BROWSE
Detail
Registered APPARATUS AND METHOD FOR DETECTING NETWORK ATTACK
- Inventors
- Kim Ik Kyun, Kim Dae Won, Choi Yangseo, Oh Jintae, Jong Soo Jang
- Application No.
- 11926132 (2007.10.29)
- Publication No.
- 20080134334 (2008.06.05)
- Registration No.
- 8095973 (2012.01.10)
- Country
- UNITED STATES
- Project Code
- 06MK2400, Development of Signature Generation and Management Technology against Zero-day Attack, Jong Soo Jang
- Abstract
- There are provided a network attack detection apparatus and method capable of determining even unknown network attack, the apparatus connected between two networks or connected by port mirroring of an Ethernet switch to real-time monitor all packets flowing through the networks. The apparatus decodes a payload portion of an inputted network packet into a machine code instruction, determines whether an executable code is included in the decoded machine code by analyzing relationship between instructions, and determines whether the packet is harmful based on statistics with respect to a possibility that an executable code exists in a service and a certain transaction of the service when the executable code is included.
- KSP Keywords
- Attack Detection, Ethernet switch, Machine code, Network Attacks, Network attack detection, Real-Time, Real-time monitor, network packets