are provided. The method of extracting a windows executable file includes: collecting incoming packets having a payload according to a session of a reference packet having an MZ pattern; performing a portable executable (PE) pattern matching for the collected incoming packets; and forming a PE file based on at least one incoming packet satisfying the PE pattern matching.
摘要翻译：一种用于提取Windows可执行文件的方法和装置，其可以使用基于硬件的会话跟踪和模式匹配技术在大量网络分组中搜索与Windows可执行文件相关的模式，并且可以提取包括在相应会话中的所有分组被提供。提取Windows可执行文件的方法包括：根据具有MZ模式的参考分组的会话收集具有有效载荷的传入分组; 对所收集的传入分组执行匹配的便携式可执行（PE）模式; 以及基于满足PE模式匹配的至少一个输入分组形成PE文件。

6. 发明申请

US20090133125A1 METHOD AND APPARATUS FOR MALWARE DETECTION 审中-公开
标题翻译：用于恶意软件检测的方法和装置
公开(公告)号：US20090133125A1
公开(公告)日：2009-05-21
申请号：US12209249
申请日：2008-09-12
申请人： Yang Seo Choi , Ik Kyun Kim , Byoung Koo Kim , Seung Yong Yoon , Dae Won Kim , Jin Tae Oh , Jong Soo Jang
发明人： Yang Seo Choi , Ik Kyun Kim , Byoung Koo Kim , Seung Yong Yoon , Dae Won Kim , Jin Tae Oh , Jong Soo Jang
IPC分类号： G06F21/00
CPC分类号： G06F21/562 , G06F21/56
摘要： The present invention relates to an apparatus and method for detecting malware. The malware detection apparatus and method of the present invention determines whether a file is malware or not by analyzing the header of an executable file. Since the malware detection apparatus and method can quickly detect presence of malware, it can shorten detection time considerably. The malware detection apparatus and method can also detect even unknown malware as well as known malware to thereby estimate and determine presence of malware. Therefore, it is possible to cope with malware in advance, protect a system with a program, and increase security level remarkably.
摘要翻译：本发明涉及一种用于检测恶意软件的装置和方法。本发明的恶意软件检测装置和方法通过分析可执行文件的标题来确定文件是否是恶意软件。由于恶意软件检测装置和方法可以快速检测恶意软件的存在，因此可以大大缩短检测时间。恶意软件检测装置和方法还可以检测甚至未知的恶意软件以及已知的恶意软件，从而估计和确定恶意软件的存在。因此，可以提前应对恶意软件，用程序保护系统，显着提高安全等级。

7. 发明授权

US07613669B2 Method and apparatus for storing pattern matching data and pattern matching method using the same 有权
标题翻译：用于存储模式匹配数据的方法和装置以及使用其的模式匹配方法
公开(公告)号：US07613669B2
公开(公告)日：2009-11-03
申请号：US11453954
申请日：2006-06-14
申请人： Seung Won Shin , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
发明人： Seung Won Shin , Jin Tae Oh , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06N5/02 , G06F9/26 , G06F9/34 , G06F7/00 , G06F17/30
CPC分类号： G06F21/56 , G06F17/30949 , G06F21/55 , G06F21/567 , G06K9/62 , Y10S707/99936
摘要： A method and apparatus for storing pattern matching data and a pattern matching method using the method and apparatus are provided. The method of storing original data for pattern matching in a pattern matching apparatus includes: dividing the original data into segments of a predetermined size; performing a hash operation on each of the divided segments; determining whether or not the hash operation value of each segment causes a hash collision with a hash operation value stored in a first external memory disposed outside the pattern matching apparatus; and controlling the hash operation value of each segment determined not to cause a hash collision to be stored in the first external memory. According to the method and apparatus, the original data desired to be used for pattern matching can be stored at a faster speed in a pattern matching data storing apparatus.
摘要翻译：提供一种用于存储模式匹配数据的方法和装置以及使用该方法和装置的模式匹配方法。在模式匹配装置中存储用于模式匹配的原始数据的方法包括：将原始数据划分成预定大小的段; 对每个分割的段执行散列操作; 确定每个段的散列操作值是否与存储在布置在模式匹配装置外部的第一外部存储器中的散列操作值引起哈希冲突; 并且将被确定为不引起散列冲突的每个段的散列操作值控制在第一外部存储器中。根据该方法和装置，可以在模式匹配数据存储装置中以更快的速度存储期望用于模式匹配的原始数据。

8. 发明授权

US08230503B2 Method of extracting windows executable file using hardware based on session matching and pattern matching and apparatus using the same 有权
标题翻译：基于会话匹配和模式匹配的硬件提取Windows可执行文件的方法及使用该可执行文件的方法
公开(公告)号：US08230503B2
公开(公告)日：2012-07-24
申请号：US12503288
申请日：2009-08-17
申请人： Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
发明人： Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
IPC分类号： H04L29/06
CPC分类号： H04L63/145 , G06F21/564
摘要： A method and apparatus for extracting a windows executable file that can search for a pattern related to windows executable files among a large quantity of network packets using a hardware-based session tracking and pattern matching technology and that can extract all packets included in the corresponding session are provided. The method of extracting a windows executable file includes: collecting incoming packets having a payload according to a session of a reference packet having an MZ pattern; performing a portable executable (PE) pattern matching for the collected incoming packets; and forming a PE file based on at least one incoming packet satisfying the PE pattern matching.
摘要翻译：一种用于提取Windows可执行文件的方法和装置，其可以使用基于硬件的会话跟踪和模式匹配技术在大量网络分组中搜索与Windows可执行文件相关的模式，并且可以提取包括在相应会话中的所有分组被提供。提取Windows可执行文件的方法包括：根据具有MZ模式的参考分组的会话收集具有有效载荷的传入分组; 对所收集的传入分组执行匹配的便携式可执行（PE）模式; 以及基于满足PE模式匹配的至少一个输入分组形成PE文件。

9. 发明申请

US20110016208A1 APPARATUS AND METHOD FOR SAMPLING SECURITY EVENT BASED ON CONTENTS OF THE SECURITY EVENT 有权
标题翻译：基于安全事件内容采集安全事件的装置和方法
公开(公告)号：US20110016208A1
公开(公告)日：2011-01-20
申请号：US12667130
申请日：2007-11-19
申请人： Chi Yoon Jeong , Beom Hwan Chang , Seon Gyoung Sohn , Geon Lyang Kim , Jong Hyun Kim , Jong Ho Ryu , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
发明人： Chi Yoon Jeong , Beom Hwan Chang , Seon Gyoung Sohn , Geon Lyang Kim , Jong Hyun Kim , Jong Ho Ryu , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F15/173
CPC分类号： H04L63/1416 , G06Q10/06
摘要： There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.
摘要翻译：提供了一种基于安全事件的内容对安全事件进行采样的装置和方法，该装置包括：安全事件累积模块，其收集网络系统中发生的安全事件，并根据所述安全事件的内容存储每种类型的安全事件安全事件; 安全事件分析模块，通过分析存储的安全事件来计算每种类型的安全事件的分布; 并且安全事件提取模块根据计算出的每种类型的安全事件的分布来对存储的安全事件进行采样。该装置和方法可以提高安全事件和安全事件分析装置的可视化速度并且可以提高其精度。

10. 发明授权

US07596810B2 Apparatus and method of detecting network attack situation 有权
标题翻译：检测网络攻击情况的方法及装置
公开(公告)号：US07596810B2
公开(公告)日：2009-09-29
申请号：US11081682
申请日：2005-03-17
申请人： Jin Oh Kim , Seon Gyoung Sohn , Hyochan Bang , Soo Hyung Lee , Dongyoung Kim , Beom Hwan Chang , Geon Lyang Kim , Hyun Joo Kim , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
发明人： Jin Oh Kim , Seon Gyoung Sohn , Hyochan Bang , Soo Hyung Lee , Dongyoung Kim , Beom Hwan Chang , Geon Lyang Kim , Hyun Joo Kim , Jung Chan Na , Jong Soo Jang , Sung Won Sohn
IPC分类号： G08B23/00 , G06F15/173
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/85 , H04L63/1441
摘要： Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory. Equal numbers of hash engines and detection engines for processing the alarms in the network to the number of data groups classified as network attack situations are formed in a line. Therefore, a network attack situation can be detected in real time based on a great number of alarms indicating intrusion detection.
摘要翻译：提供了一种用于检测网络攻击情况的装置。该装置包括接收在连接有报警接收器的网络中升起的多个报警的报警接收机，将报警转换成预定报警数据，并输出报警数据; 报警处理器根据报警数据的属性和产生报警数据的次数分析网络中的攻击情况; 存储器，用于存储分析网络状态并将基本数据提供给报警处理器所需的基本数据; 以及将所述报警处理器的分析结果发送到外部设备的接口，从外部设备接收预定的临界值，所述临时值是用于确定所述攻击情况的发生的基础，并且将所述临界值输出到所述报警处理器使得报警处理器可以将临界值存储在存储器中。在网络中形成等同数量的散列引擎和检测引擎，用于将网络中的警报处理为分类为网络攻击情况的数据组的数量。因此，可以基于大量表示入侵检测的告警来实时检测网络攻击情况。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式