KOREA INTERNET & SECURITY AGENCY Patent applications |
Patent application number | Title | Published |
20150304344 | SYSTEM AND METHOD FOR CONTROLLING VIRTUAL NETWORK INCLUDING SECURITY FUNCTION - Disclosed therein are system and method for controlling a virtual network with a security function which can manage security states of virtual machines in a cloud datacenter, analyze security states of malicious virtual machines, and isolate and treat the malicious virtual machines in order to cope with intrusion of a virtual network under a cloud computing environment. The virtual network controlling system and method reduce the number of packets to which the IPS carries out a signature matching inspection through a DPI test by diffusing blocking against the previously detected intruder by the network level, so as to enhance performance of the virtualized network IPS. | 10-22-2015 |
20150180893 | BEHAVIOR DETECTION SYSTEM FOR DETECTING ABNORMAL BEHAVIOR - Disclosed is a behavior detection system for detecting an abnormal behavior, can perform dynamic control based on situation information and a profile of each user to cope with an element threatening security of an internal infrastructure of an enterprise, such as information leakage, in BYOD and smart work environment. The system calculates probabilities of behaviors occurring for respective connection behavior elements, calculates standard deviations of the probabilities based on weighting factors and determines whether or not the calculated behavior occurrence probabilities and behavior standard deviation correspond to a normal behavior, existence of an abnormal connection behavior in a BYOD and smart work environment is detected and an abnormal user is detected by examining whether or not an average traffic volume, an average use time and traffic volume with respect to a use time exceeds respective standard values. | 06-25-2015 |
20140317737 | HYPERVISOR-BASED INTRUSION PREVENTION PLATFORM AND VIRTUAL NETWORK INTRUSION PREVENTION SYSTEM - Hypervisor-based intrusion prevention platform is provided. The hypervisor-based intrusion prevention platform comprises a virtual network intrusion prevention system (vIPS) framework which obtains internal information of a virtualization system from a hypervisor and performs security control on the hypervisor in response to the result of intrusion detection carried out by using the internal information of the virtualization system, a hypervisor security application programming interface (API) module which provides an API used by the vIPS framework to access the hypervisor, an administrator account management and authentication module which manages an administrator account of a vIPS and authenticates the administrator account, an environment setting management module which manages environment setting values of modules within the vIPS, and an external interface module which provides an interface for system control and security control. | 10-23-2014 |
20140215220 | APPLICATION DISTRIBUTION SYSTEM AND METHOD - The present invention relates to an application distribution system and method, and the application distribution system according to the present invention includes a developer terminal for requesting registration of an application; and an application trading server for registering and posting the application in an application store in response to the request of the developer terminal, in which if the application does not have an electronic signature, the application trading server performs security verification on the application based on preset application security verification criteria, generates an electronic signature for the application and transmits the electronic signature to the developer terminal, and if the application has an electronic signature, the application trading server performs security verification on the application by verifying the electronic signature. | 07-31-2014 |
20140143872 | METHOD OF DETERMINING WHETHER OR NOT WEBSITE IS MALICIOUS AT HIGH SPEED - Disclosed is a method of determining whether or not a website is malicious at a high speed, which determines unknown attacks, detection avoidance attacks and the like at a high speed when the website is inspected by visiting. The method of determining whether or not a website is malicious at a high speed includes the steps of: simultaneously visiting, if a list of inspection target websites is received, a plurality of inspection target websites using multiple browsers; and grasping whether or not malicious code infection is attempted through a correlation analysis of behavior information created when the plurality of inspection target websites is visited through the multiple browsers. | 05-22-2014 |
20140143871 | METHOD OF INSPECTING MASS WEBSITES BY VISITING - Disclosed is a method of inspecting mass websites by visiting, which inspects the mass websites by visiting at a high speed using multiple browsers and multiple frames. The method of inspecting mass websites includes the steps of: simultaneously visiting, if a list of inspection target websites is received, a plurality of inspection target websites using multiple browsers; inspecting whether or not a malicious code infection attack is generated at the plurality of inspection target websites visited through the multiple browsers; and tracing, if the malicious code infection attack is detected among the plurality of inspection target websites, a malicious website through revisit inspection using a tree search algorithm. | 05-22-2014 |
20140143866 | METHOD OF INSPECTING MASS WEBSITES AT HIGH SPEED - Disclosed is a method of inspecting mass websites at a high speed, which visits and inspects the mass websites at a high speed and, at the same time, correctly detects unknown attacks, detection avoidance attacks and the like and extracts URLs related to vulnerability attacks. The method of inspecting mass websites at a high speed includes the steps of: simultaneously visiting, if a list of inspection target websites is received, a plurality of inspection target websites using multiple browsers; inspecting whether or not malicious code infection is attempted at the plurality of inspection target websites visited through the multiple browsers; extracting a malicious website where the attempt of malicious code infection is generated among the plurality of inspection target websites; and visiting the malicious website and tracing a malicious URL distributing a malicious code. | 05-22-2014 |
20140137251 | SYSTEM FOR IDENTIFYING MALICIOUS CODE OF HIGH RISK - Disclosed is a system for identifying malicious codes of high risk. The system includes a statistical data creation module for creating statistical data by collecting and processing malicious codes by channel, ranking, period, type, re-infection and vaccine diagnosis; a trend data creation module for creating trend data by processing the collected malicious codes by channel, field and type; a malicious code filtering module for extracting the malicious code of high risk from the collected malicious codes based on priority information including a URL type, the number of distribution sites, the number of landing sites, a vaccine diagnosis rate and the number of reports; and a database for processing and storing the statistical data, the trend data and the malicious codes of high risk in a form of a graph, a pie chart and a table. | 05-15-2014 |
20140137250 | SYSTEM AND METHOD FOR DETECTING FINAL DISTRIBUTION SITE AND LANDING SITE OF MALICIOUS CODE - A system and method for detecting final distribution and landing sites of a malicious code. The method extracts and collecting new article URLs and advertisement banner URLs by inspecting a main page of a press company; filters malicious-suspected URLs suspicious of hiding the malicious code from the new article URLs and the advertisement banner URLs; collects files created when the malicious-suspected URLs are visited, through visit inspection; self-inspects the created files collected through the created file collection using a commercial vaccine; and traces, if the malicious code is detected in the created file, the final distribution and landing sites distributing the detected malicious code. | 05-15-2014 |
20140130167 | SYSTEM AND METHOD FOR PERIODICALLY INSPECTING MALICIOUS CODE DISTRIBUTION AND LANDING SITES - A system and method for periodically inspecting malicious code distribution and landing sites, which receives a malicious-suspected URL from a management server; collects a file which is created when the malicious-suspected URL is connected and self-inspecting existence of the malicious code in the collected file using a commercial vaccine; traces, if a malicious code is detected in the collected file, a final distribution site distributing the detected malicious code; confirms information on a landing site connected to the final distribution site and registering the final distribution site and the landing site in a landing/distribution site database; confirms whether or not the final distribution site and the landing site registered in the landing/distribution site database are connectible; and updates the landing/distribution site database according to whether or not the final distribution site and the landing site are connectible. | 05-08-2014 |
20140075538 | IP SPOOFING DETECTION APPARATUS - An IP spoofing detection apparatus is provided. The IP spoofing detection apparatus comprising, a tunnel information extracting unit which extracts a first TEID and a user equipment IP address from a payload of a first GTP packet, and an abnormal packet detecting unit which extracts a second TEID from a header of a second GTP packet, and extracts a source IP address from a payload of the second GTP packet, wherein the abnormal packet detecting unit detects the second GTP packet as an IP spoofing packet if the first TEID and the second TEID are equal to each other, and the user equipment IP address and the source IP address are different from each other. | 03-13-2014 |
20130174239 | REINFORCED AUTHENTICATION SYSTEM AND METHOD USING CONTEXT INFORMATION AT THE TIME OF ACCESS TO MOBILE CLOUD SERVICE - Provided are a reinforced authentication system and method using context information at the time of access to a mobile cloud service. The system comprises a mobile terminal transmitting a context information message, which comprises context information, and authentication information and a context information-based authentication server receiving the context information message and the authentication information, determining an authentication mechanism based on the context information message, and authenticating a user of the mobile terminal. | 07-04-2013 |
20130160127 | SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE OF PDF DOCUMENT TYPE - Disclosed herein is a PDF document type malicious code detection system for efficiently detecting a malicious code embedded in a document type and a method thereof. The present invention may perform a dynamic and static analysis on JavaScript within a PDF document, and execute the PDF document to perform a PDF dynamic analysis, thereby achieving an effect of efficiently extracting a malicious code embedded in the PDF document. | 06-20-2013 |
20130151526 | SNS TRAP COLLECTION SYSTEM AND URL COLLECTION METHOD BY THE SAME - A social networking service (SNS) trap collection system capable of accurately and effectively extracting and collecting information including a malicious code among information exchanged in an SNS, and a uniform resource location (URL) collection method by the same. URL information for a malicious code included in post (a bulletin script, a message, a note, or the like) exchanged is effectively collected by using an account IDD and a password of account information and utilized for detecting a malicious code in the SNS, thus significantly reducing damage to users due to infection of a malicious code. | 06-13-2013 |
20130148510 | SYSTEM AND METHOD FOR PREVENTING INTRUSION OF ABNORMAL GTP PACKET - Provided are a system and method for preventing the intrusion of an abnormal GPRS tunneling protocol (GTP) packet. The system includes: a system management unit including a monitoring unit which monitors a state of the system and a mode changing unit which changes an operation mode of the system based on the state of the system; a packet capture unit including a packet management unit which stores information about a GTP packet based on the operation mode of the system and a detection result checking unit which determines whether to drop the GTP packet; and a packet detection unit including a packet parsing unit which parses the information about the GTP packet and a packet analysis unit which analyzes the parsed information about the GTP packet, wherein the operation mode of the system is an intrusion prevention system (IPS) mode or a bypass mode. | 06-13-2013 |
20120311709 | AUTOMATIC MANAGEMENT SYSTEM FOR GROUP AND MUTANT INFORMATION OF MALICIOUS CODES - An automatic management system includes a malicious code group-mutant storage module that receives a malicious codes analysis result from a malicious code collection-analysis system and extracts group information and mutant information of the malicious codes based on the malicious code analysis result, a malicious code group-mutant DB that stores the extracted group information and mutant information, a malicious code group-mutant management module that provides interface to allow a user to detect the group information and mutant information stored in the malicious code group-mutant DB, and a visualizing module that outputs the detection result to the user, wherein the malicious code group-mutant management module that groups malicious codes having action associations using the group information and mutant information stored in the malicious code group-mutant DB, outputs the group information through the visualizing module and outputs the mutant information based on CFG similarity and string similarity through the visualizing module. | 12-06-2012 |
20120167220 | SEED INFORMATION COLLECTING DEVICE AND METHOD FOR DETECTING MALICIOUS CODE LANDING/HOPPING/DISTRIBUTION SITES - Provided is seed information collecting device for detecting malicious code landing/hopping/distribution sites. The device comprises: a seed information collecting module collecting social issue keywords from a seed information collecting channel and collecting address information of potential malicious code landing/hopping/distribution sites using the collected social issue keywords; a web source code collecting module collecting web source code of the potential malicious code landing/hopping/distribution sites using the address information of the potential malicious code landing/hopping/distribution sites collected by the seed information collecting module; and a policy management module managing collection policies of the seed information collecting module and the web source code collecting module. | 06-28-2012 |
20120159625 | MALICIOUS CODE DETECTION AND CLASSIFICATION SYSTEM USING STRING COMPARISON AND METHOD THEREOF - The present invention provides a malicious code detection and classification system using a string comparison technique, including a string extracting unit configured to extract all expressed strings existing in a binary file from the malicious code binary file; a string refining unit configured to refine elements obstructing malicious code detection and classification in the strings extracted from the string extracting unit; and a string comparison unit configured to determine how similar one binary is to another binary by comparing strings refined from the string refining unit. | 06-21-2012 |
20120159621 | DETECTION SYSTEM AND METHOD OF SUSPICIOUS MALICIOUS WEBSITE USING ANALYSIS OF JAVASCRIPT OBFUSCATION STRENGTH - The present invention provides a detection system of a suspicious malicious website using the analysis of a JavaScript obfuscation strength, which includes: an entropy measuring block of measuring an entropy of an obfuscated JavaScript present in the website, a special character entropy, and a variable/function name entropy; a frequency measuring block of measuring a specific function frequency, an encoding mark frequency and a % symbol frequency of the JavaScript; a density measuring block of measuring the maximum length of a single character string of the JavaScript; and a malicious website confirming block of determining whether the relevant website is malicious by comparing an obfuscation strength value, measured by the entropy measuring block, the frequency measuring block and the density measuring block, with a threshold value. | 06-21-2012 |
20110103583 | METHOD AND SYSTEM FOR PRESERVING SECURITY OF SENSOR DATA AND RECORDING MEDIUM USING THEREOF - A method and a system for preserving sensor data based on a time key, and a recording medium thereof are provided. The time key based sensor data security preserving method includes encrypting the sensor data with an encryption key obtained using a time key based polynomial derived using random numbers and a secret key which is shared by a sensor node and an application system; and decrypting the encrypted sensor data with a decryption key obtained by deriving the same polynomial as the time key based polynomial using the random numbers and the secret key. Thus, integrity and confidentiality of the sensor data can be preserved. | 05-05-2011 |