Patent application number | Description | Published |
20080313701 | SYSTEM AND METHOD FOR MANAGING NETWORK BY VALUE-BASED ESTIMATION - A system and method for managing a network by value-based estimation is provided. A network device requesting communication is defined as an active point and a network device receiving a request for communication is defined as a passive point. A value of a network device is determined according to the number of active points connected to the corresponding network device, and a value of a network device that is in a path of communication between network devices is determined based on a value of a network device passing through the corresponding network device. When a policy for changing a network environment is transferred in a state where the values of the network devices have been estimated, a policy conflict test is performed on the basis of the estimated values of the network devices, thereby determining application of the policy in due consideration of the values and significance of the network devices. | 12-18-2008 |
20090094585 | METHOD AND APPARATUS FOR ANALYZING EXPLOIT CODE IN NONEXECUTABLE FILE USING VIRTUAL ENVIRONMENT - Provided is a method and apparatus for analyzing an exploit code included in a nonexecutable file using a target program with vulnerability in a virtual environment. The method includes the steps of: loading a nonexecutable file including the exploit code by a target program, the target program being executed in a virtual environment and includes vulnerability; analyzing a register value of the target program and determining if the register value of the target program indicates a normal code region; storing log information on operation of the target program when the register value indicates a region other than the normal code region; and extracting and analyzing the exploit code included in the nonexecutable file based on the stored log information. In this method, the exploit code is analyzed in the virtual environment, thereby preventing damage caused by execution of the exploit code. | 04-09-2009 |
20090259673 | METHOD AND APPARATUS FOR EXTRACTING TEXT FROM INTERNET MAIL ATTACHMENT FILE - Provided are a method and apparatus for extracting text from an Internet mail attachment file. The apparatus includes a mail display unit for displaying Internet mail and an attachment file received from outside, an attachment file storage for storing the attachment file, a text extraction engine for extracting a text code included in the attachment file, and an attachment file text extractor for extracting text included in the attachment file using the text extraction engine. | 10-15-2009 |
20090299935 | METHOD AND APPARATUS FOR DIGITAL FORENSICS - A method and apparatus for digital forensics are provided. The apparatus for digital forensics includes a page file extractor for extracting a page file stored in a target storage medium, a stored-page feature extractor for extracting features of pages stored in the extracted page file, a page classifier for comparing the extracted features of the pages with at least one predetermined classification criterion and classifying the pages according to the comparison results, and a digital forensics unit for performing digital forensics according to the classified pages. According to the method and apparatus, it is possible to perform digital forensics using only information of a page file. | 12-03-2009 |
20100024033 | APPARATUS AND METHOD FOR DETECTING OBFUSCATED MALICIOUS WEB PAGE - An apparatus and method for detecting an obfuscated malicious web page are provided to find a malicious web page by deobfuscating an obfuscated malicious code. The apparatus includes an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page, a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code, a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code, and a malicious code detector that detects a malicious code using the deobfuscated code. | 01-28-2010 |
20110239294 | SYSTEM AND METHOD FOR DETECTING MALICIOUS SCRIPT - Provided are a system and method for detecting a malicious script. The system includes a script decomposition module for decomposing a web page into scripts, a static analysis module for statically analyzing the decomposed scripts in the form of a document file, a dynamic analysis module for dynamically executing and analyzing the decomposed scripts, and a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts. The system and method can recognize a hidden dangerous hypertext markup language (HTML) tag irrespective of an obfuscation technique for hiding a malicious script in a web page and thus can cope with an unknown obfuscation technique. | 09-29-2011 |
20130160122 | TWO-STAGE INTRUSION DETECTION SYSTEM FOR HIGH-SPEED PACKET PROCESSING USING NETWORK PROCESSOR AND METHOD THEREOF - A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment. | 06-20-2013 |
20140109105 | INTRUSION DETECTION APPARATUS AND METHOD USING LOAD BALANCER RESPONSIVE TO TRAFFIC CONDITIONS BETWEEN CENTRAL PROCESSING UNIT AND GRAPHICS PROCESSING UNIT - An intrusion detection apparatus and method using a load balancer responsive to traffic conditions between a central processing unit (CPU) and a graphics processing unit (GPU) are provided. The intrusion detection apparatus includes a packet acquisition unit, a character string check task allocation unit, a CPU character string check unit, and a GPU character string check unit. The packet acquisition unit receives packets, and stores the packets in a single task queue. The character string check task allocation unit determines the number of packets in the packet acquisition unit, and allocates character string check tasks to the CPU or the GPU. The CPU character string check unit compares the character strings of the packets with a character string defined in at least one detection rule inside the CPU. The GPU character string check unit compares the character strings of the packets with the character string inside the GPU. | 04-17-2014 |
20140123288 | NETWORK INTRUSION DETECTION APPARATUS AND METHOD USING PERL COMPATIBLE REGULAR EXPRESSIONS-BASED PATTERN MATCHING TECHNIQUE - A network intrusion detection apparatus and method that perform Perl Compatible Regular Expressions (PCRE)-based pattern matching on the payloads of packets using a network processor equipped with a Deterministic Finite Automata (DFA) engine. The network intrusion detection apparatus includes a network processor core for receiving packets from a network, and transmitting payloads of the received packets to a Deterministic Finite Automata (DFA) engine. A detection rule converter converts a PCRE-based detection rule, preset to detect an attack packet, into a detection rule including a pattern to which only PCRE grammar corresponding to the DFA engine is applied. The DFA engine performs PCRE pattern matching on the payloads of the packets based on the detection rule converted by the detection rule converter. | 05-01-2014 |
20150089655 | SYSTEM AND METHOD FOR DETECTING MALWARE BASED ON VIRTUAL HOST - A system and method for detecting malware based on a virtual host are provided. The system for detecting malware based on a virtual host includes a terminal network behavior analysis server and a virtual host. The terminal network behavior analysis server extracts network behavior information by monitoring the network behavior of an actual host, and outputs the extracted the network behavior information. The virtual host detects malware corresponding to abnormal behavior in the actual host, by receiving the network behavior information and then performing corresponding behavior. | 03-26-2015 |