ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

특허 검색
구분 출원국
출원년도 ~ 키워드

상세정보

등록 네트워크 공격 탐지 장치 및 방법

네트워크 공격 탐지 장치 및 방법
이미지 확대
발명자
김익균, 최양서, 김대원, 오진태, 장종수
출원번호
11926132 (2007.10.29)
공개번호
20080134334 (2008.06.05)
등록번호
8095973 (2012.01.10)
출원국
미국
협약과제
06MK2400, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
초록
There are provided a network attack detection apparatus and method capable of determining even unknown network attack, the apparatus connected between two networks or connected by port mirroring of an Ethernet switch to real-time monitor all packets flowing through the networks. The apparatus decodes a payload portion of an inputted network packet into a machine code instruction, determines whether an executable code is included in the decoded machine code by analyzing relationship between instructions, and determines whether the packet is harmful based on statistics with respect to a possibility that an executable code exists in a service and a certain transaction of the service when the executable code is included.
KSP 제안 키워드
Attack Detection, Ethernet switch, Machine code, Network Attacks, Network attack detection, Real-Time, Real-time monitor, network packets