专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08925068B2 Method for preventing denial of service attacks using transmission control protocol state transition 有权
标题翻译：使用传输控制协议状态转换来防止拒绝服务攻击的方法
公开(公告)号：US08925068B2
公开(公告)日：2014-12-30
申请号：US12514697
申请日：2006-12-08
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L63/1458
摘要： Disclosed is a method of preventing a denial of service (DoS) attack using transmission control protocol (TCP) state transition. Flow of packets transmitted between a client and a server using TCP is monitored to prevent the DoS attack, e.g., SYN flooding, and to efficiently reduce the load on the server and provide more secure service. By applying the method to a firewall, a proxy server, an intrusion detection system, etc., of a server, it is possible to make up for vulnerabilities regarding a DoS attack without disturbing a conventional TCP state transition operation and detect, verify and block DoS attacks abusing the vulnerabilities, thereby providing more secure service.
摘要翻译：公开了一种使用传输控制协议（TCP）状态转换来防止拒绝服务（DoS）攻击的方法。监视在客户端和使用TCP的服务器之间传输的数据包流，以防止DoS攻击，例如SYN泛滥，并有效降低服务器上的负载并提供更安全的服务。通过将该方法应用于服务器的防火墙，代理服务器，入侵检测系统等，可以弥补有关DoS攻击的漏洞，而不会干扰常规的TCP状态转换操作，并检测，验证和阻止 DoS攻击滥用漏洞，从而提供更安全的服务。

2. 发明申请

US20120036572A1 SYSTEM-ON-A-CHIP MALICIOUS CODE DETECTION APPARATUS FOR A MOBILE DEVICE 有权
标题翻译：一种移动设备的系统级芯片恶意代码检测装置
公开(公告)号：US20120036572A1
公开(公告)日：2012-02-09
申请号：US13263914
申请日：2010-03-26
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F21/00 , H04B1/40
CPC分类号： G06F21/567 , G06F21/564 , H04L63/02 , H04L63/14 , H04L63/145
摘要： System-on-chip (SoC)-based apparatus for detecting malicious code in portable terminal is provided. SoC-based apparatus includes SoC including central processing unit (CPU) configured to generally control respective units of SoC for SoC-based malicious code detection, SoC memory-based firewall configured to classify packets input from outside through network interface unit, perform filtering operation, such as allowing operation and dropping operation, on the classified packets according to a predetermined setting, and output the result of the filtering operation to an application memory or an anti-malware engine, the SoC memory-based anti-malware engine configured to detect malicious code by performing a pattern-matching operation between a code pattern in a file input from the firewall and a pattern of malicious code registered in a malware signature database (DB) of a mobile device application unit, and an SoC memory-based control module configured to control operation of the firewall and the anti-malware engine in connection with the CPU.
摘要翻译：提供了一种用于检测便携式终端中的恶意代码的基于片上系统（SoC）的装置。基于SoC的设备包括SoC，包括中央处理单元（CPU），其被配置为通常控制用于基于SoC的恶意代码检测的SoC的各个单元，基于SoC存储器的防火墙被配置为通过网络接口单元对从外部输入的分组进行分类，执行滤波操作，例如允许操作和丢弃操作，并且将过滤操作的结果输出到应用存储器或反恶意软件引擎，所述SoC基于存储器的反恶意软件引擎被配置为检测恶意代码，通过在从防火墙输入的文件中的代码模式和注册在移动设备应用单元的恶意软件签名数据库（DB）中的恶意代码的模式之间执行模式匹配操作，以及配置为基于SoC存储器的控制模块控制与CPU相关的防火墙和反恶意软件引擎的操作。

3. 发明授权

US08677490B2 Method for inferring maliciousness of email and detecting a virus pattern 有权
标题翻译：推测电子邮件恶意和检测病毒模式的方法
公开(公告)号：US08677490B2
公开(公告)日：2014-03-18
申请号：US11913280
申请日：2006-12-08
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F11/00 , G06F15/16 , G06F11/30
CPC分类号： G06Q10/107
摘要： Provided is a method of distinguishing an abnormal e-mail and determining whether an e-mail is affected with a virus. The method includes the steps of: decoding a received e-mail packet in a readable format and then analyzing and classifying a header of the packet according to header information; determining whether each classified piece of header information is normal or abnormal, and giving a specific value to the corresponding header information according to the determination result; distinguishing an abnormal e-mail using the specific values given to the respective pieces of header information according to a logical inference rule; and when there is an executable attachment file among the header information of the e-mail distinguished as abnormal, determining whether the abnormal e-mail is infected with a virus using distribution of similarity among data. The method effectively distinguishes an abnormal e-mail and determines whether an e-mail is infected with a virus without a database for spam filtering or a database of virus information, and thus is capable of stopping the propagation of new viruses. Therefore, an e-mail server can have a security technique and handle abnormal e-mail in a step before operation of a spam filter server or an antivirus server. Consequently, it is possible to manage a mail server more securely.
摘要翻译：提供了区分异常电子邮件并确定电子邮件是否受到病毒影响的方法。该方法包括以下步骤：以可读格式对接收的电子邮件分组进行解码，然后根据报头信息分析和分类报头的报头; 确定每个标题信息的分类是正常的还是异常的，并且根据确定结果给予相应标题信息的特定值; 使用根据逻辑推理规则给予各个标题信息的特定值区分异常电子邮件; 并且当在被识别为异常的电子邮件的标题信息中存在可执行附件文件时，使用数据之间的相似度分布来确定异常电子邮件是否感染了病毒。该方法有效地区分异常电子邮件，并确定电子邮件是否感染了病毒，而没有用于垃圾邮件过滤的数据库或病毒信息数据库，因此能够阻止新病毒的传播。因此，在垃圾邮件过滤器服务器或防病毒服务器操作之前，电子邮件服务器可以具有安全技术并处理异常电子邮件。因此，可以更安全地管理邮件服务器。

4. 发明申请

US20090158434A1 Method of detecting virus infection of file 审中-公开
标题翻译：病毒感染文件检测方法
公开(公告)号：US20090158434A1
公开(公告)日：2009-06-18
申请号：US12077614
申请日：2008-03-20
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F17/00 , G06F15/18
CPC分类号： G06F21/563
摘要： Provided is a method of detecting virus infection of a file. The method includes the steps of a) copying an original file, and converting and simplifying data of the copied file; b) normalizing the simplified file data; c) acquiring distribution of similarity between data using the normalized file data; and d) analyzing the acquired distribution of similarity between data, and determining that the file is virus-infected when a preset dense distribution pattern exists. Thus, the method can effectively determine whether or not the file is infected with a virus without using a database (DB) of spam filtering or virus information.
摘要翻译：提供了检测文件的病毒感染的方法。该方法包括以下步骤：a）复制原始文件，并转换和简化复制文件的数据; b）归一化简化的文件数据; c）使用归一化文件数据获取数据之间的相似性分布; 以及d）分析所获得的数据之间的相似度分布，并且当存在预设的密集分布模式时确定文件被病毒感染。因此，该方法可以有效地确定文件是否被病毒感染，而不使用垃圾邮件过滤或病毒信息的数据库（DB）。

5. 发明授权

US09055099B2 Method of preventing TCP-based denial-of-service attacks on mobile devices 有权
标题翻译：防止移动设备上基于TCP的拒绝服务攻击的方法
公开(公告)号：US09055099B2
公开(公告)日：2015-06-09
申请号：US12672408
申请日：2007-09-14
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F11/00 , H04L29/06 , H04W12/12
CPC分类号： H04L63/1458 , H04L69/16 , H04W12/12 , Y02D70/00
摘要： Provided is a method of preventing a Transmission Control Protocol (TCP)-based Denial of Service (DoS) attack on a mobile device. The method efficiently prevents a DoS attack on a mobile device, which wirelessly and constantly transmits TCP packets to the mobile device using a TCP protocol and thereby exhausts resources of a wireless network and also battery power of the mobile device depending on a battery. An attack conventionally made in a wired network by abusing TCP-based three-way handshaking is more severe in the wireless network of mobile devices. To prevent such an attack on a mobile device, the method capable of checking three-way handshaking and each transition operation makes the mobile device check whether or not a received TCP packet is valid. Therefore, it is possible to efficiently prevent a DoS attack from exhausting wireless resources and battery power of the mobile device.
摘要翻译：提供了一种防止在移动设备上基于传输控制协议（TCP）的拒绝服务（DoS）攻击的方法。该方法有效地防止对移动设备的DoS攻击，该移动设备使用TCP协议无线地且不间断地向移动设备发送TCP分组，从而耗尽无线网络的资源以及依赖于电池的移动设备的电池电力。在有线网络中通过滥用基于TCP的三次握手的攻击在移动设备的无线网络中更为严重。为了防止对移动设备的这种攻击，能够检查三次握手和每个转换操作的方法使得移动设备检查接收到的TCP分组是否有效。因此，可以有效地防止DoS攻击耗尽移动设备的无线资源和电池电力。

6. 发明授权

US08990931B2 System-on-a-chip malicious code detection apparatus for a mobile device 有权
标题翻译：用于移动设备的系统级芯片恶意代码检测装置
公开(公告)号：US08990931B2
公开(公告)日：2015-03-24
申请号：US13263914
申请日：2010-03-26
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F21/56 , H04L29/06
CPC分类号： G06F21/567 , G06F21/564 , H04L63/02 , H04L63/14 , H04L63/145
摘要： System-on-chip (SoC)-based apparatus for detecting malicious code in portable terminal is provided. SoC-based apparatus includes SoC including central processing unit (CPU) configured to generally control respective units of SoC for SoC-based malicious code detection, SoC memory-based firewall configured to classify packets input from outside through network interface unit, perform filtering operation, such as allowing operation and dropping operation, on the classified packets according to a predetermined setting, and output the result of the filtering operation to an application memory or an anti-malware engine, the SoC memory-based anti-malware engine configured to detect malicious code by performing a pattern-matching operation between a code pattern in a file input from the firewall and a pattern of malicious code registered in a malware signature database (DB) of a mobile device application unit, and an SoC memory-based control module configured to control operation of the firewall and the anti-malware engine in connection with the CPU.
摘要翻译：提供了一种用于检测便携式终端中的恶意代码的基于片上系统（SoC）的装置。基于SoC的设备包括SoC，包括中央处理单元（CPU），其被配置为通常控制用于基于SoC的恶意代码检测的SoC的各个单元，基于SoC存储器的防火墙被配置为通过网络接口单元对从外部输入的分组进行分类，执行滤波操作，例如允许操作和丢弃操作，并且将过滤操作的结果输出到应用存储器或反恶意软件引擎，所述SoC基于存储器的反恶意软件引擎被配置为检测恶意代码，通过在从防火墙输入的文件中的代码模式和注册在移动设备应用单元的恶意软件签名数据库（DB）中的恶意代码的模式之间执行模式匹配操作，以及配置为基于SoC存储器的控制模块控制与CPU相关的防火墙和反恶意软件引擎的操作。

7. 发明授权

US08826414B2 System-on-chip malicious code detection apparatus and application-specific integrated circuit for a mobile device 有权
标题翻译：系统级的片上恶意代码检测装置和专用于移动设备的专用集成电路
公开(公告)号：US08826414B2
公开(公告)日：2014-09-02
申请号：US13263915
申请日：2010-03-26
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F15/16
CPC分类号： G06F21/564 , G06F21/55 , G06F21/554 , G06F21/566 , G06F21/567
摘要： System-on-chip (SoC) and application-specific integrated circuit (ASIC)-based apparatus for detecting malicious code in portable terminal is provided. Apparatus includes SoC including hardware-based firewall packet-filtering packet received from outside through media access control unit according to setting of firewall setting unit in SoC memory and storing filtered packet in application memory or transferring filtered packet to anti-malware engine, hardware-based anti-malware engine detecting malicious code by performing pattern-matching operation between code pattern in file transferred from firewall or file received through input/output (I/O) interface unit and pattern of malicious code registered in malware signature database (DB) of mobile device application unit, SoC memory providing setting of firewall and support file decoding function for file format recognition of anti-malware engine, and hardware-based controller controlling switching operation to transfer file filtered by firewall directly to application memory or to anti-malware engine and control malicious code detection cycle of anti-malware engine.
摘要翻译：提供了片上系统芯片（SoC）和专用集成电路（ASIC）设备，用于检测便携式终端中的恶意代码。装置包括SoC，包括根据SoC存储器中的防火墙设置单元的设置，通过媒体访问控制单元从外部接收到的基于硬件的防火墙包过滤包，并将过滤的包存储在应用存储器中或将过滤的包传送到反恶意软件引擎，基于硬件的反恶意软件引擎通过在从防火墙传输的文件中的代码模式或通过输入/输出（I / O）接口单元接收的文件之间执行模式匹配操作和在移动的恶意软件签名数据库（DB）中注册的恶意代码的模式进行模式匹配操作来检测恶意代码设备应用单元，提供防火墙设置的SoC内存和支持文件格式识别反恶意软件引擎的文件解码功能，以及基于硬件的控制器控制切换操作，将由防火墙直接过滤的文件直接传输到应用程序内存或反恶意软件引擎，控制反恶意软件引擎的恶意代码检测周期。

8. 发明申请

US20100077480A1 Method for Inferring Maliciousness of Email and Detecting a Virus Pattern 有权
标题翻译：推荐电子邮件恶意检测方法
公开(公告)号：US20100077480A1
公开(公告)日：2010-03-25
申请号：US11913280
申请日：2006-12-08
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： G06Q10/107
摘要： Provided is a method of distinguishing an abnormal e-mail and determining whether an e-mail is affected with a virus. The method includes the steps of: decoding a received e-mail packet in a readable format and then analyzing and classifying a header of the packet according to header information; determining whether each classified piece of header information is normal or abnormal, and giving a specific value to the corresponding header information according to the determination result; distinguishing an abnormal e-mail using the specific values given to the respective pieces of header information according to a logical inference rule; and when there is an executable attachment file among the header information of the e-mail distinguished as abnormal, determining whether the abnormal e-mail is infected with a virus using distribution of similarity among data. The method effectively distinguishes an abnormal e-mail and determines whether an e-mail is infected with a virus without a database for spam filtering or a database of virus information, and thus is capable of stopping the propagation of new viruses. Therefore, an e-mail server can have a security technique and handle abnormal e-mail in a step before operation of a spam filter server or an antivirus server. Consequently, it is possible to manage a mail server more securely.
摘要翻译：提供了区分异常电子邮件并确定电子邮件是否受到病毒影响的方法。该方法包括以下步骤：以可读格式对接收的电子邮件分组进行解码，然后根据报头信息分析和分类报头的报头; 确定每个标题信息的分类是正常的还是异常的，并且根据确定结果给予相应标题信息的特定值; 使用根据逻辑推理规则给予各个标题信息的特定值区分异常电子邮件; 并且当在被识别为异常的电子邮件的标题信息中存在可执行附件文件时，使用数据之间的相似度分布来确定异常电子邮件是否感染了病毒。该方法有效地区分异常电子邮件，并确定电子邮件是否感染了病毒，而没有用于垃圾邮件过滤的数据库或病毒信息数据库，因此能够阻止新病毒的传播。因此，在垃圾邮件过滤器服务器或防病毒服务器操作之前，电子邮件服务器可以具有安全技术并处理异常电子邮件。因此，可以更安全地管理邮件服务器。

9. 发明授权

US08789184B2 Mobile device having self-defense function against virus and network-based attacks and self-defense method using the same 有权
标题翻译：具有针对病毒和网络攻击的自卫功能的移动设备和使用其的自卫方法
公开(公告)号：US08789184B2
公开(公告)日：2014-07-22
申请号：US12077668
申请日：2008-03-20
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： H04L29/06
CPC分类号： H04L63/145 , G06F21/564 , H04L63/1416 , H04L63/1425
摘要： Provided are a mobile device having a self-defense function against virus and network-based attacks and a self-defense method using the same. The mobile device includes a virus checking module, which receives information on files required for virus checking on a basis of input/output (I/O) information created from a file system of an operating system, and determines whether or not the files are infected with a virus using distribution of similarity between data; a malicious packet determination module, which examines information on an Internet protocol (IP) packet created from a network to interrupt a denial-of-service attack (DoS attack); and a control module, which receives the I/O information created from the file system of the operating system, selects the files required for the virus checking, and transmits the selected files to the virus checking module, or receives information on the IP packet created from the network to transmit the received information to the malicious packet determination module, thereby preventing damage caused by the virus in advance, and effectively preventing a denial-of-service attack (DoS attack) caused by wireless network resource depletion and battery consumption that may occur in a wireless environment.
摘要翻译：提供了具有防病毒和基于网络的攻击的自卫功能的移动设备以及使用该攻击的自卫方法。该移动设备包括病毒检测模块，该模块基于从操作系统的文件系统创建的输入/输出（I / O）信息接收关于病毒检查所需文件的信息，并确定文件是否被感染病毒使用数据之间的相似性分布; 一种恶意分组确定模块，其检查从网络创建的因特网协议（IP）分组的信息，以中断拒绝服务攻击（DoS攻击）; 以及控制模块，其接收从操作系统的文件系统创建的I / O信息，选择病毒检查所需的文件，并将所选择的文件发送到病毒检查模块，或者接收关于所创建的IP分组的信息从网络发送接收到的信息到恶意分组确定模块，从而防止由病毒引起的损害，并且有效地防止由无线网络资源耗尽和电池消耗引起的拒绝服务攻击（DoS攻击）发生在无线环境中。

10. 发明申请

US20120042375A1 SYSTEM-ON-CHIP MALICIOUS CODE DETECTION APPARATUS AND APPLICATION-SPECIFIC INTEGRATED CIRCUIT FOR A MOBILE DEVICE 有权
标题翻译：系统级芯片恶意代码检测装置和移动设备的应用特定集成电路
公开(公告)号：US20120042375A1
公开(公告)日：2012-02-16
申请号：US13263915
申请日：2010-03-26
申请人： In Seon Yoo
发明人： In Seon Yoo
IPC分类号： G06F21/00 , G06F11/00
CPC分类号： G06F21/564 , G06F21/55 , G06F21/554 , G06F21/566 , G06F21/567
摘要： System-on-chip (SoC) and application-specific integrated circuit (ASIC)-based apparatus for detecting malicious code in portable terminal is provided. Apparatus includes SoC including hardware-based firewall packet-filtering packet received from outside through media access control unit according to setting of firewall setting unit in SoC memory and storing filtered packet in application memory or transferring filtered packet to anti-malware engine, hardware-based anti-malware engine detecting malicious code by performing pattern-matching operation between code pattern in file transferred from firewall or file received through input/output (I/O) interface unit and pattern of malicious code registered in malware signature database (DB) of mobile device application unit, SoC memory providing setting of firewall and support file decoding function for file format recognition of anti-malware engine, and hardware-based controller controlling switching operation to transfer file filtered by firewall directly to application memory or to anti-malware engine and control malicious code detection cycle of anti-malware engine.
摘要翻译：提供了片上系统芯片（SoC）和专用集成电路（ASIC）设备，用于检测便携式终端中的恶意代码。装置包括SoC，包括根据SoC存储器中的防火墙设置单元的设置，通过媒体访问控制单元从外部接收到的基于硬件的防火墙包过滤包，并将过滤的包存储在应用存储器中或将过滤的包传送到反恶意软件引擎，基于硬件的反恶意软件引擎通过在从防火墙传输的文件中的代码模式或通过输入/输出（I / O）接口单元接收的文件之间执行模式匹配操作和在移动的恶意软件签名数据库（DB）中注册的恶意代码的模式进行模式匹配操作来检测恶意代码设备应用单元，提供防火墙设置的SoC内存和支持文件格式识别反恶意软件引擎的文件解码功能，以及基于硬件的控制器控制切换操作，将由防火墙直接过滤的文件直接传输到应用程序内存或反恶意软件引擎，控制反恶意软件引擎的恶意代码检测周期。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式