Patent application number | Description | Published |
20100030891 | WEB-BASED TRACEBACK SYSTEM AND METHOD USING REVERSE CACHING PROXY - Provided are a web-based traceback system and method using reverse caching proxy, which can effectively protect a web server against various attacks launched by illegitimate user by acquiring network information and location information of users who attempt to access the web server through an anonymous server, without a requirement of installing any agent program in the users' clients. The web-based traceback system may include a reverse caching proxy server receiving a hypertext transfer protocol (HTTP) packet transmitted to a web server by a client, analyzing the header of the HTTP packet and determining whether the client has attempted to access the web server through an anonymous server based on the results of the analysis; and a web tracking server generating a response page for the HTTP packet upon receiving the results of the determination performed by the reverse caching proxy server, inserting a tracking code in the response page, and providing the response page to the client through the reverse caching proxy server, wherein the tracking code is automatically executed in a web browser of the client and thus provides network information of the client to the web tracking server. | 02-04-2010 |
20100030892 | GIS BASED NETWORK INFORMATION MONITORING-SYSTEM - Disclosed is a GIS based network information monitoring system that intuitively combines GIS based geographic information with traffic information and a security event, expresses the combined geographic information on a display, and does not need position calibration of network information when the traffic information and the security event are expressed. The GIS based network information monitoring system includes: a geographic information processing module receiving network information from an external network device, containing GIS based geographic information, and creating geographic information corresponding to location information in response to the location information; and a network information processing module mapping the network information to geographic information corresponding to the location information to express the mapped network information, connecting an attack site of a packet causing a security problem, an intermediate site, and a target site using lines, and intuitively expressing the network information by varying the widths and colors of the lines according to the attack type and danger level of the packet. | 02-04-2010 |
20100036781 | APPARATUS AND METHOD PROVIDING RETRIEVAL OF ILLEGAL MOTION PICTURE DATA - Provided are an apparatus and method for detecting illegal motion picture data. The apparatus includes a key frame extractor for extracting a plurality of key frames from motion picture data, a characteristic value file generator for detecting characteristic values of the extracted key frames and generating a characteristic value file, and an illegality determiner for measuring degree of similarity between a previously stored learning model file and the characteristic value file and determining whether or not the motion picture data is legal according to the degree of similarity. | 02-11-2010 |
20100067391 | APPARATUS AND METHOD FOR VISUALIZING NETWORK SITUATION USING SECURITY CUBE - An apparatus and method for visualizing a network condition related to a network security are provided. The apparatus includes a traffic feature extracting unit, a network condition displaying unit, and a traffic abnormal condition determining unit. The traffic feature extracting unit extracts information including source address, source port, destination address, and destination port from network traffics, selects two of the extracted information, and calculates unique dispersion degrees of two unselected information. The network condition displaying unit displays a two-dimensional cube expressed using the calculated unique dispersion degrees for the classified traffics. The traffic abnormal condition determining unit determines whether the traffics are in an abnormal condition or not based on the two-dimensional security cube. | 03-18-2010 |
20100100619 | METHOD AND APPARATUS FOR VISUALIZING NETWORK SECURITY STATE - There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed. | 04-22-2010 |
20100150008 | APPARATUS AND METHOD FOR DISPLAYING STATE OF NETWORK - There are provided a network state display apparatus and method capable of easily determining a present network security state in real time by analyzing an abnormality and harmful traffic deteriorating performance of a network in software by using a result of combining essential characteristics of traffic, a distinct dispersion, and an entropy and displaying the network state to be intuitionally recognized, the method including selecting and combining three of a source address, a source port, a destination address, and a destination port of collected traffic and calculating a distinct dispersion and an entropy of a residual one therefrom; displaying the calculated distinct dispersion and entropy on a security radar where the distinct dispersion and the entropy are assigned to an angle and a radius; determining whether a network state is abnormal, based on a result displayed on the security radar; and detecting reporting detailed information on abnormal traffic causing the abnormal network state. | 06-17-2010 |
20100162392 | APPARATUS AND METHOD FOR MONITORING SECURITY STATUS OF WIRELESS NETWORK - An apparatus for monitoring the security status of a wireless network is provided. The apparatus includes a radio frequency (RF) signal collection unit which collects at least one piece of RF signal information; a security event information collection unit which collects security event information including at least one of traffic information and alert information; a security event information mapping unit which maps the RF signal information and the security event information based on the correlation between the RF signal information and the security event information; and a security event information display unit which displays the result of the mapping performed by the security event information mapping unit. Therefore, it is possible to allow a network administrator to intuitively recognize the security status of a wireless network by collecting RF signal information and security event information from the wireless network, mapping the RF signal information and the security event information based on the correlation therebetween and displaying the result of the mapping. | 06-24-2010 |
20100169479 | Apparatus and method for extracting user information using client-based script - Provided are an apparatus and method for extracting user information using a client-based script in which user information including the internet protocol (IP) addresses of an attacking host and an anonymous proxy server used by the attacking host can be collected using a client-based script that can be automatically executed in the web browser of the attacking host. According to the apparatus and the method, it is possible to detect the location of an attacking host without alerting the attacking host by using a script that can be automatically executed in a web browser of the attacking host without any program installation. In addition, according to the apparatus and the method, it is possible to collect the IP addresses of an attacking host and an anonymous proxy server, if any, used by the attacking host by directly connecting the attacking host and a monitoring server. | 07-01-2010 |
20100212013 | LOG-BASED TRACEBACK SYSTEM AND METHOD USING CENTROID DECOMPOSITION TECHNIQUE - There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack. | 08-19-2010 |
20110016208 | APPARATUS AND METHOD FOR SAMPLING SECURITY EVENT BASED ON CONTENTS OF THE SECURITY EVENT - There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof. | 01-20-2011 |
20110016525 | APPARATUS AND METHOD FOR DETECTING NETWORK ATTACK BASED ON VISUAL DATA ANALYSIS - An apparatus for detecting a network attack includes a traffic image generator for generating a traffic image using traffic information and additional IP information extracted from the traffic information; a network attack detector for comparing similarities between the traffic image and a previously generated traffic image based on a predetermined similarity threshold to detect the presence of the network attack; and a network attack analyzer for analyzing the traffic image at a time when the network attack is detected to detect network attack information and pattern information of the network attack. A representation unit for visualizing the network attack information and the pattern information of the network attack. | 01-20-2011 |
20110047623 | APPARATUS AND METHOD FOR TRACING WEB USER USING SIGNED CODE - Provided are an apparatus and method for tracing web user using signed code. The apparatus for tracing web user includes at least one access terminal, a web server, and a monitoring server. The at least one access terminal requests a web page. The web server provides the web page including a signed code to the each access terminal according to the request. The monitoring server receives and analyzes access information which is extracted from the each access terminal according to execution of the signed code. | 02-24-2011 |
20110122132 | APPARATUS AND METHOD OF MANAGING OBJECTS AND EVENTS WITH VECTOR-BASED GEOGRAPHIC INFORMATION SYSTEM - Provided are an apparatus and method of managing objects and events for easily enabling intuitive management and the recognition of cases in linkage with geographic information. The apparatus links objects and events to geographic information with a vector-based GIS to display them on a vector-based digital map, thereby providing an intuitive and realistic interface to a manager. Accordingly, the apparatus can display a more accurate location than an image-based map, and can select a kind of map information that is desired by a user to configure a map screen. | 05-26-2011 |
20120096150 | METHOD AND SYSTEM FOR PROVIDING NETWORK MONITORING, SECURITY EVENT COLLECTION APPARATUS AND SERVICE ABNORMALITY DETECTION APPARATUS FOR NETWORK MONITORING - A network monitoring system includes: a traffic information generating apparatus for generating traffic information. Further, the network monitoring system includes a security event collecting apparatus for collecting the traffic information generated by the traffic information generating apparatus by referring to pre-stored traffic information, grouping the collected traffic information, and then extracting service information. Furthermore, the network monitoring system includes a service abnormal condition detecting apparatus for detecting a port number of a transport layer of service information extracted from the security event collecting apparatus and the occurrence frequency of the transport layer, determining the continuity of the port number and the uniformity of the occurrence frequency, and displaying a service abnormal condition. | 04-19-2012 |
20120117034 | CONTEXT-AWARE APPARATUS AND METHOD - Disclosed herein is a context-aware apparatus and method. The context-aware apparatus includes a microblog monitoring unit, a web information collection unit, a microblog information collection unit, and a context-aware information creation unit. The microblog monitoring unit monitors the written information of one or more microblogs, and extracts at least one keyword corresponding to a set topic from the written information. The web information collection unit collects web information corresponding to the keyword from webpages. The microblog information collection unit collects microblog information corresponding to the written information including the keyword from the microblogs. The context-aware information creation unit creates context-aware information using the web information and the microblog information. | 05-10-2012 |
20120159650 | APPARATUS AND METHOD FOR RECOGNIZING SECURITY SITUATION AND GENERATING SITUATION INFORMATION BASED ON SPATIAL LINKAGE OF PHYSICAL AND IT SECURITY - An apparatus for recognizing security situation and generating situation information based on spatial linkage of physical and IT security, the apparatus includes: a security event collection unit for mapping, when a security event is detected from a security device, unique information of the security device to a location or an object in a real space, and collecting correlated security events based on the mapped information; a security situation awareness unit for determining a type of a security situation and a degree of threat based on the correlated security events; and a situation information generation unit for analyzing a correlation between the correlated security events and the security event to generate security situation information. | 06-21-2012 |
20130050496 | SECURITY MONITORING METHOD AND APPARATUS USING AUGMENTED REALITY - Disclosed is a security monitoring apparatus using augmented reality, including: an integrated event collector that collects events generated in a physical security region and an information security region; a security condition information generator that generates security condition information about each object to be monitored based on the collected events; and a security condition display unit that augments and displays the security condition information about the objects to be monitored existing in the videos photographed by cameras in the videos. | 02-28-2013 |
20130091085 | INSIDER THREAT DETECTION DEVICE AND METHOD - The present invention relates to an insider threat detection device and method which collects and analyzes a variety of information generated by insiders working for an organization, such as behaviors, events, and states of the insider, and detects an abnormal insider who may become a potential threat. According to the present invention, the insider threat detection method and apparatus analyzes information related to insiders using the correlation analysis method, and previously detects an abnormal sign of an insider who may become a potential threat to an organization, which makes it possible to protect the organization from attacks on systems inside the organization or seizure of important information inside the organization. | 04-11-2013 |
20130234928 | APPARATUS AND METHOD FOR CONTROLLING SCREEN - An apparatus for controlling a screen includes a data reception unit configured to receive data and one or more events to be displayed on a screen; and a user input unit configured to provide input information attributable to manipulation of a user input device. Further, the apparatus for controlling the screen includes a screen control unit configured to determine whether to update or switch the screen based on the events and the input information. | 09-12-2013 |
20130283061 | IMAGE PROCESSING METHOD AND APPARATUS FOR PRIVACY PROTECTION OF CAPTURED IMAGE - Provided are an image processing method and method for privacy protection of a captured image. The image processing method divides an original image into a plurality of regions, assigns access privileges to the respective regions, and encrypts the regions, and provides an image by performing masking to each region or provides an image without performing masking, based on the access privilege of an image access request, and achieving privacy protection from the leakage of an original image. Accordingly, when storing a captured PC screen image and providing the stored image, an image region having no relation to a user's activities is stored after hierarchical encryption, preventing privacy infringement. | 10-24-2013 |
20140115326 | APPARATUS AND METHOD FOR PROVIDING NETWORK DATA SERVICE, CLIENT DEVICE FOR NETWORK DATA SERVICE - An apparatus for providing a network data service, comprising: a packet distributor for dividing data inputted through a transmission side network in the unit of a packet and distributing the divided packet data in parallel; an area detection unit for detecting an object in an interest area in the packet data distributed in parallel and performing encryption on the detected object in the interest area; and a data transmission unit for transmitting the packet data encrypted by the area detection unit to a reception side network. | 04-24-2014 |
20140160228 | APPARATUS AND METHOD FOR MODULATING IMAGES FOR VIDEOTELEPHONY - A videotelephony image modulation apparatus and method detects an event having a possibility of information leakage by analyzing an image and provides a secured calling mode of masking all or a part of the image and transmitting a masked image obtained through the masking. | 06-12-2014 |
20140214885 | APPARATUS AND METHOD FOR GENERATING EVIDENCE VIDEO - Disclosed herein are an apparatus and method for generating evidence video. The apparatus includes a video object indexing unit, a video object search unit, and an evidence video generation unit. The video object indexing unit recognizes an object by storing and analyzing videos received from multiple surveillance cameras, extracts the features of the recognized object, and then generates object metadata. The video object search unit compares received search conditions with the object metadata, and then outputs search results, including the feature information of at least one object, which corresponds to the search conditions. The evidence video generation unit generates an evidence video by aggregating only videos including a specific object selected from the search results. | 07-31-2014 |