Patent application number | Description | Published |
20100002880 | SYSTEM AND METHOD FOR LAWFUL INTERCEPTION USING TRUSTED THIRD PARTIES IN SECURE VoIP COMMUNICATIONS - Disclosed is a system for lawful interception using a trusted third party in secure VoIP communication. A VoIP transmit terminal generates a secure packet using a master key received from a trusted third party and then communicates with a VoIP receive terminal. A collection device having received a lawful interception instruction from a key recovering system collects and transmits the secure packet to the key recovering system. The key recovering system decrypts the secure packet using the master key received from the trusted third party and provides the decrypted secure packet to a lawful interception requester or provides the master key received from the trusted third party and the secure packet to the lawful interception requester. It is possible to provide the perfect lawful interception in the secure VoIP communication environment, and to guarantee a perfect forward secrecy since the master key is changed for each call. | 01-07-2010 |
20100162350 | SECURITY SYSTEM OF MANAGING IRC AND HTTP BOTNETS, AND METHOD THEREFOR - The present invention relates to a security system of managing IRC and HTTP botnets and a method therefor. More specifically, the present invention relates to a system and a method that detects a botnet in an Internet service provider network to store information related to the detected botnet in a database and performs security management of IRC and HTTP botnets, including a botnet management security management (BMSM) system, configured to visualize the information related to the detected botnet and establish an against policy related to the detected botnet. Accordingly, the present invention provides a security system of managing IRC and HTTP botnets that can efficiently performs the security management of IRC and HTTP botnets by using the BMSM system | 06-24-2010 |
20100169973 | System and Method For Detecting Unknown Malicious Code By Analyzing Kernel Based System Actions - There is provided a system and method for detecting unknown malicious code by analyzing kernel based system actions. More particularly, the system and method provides an advantage of actively countering unknown malicious code or viruses by monitoring kernel based system events in real time, organizing action data based on the collected event data, determining whether the action data corresponds to predetermined malicious actions, backtracking a subject of a malicious action when the action data is determined to correspond to the malicious action, and processing the malicious action. | 07-01-2010 |
20100290462 | METHOD OF MANAGING GROUP OF DYNAMIC MULTICAST EFFICIENTLY - The present invention relates to a method of efficiently managing dynamic multicast groups. In the method of efficiently managing dynamic multicast groups a hierarchical structure is used as a network structure for a multicast service. Accordingly, there are advantages in that groups can be merged or divided efficiently and overload depending on group management can be reduced. | 11-18-2010 |
20110004769 | PASSWORD INPUT SYSTEM USING AN ALPHANUMERIC MATRIX AND PASSWORD INPUT METHOD USING THE SAME - The present invention relates to a password input algorithm, more particularly to a password input system and method using an alphanumeric matrix. An aspect of the invention can provide a password input system and method that can defend against keylogging attacks and shoulder surfing attacks, by having the final password inputted by way of certain alphanumeric matrix letters which are separated by a particular distance from the letters forming the password in the alphanumeric matrix. Also, an aspect of the invention can provide a password input system and method that can further increase the probability of defending against keylogging attacks and shoulder surfing attacks, by having the final password inputted by way of certain alphanumeric matrix letters which are separated by a particular distance from the letters forming the password in the alphanumeric matrix, but with the alphanumeric matrix rotated every time a letter is inputted. | 01-06-2011 |
20110004928 | PASSWORD INPUT SYSTEM USING ALPHANUMERIC MATRICES AND PASSWORD INPUT METHOD USING THE SAME - The present invention relates to a password input algorithm, more particularly to a password input system and method using alphanumeric matrices. An aspect of the invention can provide a password input system and method using alphanumeric matrices that can defend against keylogging attacks and shoulder surfing attacks by including a movable second alphanumeric matrix and a fixed first alphanumeric matrix and enabling a user to input a password by moving the password letters of the second alphanumeric matrix to the user-defined value of the first alphanumeric matrix. Another aspect of the invention can provide a password input system and method using alphanumeric matrices that can defend against shoulder surfing attacks by enabling a user to input a password by dividing the password by every two digits and moving the cross-points for the two digits, respectively, to the user-defined value of the first alphanumeric matrix. | 01-06-2011 |
20110058481 | DEVICE AND METHOD FOR GENERATING STATISTICAL INFORMATION FOR VOIP TRAFFIC ANALYSIS AND ABNORMAL VOIP DETECTION - A statistical information generator for VoIP traffic analysis is provided, which comprises a packet collection module collecting packets from a network; and a statistical information generation module analyzing information of a call setup packet or a media packet among the packets collected by the packet collection module, and generating statistical information of the network; wherein if the packet collected by the packet collection module is the call setup packet, the statistical information generation module generates the statistical information of the network using at least one of transmitter identification information, receiver identification information, and call identification information among information of the call setup packet as a key value, while if the packet collected by the packet collection module is the media packet, the statistical information generation module generates the statistical information of the network using media session identification information among information of the media packet as a key value. | 03-10-2011 |
20110103583 | METHOD AND SYSTEM FOR PRESERVING SECURITY OF SENSOR DATA AND RECORDING MEDIUM USING THEREOF - A method and a system for preserving sensor data based on a time key, and a recording medium thereof are provided. The time key based sensor data security preserving method includes encrypting the sensor data with an encryption key obtained using a time key based polynomial derived using random numbers and a secret key which is shared by a sensor node and an application system; and decrypting the encrypted sensor data with a decryption key obtained by deriving the same polynomial as the time key based polynomial using the random numbers and the secret key. Thus, integrity and confidentiality of the sensor data can be preserved. | 05-05-2011 |
20110138462 | SYSTEM AND METHOD FOR DETECTING VOIP TOLL FRAUD ATTACK FOR INTERNET TELEPHONE - Provided is a system for detecting a voice over Internet protocol (VoIP) toll fraud attack. The system includes: a database (DB) storing registration information of normal users; a packet reception module receiving a call set-up packet from a network; and a VoIP signaling message forgery/falsification detection module receiving the call set-up packet from the packet reception module and comparing sender address information or header information of the call set-up packet with the registration information stored in the DB to detect whether the call set-up packet is a packet received from one of the normal users. | 06-09-2011 |
20110153811 | SYSTEM AND METHOD FOR MODELING ACTIVITY PATTERNS OF NETWORK TRAFFIC TO DETECT BOTNETS - The invention relates to a system and method that can detect botnets by classifying the communication activities for each client according to destination or based on similarity between the groups of collected traffic. According to certain aspects of the invention, the communication activities for each client can be classified to model network activity by differentiating the protocols of the collected network traffic based on destination and patterning the subgroups for the respective protocols. Those servers that are estimated to be C&C servers can be classified into download and upload, spam servers and command control servers, within a botnet group detected by modeling network activity, i.e. analyzing network-based activity patterns. Also, botnet groups can be detected by way of a group information management function, for generating an activity pattern-based group matrix based on group data, and a mutual similarity analysis, performed on groups suspected to be botnets from the group information. | 06-23-2011 |
20110154489 | SYSTEM FOR ANALYZING MALICIOUS BOTNET ACTIVITY IN REAL TIME - A system for analyzing malicious botnet activity in real time is disclosed. This system may include: a control server configured to generate botnet activity information relating to a type of malicious botnet activity, and transmit the botnet activity information to the outside, after receiving bot occurrence information from the outside; | 06-23-2011 |
20110154492 | MALICIOUS TRAFFIC ISOLATION SYSTEM AND METHOD USING BOTNET INFORMATION - The present invention relates to a malicious traffic isolation system and method using botnet information, and more particularly, to a malicious traffic isolation system and method using botnet information, in which traffics for a set of clients having the same destination are routed to the isolation system based on a destination IP/Port, and botnet traffics are isolated using botnet information based on similarity among groups of the routed and flowed in traffics. The present invention may provide a malicious traffic isolation method using botnet information, which can accommodate traffics received from a PC or a C&C server infected with a bot into a quarantine area, isolate traffics generated by normal users from traffics transmitted from malicious bots, and block the malicious traffics. In addition, the present invention may provide a malicious traffic isolation method using botnet information, which can provide a function of mitigating DDoS attacks of a botnet. | 06-23-2011 |
20120036579 | SYSTEM AND METHOD FOR DETECTING ABNORMAL SIP TRAFFIC ON VOIP NETWORK - Provided is a system for detecting abnormal traffic on a network. The system includes: a receiving module which receives session initiation protocol (SIP) traffic information from a network; a decoding module which receives the SIP traffic information from the receiving module and decodes the received SIP traffic information; a traffic information database (DB) which receives the decoded SIP traffic information from the decoding module and stores the received SIP traffic information; an analysis traffic information DB which collects information from the traffic information DB for a predetermined period and stores the collected information as analysis traffic information; a reference traffic information DB which stores reference traffic information; and an attack detection module which compares the analysis traffic information with the reference traffic information and detects whether analysis traffic is attack traffic. | 02-09-2012 |
20120060218 | SYSTEM AND METHOD FOR BLOCKING SIP-BASED ABNORMAL TRAFFIC - Provided is a system for blocking session initiation protocol (SIP)-based abnormal traffic. The system includes: a policy database (DB) in which allowed traffic is stored according to transmission priority; an abnormal traffic response module which receives traffic from a first network and transmits only portions of the received traffic, which match the allowed traffic stored in the policy DB, to a second network in order of transmission priority; and an abnormal traffic detection module which analyzes the traffic received from the first network and provides an activation signal to the abnormal traffic response module when detecting that the received traffic is abnormal traffic, wherein the abnormal traffic response module transmits the portions of the received traffic, which match the allowed traffic stored in the policy DB, to the second network such that the sum of the portions transmitted to the second network does not exceed a maximum allowed traffic limit. | 03-08-2012 |
20120079594 | MALWARE AUTO-ANALYSIS SYSTEM AND METHOD USING KERNEL CALLBACK MECHANISM - In a malware auto-analysis method using a kernel callback mechanism, a function, present in a kernel driver within a PsSetCreateProcessNotifyRoutine function, is registered by a process monitor driver as a callback function when a computer boot. A function present in a registry monitor driver is registered by the registry monitor driver as a callback function in a CmRegisterCallback function when the driver is loaded. A kernel driver is registered by a file monitor driver as a mini-filter driver in a Filter Manager present in a Windows system. At least one of a process event, a registry event, or an Input/Output (I/O) event is received by a behavior event collector from the process monitor driver, the registry monitor driver, or the file monitor driver, respectively. | 03-29-2012 |
20120159621 | DETECTION SYSTEM AND METHOD OF SUSPICIOUS MALICIOUS WEBSITE USING ANALYSIS OF JAVASCRIPT OBFUSCATION STRENGTH - The present invention provides a detection system of a suspicious malicious website using the analysis of a JavaScript obfuscation strength, which includes: an entropy measuring block of measuring an entropy of an obfuscated JavaScript present in the website, a special character entropy, and a variable/function name entropy; a frequency measuring block of measuring a specific function frequency, an encoding mark frequency and a % symbol frequency of the JavaScript; a density measuring block of measuring the maximum length of a single character string of the JavaScript; and a malicious website confirming block of determining whether the relevant website is malicious by comparing an obfuscation strength value, measured by the entropy measuring block, the frequency measuring block and the density measuring block, with a threshold value. | 06-21-2012 |
20120159625 | MALICIOUS CODE DETECTION AND CLASSIFICATION SYSTEM USING STRING COMPARISON AND METHOD THEREOF - The present invention provides a malicious code detection and classification system using a string comparison technique, including a string extracting unit configured to extract all expressed strings existing in a binary file from the malicious code binary file; a string refining unit configured to refine elements obstructing malicious code detection and classification in the strings extracted from the string extracting unit; and a string comparison unit configured to determine how similar one binary is to another binary by comparing strings refined from the string refining unit. | 06-21-2012 |
20120167220 | SEED INFORMATION COLLECTING DEVICE AND METHOD FOR DETECTING MALICIOUS CODE LANDING/HOPPING/DISTRIBUTION SITES - Provided is seed information collecting device for detecting malicious code landing/hopping/distribution sites. The device comprises: a seed information collecting module collecting social issue keywords from a seed information collecting channel and collecting address information of potential malicious code landing/hopping/distribution sites using the collected social issue keywords; a web source code collecting module collecting web source code of the potential malicious code landing/hopping/distribution sites using the address information of the potential malicious code landing/hopping/distribution sites collected by the seed information collecting module; and a policy management module managing collection policies of the seed information collecting module and the web source code collecting module. | 06-28-2012 |
20120311709 | AUTOMATIC MANAGEMENT SYSTEM FOR GROUP AND MUTANT INFORMATION OF MALICIOUS CODES - An automatic management system includes a malicious code group-mutant storage module that receives a malicious codes analysis result from a malicious code collection-analysis system and extracts group information and mutant information of the malicious codes based on the malicious code analysis result, a malicious code group-mutant DB that stores the extracted group information and mutant information, a malicious code group-mutant management module that provides interface to allow a user to detect the group information and mutant information stored in the malicious code group-mutant DB, and a visualizing module that outputs the detection result to the user, wherein the malicious code group-mutant management module that groups malicious codes having action associations using the group information and mutant information stored in the malicious code group-mutant DB, outputs the group information through the visualizing module and outputs the mutant information based on CFG similarity and string similarity through the visualizing module. | 12-06-2012 |
20130151526 | SNS TRAP COLLECTION SYSTEM AND URL COLLECTION METHOD BY THE SAME - A social networking service (SNS) trap collection system capable of accurately and effectively extracting and collecting information including a malicious code among information exchanged in an SNS, and a uniform resource location (URL) collection method by the same. URL information for a malicious code included in post (a bulletin script, a message, a note, or the like) exchanged is effectively collected by using an account IDD and a password of account information and utilized for detecting a malicious code in the SNS, thus significantly reducing damage to users due to infection of a malicious code. | 06-13-2013 |
20130160127 | SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE OF PDF DOCUMENT TYPE - Disclosed herein is a PDF document type malicious code detection system for efficiently detecting a malicious code embedded in a document type and a method thereof. The present invention may perform a dynamic and static analysis on JavaScript within a PDF document, and execute the PDF document to perform a PDF dynamic analysis, thereby achieving an effect of efficiently extracting a malicious code embedded in the PDF document. | 06-20-2013 |
20130174239 | REINFORCED AUTHENTICATION SYSTEM AND METHOD USING CONTEXT INFORMATION AT THE TIME OF ACCESS TO MOBILE CLOUD SERVICE - Provided are a reinforced authentication system and method using context information at the time of access to a mobile cloud service. The system comprises a mobile terminal transmitting a context information message, which comprises context information, and authentication information and a context information-based authentication server receiving the context information message and the authentication information, determining an authentication mechanism based on the context information message, and authenticating a user of the mobile terminal. | 07-04-2013 |
20130179421 | System and Method for Collecting URL Information Using Retrieval Service of Social Network Service - A system and method for collecting a URL using a retrieval service of an SNS capable of accurately and effectively extracting and collecting information including a malicious code among information exchanged in an SNS are provided. URL information included in post (a bulletin script, a message, a note, or the like) exchanged in an SNS based on real-time search word information is extracted and collected to be utilized for collecting a malicious code in the SNS, whereby generation of a malicious code in the SNS can be prevented in advance, and thus, damage to users due to infection of a malicious code can be significantly reduced. In addition, the URL information can be effectively collected through crawling. | 07-11-2013 |
20130185793 | Apparatus and Method for Tracking Network Path - An apparatus and method for effectively tracking a network path by using packet information generated when visiting a Web page are provided. | 07-18-2013 |
20140130167 | SYSTEM AND METHOD FOR PERIODICALLY INSPECTING MALICIOUS CODE DISTRIBUTION AND LANDING SITES - A system and method for periodically inspecting malicious code distribution and landing sites, which receives a malicious-suspected URL from a management server; collects a file which is created when the malicious-suspected URL is connected and self-inspecting existence of the malicious code in the collected file using a commercial vaccine; traces, if a malicious code is detected in the collected file, a final distribution site distributing the detected malicious code; confirms information on a landing site connected to the final distribution site and registering the final distribution site and the landing site in a landing/distribution site database; confirms whether or not the final distribution site and the landing site registered in the landing/distribution site database are connectible; and updates the landing/distribution site database according to whether or not the final distribution site and the landing site are connectible. | 05-08-2014 |
20140137250 | SYSTEM AND METHOD FOR DETECTING FINAL DISTRIBUTION SITE AND LANDING SITE OF MALICIOUS CODE - A system and method for detecting final distribution and landing sites of a malicious code. The method extracts and collecting new article URLs and advertisement banner URLs by inspecting a main page of a press company; filters malicious-suspected URLs suspicious of hiding the malicious code from the new article URLs and the advertisement banner URLs; collects files created when the malicious-suspected URLs are visited, through visit inspection; self-inspects the created files collected through the created file collection using a commercial vaccine; and traces, if the malicious code is detected in the created file, the final distribution and landing sites distributing the detected malicious code. | 05-15-2014 |
20140137251 | SYSTEM FOR IDENTIFYING MALICIOUS CODE OF HIGH RISK - Disclosed is a system for identifying malicious codes of high risk. The system includes a statistical data creation module for creating statistical data by collecting and processing malicious codes by channel, ranking, period, type, re-infection and vaccine diagnosis; a trend data creation module for creating trend data by processing the collected malicious codes by channel, field and type; a malicious code filtering module for extracting the malicious code of high risk from the collected malicious codes based on priority information including a URL type, the number of distribution sites, the number of landing sites, a vaccine diagnosis rate and the number of reports; and a database for processing and storing the statistical data, the trend data and the malicious codes of high risk in a form of a graph, a pie chart and a table. | 05-15-2014 |
20140143866 | METHOD OF INSPECTING MASS WEBSITES AT HIGH SPEED - Disclosed is a method of inspecting mass websites at a high speed, which visits and inspects the mass websites at a high speed and, at the same time, correctly detects unknown attacks, detection avoidance attacks and the like and extracts URLs related to vulnerability attacks. The method of inspecting mass websites at a high speed includes the steps of: simultaneously visiting, if a list of inspection target websites is received, a plurality of inspection target websites using multiple browsers; inspecting whether or not malicious code infection is attempted at the plurality of inspection target websites visited through the multiple browsers; extracting a malicious website where the attempt of malicious code infection is generated among the plurality of inspection target websites; and visiting the malicious website and tracing a malicious URL distributing a malicious code. | 05-22-2014 |
20140143871 | METHOD OF INSPECTING MASS WEBSITES BY VISITING - Disclosed is a method of inspecting mass websites by visiting, which inspects the mass websites by visiting at a high speed using multiple browsers and multiple frames. The method of inspecting mass websites includes the steps of: simultaneously visiting, if a list of inspection target websites is received, a plurality of inspection target websites using multiple browsers; inspecting whether or not a malicious code infection attack is generated at the plurality of inspection target websites visited through the multiple browsers; and tracing, if the malicious code infection attack is detected among the plurality of inspection target websites, a malicious website through revisit inspection using a tree search algorithm. | 05-22-2014 |
20140143872 | METHOD OF DETERMINING WHETHER OR NOT WEBSITE IS MALICIOUS AT HIGH SPEED - Disclosed is a method of determining whether or not a website is malicious at a high speed, which determines unknown attacks, detection avoidance attacks and the like at a high speed when the website is inspected by visiting. The method of determining whether or not a website is malicious at a high speed includes the steps of: simultaneously visiting, if a list of inspection target websites is received, a plurality of inspection target websites using multiple browsers; and grasping whether or not malicious code infection is attempted through a correlation analysis of behavior information created when the plurality of inspection target websites is visited through the multiple browsers. | 05-22-2014 |
20140175401 | RED PHOSPHORESCENT COMPOUND AND ORGANIC LIGHT EMITTING DIODE DEVICE USING THE SAME - A red phosphorescent compound has the following formula: | 06-26-2014 |
20140175402 | RED PHOSPHORESCENT COMPOUND AND ORGANIC LIGHT EMITTING DIODE DEVICE USING THE SAME - The present invention provides a phosphorescent compound of one of following formulas: | 06-26-2014 |