WO2014107028A1 - Système de prévention d'invasion de logiciels malveillants, et procédé d'utilisation dudit système de prévention d'invasion de logiciels malveillants - Google Patents

Système de prévention d'invasion de logiciels malveillants, et procédé d'utilisation dudit système de prévention d'invasion de logiciels malveillants Download PDF

Info

Publication number
WO2014107028A1
WO2014107028A1 PCT/KR2014/000012 KR2014000012W WO2014107028A1 WO 2014107028 A1 WO2014107028 A1 WO 2014107028A1 KR 2014000012 W KR2014000012 W KR 2014000012W WO 2014107028 A1 WO2014107028 A1 WO 2014107028A1
Authority
WO
WIPO (PCT)
Prior art keywords
session
data packet
malicious code
external device
intrusion prevention
Prior art date
Application number
PCT/KR2014/000012
Other languages
English (en)
Korean (ko)
Inventor
김주생
한태수
공익선
이우범
Original Assignee
주식회사 안랩
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 안랩 filed Critical 주식회사 안랩
Publication of WO2014107028A1 publication Critical patent/WO2014107028A1/fr

Links

Images

Classifications

    • AHUMAN NECESSITIES
    • A44HABERDASHERY; JEWELLERY
    • A44BBUTTONS, PINS, BUCKLES, SLIDE FASTENERS, OR THE LIKE
    • A44B18/00Fasteners of the touch-and-close type; Making such fasteners
    • A44B18/0003Fastener constructions
    • A44B18/0007Fastener constructions in which each part has similar elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Definitions

  • the present invention relates to the field for preventing malicious intrusion from the outside, and more specifically, to effectively block malicious intrusion from the outside, and to effectively solve the problem of neglecting a shared session caused by intrusion prevention.
  • IPS intrusion prevention system
  • Intrusion Security Solution is a solution that finds and controls data packets invading from the external network to the internal network. It determines whether the data packet is a malicious packet infected with malware and based on the result, IP address, TCP It protects internal resources from unauthorized users or services by blocking external intrusion based on / UDP port number and user authentication.
  • IPS intrusion security solution
  • Drop malicious packet
  • the method of blocking malicious packets by dropping them may block the malicious packets, but may not normally disconnect the session created in this regard. Therefore, if malicious intrusion into the internal network is made through a shared session of the internal network, the existing intrusion security solution (IPS) can drop malicious packets to prevent malicious intrusion. There is no choice but to disconnect the sharing session normally.
  • IPS intrusion security solution
  • the shared sessions can not be released normally and remain / remained due to the malicious packet drop caused by the existing intrusion security solution (IPS) as described above. This, in turn, further limits the number of available shared sessions, which poses a problem for stable system operation.
  • IPS intrusion security solution
  • the present invention can propose a technical method that can effectively solve the problem of neglecting a shared session caused by intrusion blocking while effectively blocking malicious intrusion through a session connected between the terminal system and an external device.
  • Packet confirmation unit for confirming the data packet transmitted through the session connected between the external device and the terminal system;
  • a malicious code infection determination unit determining whether the checked data packet is infected with a malicious code;
  • connecting the session according to the changed data packet in the external device or the terminal system receiving the changed data packet by changing the data packet and transmitting the same through the session when the data packet is infected with a malicious code. It includes a malicious code intrusion prevention to enable the release.
  • a method of operating a malicious code intrusion prevention system including: a packet checking step of confirming a data packet transmitted through a session connected between an external device and a terminal system; A malicious code infection determination step of determining whether the checked data packet is infected with a malicious code; And connecting the session according to the changed data packet in the external device or the terminal system receiving the changed data packet by changing the data packet and transmitting the same through the session when the data packet is infected with a malicious code. It includes a malicious code intrusion prevention step that can be released.
  • the present invention while effectively blocking the malicious intrusion through the session connected between the terminal system and the external device, it can derive the effect that can effectively solve the problem of neglect of the shared session caused by the intrusion blocking.
  • FIG. 1 is an exemplary view showing a configuration of a system to which a malicious code intrusion prevention system according to an embodiment of the present invention is applied.
  • Figure 2 is a block diagram showing the configuration of a malicious code intrusion prevention system according to an embodiment of the present invention.
  • FIG. 3 is an operation flowchart showing a method of operating a malicious code intrusion prevention system according to an embodiment of the present invention.
  • FIG. 1 a system to which a malicious code intrusion prevention system according to an embodiment of the present invention is applied will be described.
  • a system to which a malicious code intrusion prevention system according to an embodiment of the present invention is applied includes a plurality of terminal systems 100 and an external device 300, and a plurality of terminal systems 100 and an external device.
  • Gateway system 200 for supporting and / or monitoring communications between devices 300.
  • the gateway system 200 is a gateway that supports and / or monitors communication between an internal network of a specific company including a plurality of terminal systems 100 and an external network to which the external device 300 belongs, and includes a firewall (not shown). C) router and the like.
  • IPS intrusion prevention system
  • the intrusion security solution determines whether a data packet transmitted between an external network such as an external device 300 and an internal network such as a terminal system 100 is a malicious packet infected with malware and controls the data packet according to the result. This protects internal resources from unauthorized users or services.
  • IPS intrusion security solution
  • Malware intrusion prevention system may be configured to be included in each of the plurality of terminal system 100, may be configured to be included in the external device 300, the gateway system 200 It may be configured to be included in.
  • the packet confirmation unit 410 for confirming the data packet transmitted through the session connected between the external device 300 and the terminal system 110 and the The malicious code infection determination unit 420 determines whether the identified data packet is infected with the malicious code, and if the data packet is infected with the malicious code, the data packet is changed and then transmitted through the session. It includes a malicious code intrusion prevention unit 440 to allow the external device 300 or the terminal system 110 to receive the data packet to disconnect the session according to the changed data packet.
  • the terminal system 110 is one of a plurality of terminal systems 100 included in an internal network of a specific company, and may be, for example, a computer.
  • the external device 300 is a device included in the external network from the standpoint of the internal network of a specific company including the terminal system 110, and may be a computer of another person who is not a member of the specific company described above, and provides a service function. It may be a server.
  • a session is connected between the terminal system 100 and the external device 300 by either attempt by the terminal system 110 of the internal network or by the external device 300 of the external network.
  • communication can be performed while transmitting data packets to and from each other.
  • the packet checking unit 410 of the malware intrusion prevention system 400 checks the data packet transmitted through the session connected between the external device 300 and the terminal system 110. .
  • the packet acknowledgment unit 410 is a data packet and the terminal system 110 transmitted from the external device 300 to the terminal system 110 through a session connected between the external device 300 and the terminal system 110. Check each data packet transmitted to the terminal external device 300.
  • the malicious code infection determination unit 420 determines whether the data packet confirmed by the packet identification unit 410 is infected with the malicious code.
  • the malicious code infection determination unit 420 is a data packet confirmed by the packet identification unit 410, that is, a data packet transmitted from the external device 300 to the terminal system 110 and the terminal system 110. It may be determined whether or not each of the data packets transmitted from the terminal to the external device 300 is infected with malicious code.
  • the malicious code infection determination unit 420 determines whether or not the data packet is infected with the malicious code based on a predetermined malicious code signature or an attack pattern based on a previous malicious code.
  • IPS intrusion security solution
  • IDS intrusion detection solution
  • the malware intrusion prevention unit 440 receives the changed data packet by changing the data packet and transmitting it through the session when the data packet is infected with the malicious code as a result of the determination of the malicious code infection determination unit 420.
  • the external device 300 or the terminal system 110 may disconnect the session according to the changed data packet.
  • the malicious code intrusion prevention unit 440 determines that the data packet is infected with the malicious code as a result of the determination of the malicious code infection determination unit 420, the external device 300 after changing the corresponding data packet infected with the malicious code. And the terminal system 110 to disconnect the session according to the changed data packet in the external device 300 or the terminal system 110 that receives the changed data packet. To make it possible.
  • the malware intrusion prevention unit 440 removes the malicious code from the data packet and checks a specific field indicating a state related to the session in the data packet.
  • the information in the specific field may be changed to information for inducing disconnection of the session.
  • the malicious code intrusion prevention unit 440 analyzes the data packet determined to be infected with the malicious code as a result of the malicious code infection determination unit 420 to remove the malicious code.
  • the malware intrusion prevention unit 440 may be able to find and remove a malicious code infected portion of the data packet determined to be infected with the malicious code by adopting any one of the existing malicious code treatment algorithms.
  • the malicious code intrusion prevention unit 440 checks a specific field indicating a state related to the session in the data packet from which the malicious code has been removed, and changes the information recorded in the identified specific field into information which induces disconnection of the session. Can be recorded.
  • the position of a specific field indicating a state related to a session in the data packet may vary depending on the format of the data packet and the type of session.
  • the malicious code intrusion prevention unit 440 is based on the format of the data packet and the type of the session identified by at least one of the current packet identification unit 410 and the malicious code infection determination unit 420.
  • the position of the above-described specific field may be identified, and the information recorded in the specific field may be changed and recorded into information that induces disconnection of the session.
  • the information for inducing the disconnection of the session may include predetermined error identification information to identify that an error occurs in data packet transmission through the session, and the external device 300 and the terminal system 110 connected through the session. It may include at least one of the predetermined session end identification information to identify that the session termination occurs by at least one of.
  • the information for inducing the disconnection of the session may include a session due to a failure of a communication network supporting a session connected between the external device 300 and the terminal system 110 or a failure of the external device 300 or the terminal system 110. It may include a predetermined error occurrence identification information according to the communication standard to indicate that an error occurs in the data packet transmission between the external device 300 and the terminal system 110 through.
  • the information for inducing the disconnection of the session includes session termination identification information previously designated according to a communication standard to indicate that a request for termination of the session occurs by at least one of the external device 300 and the terminal system 110. can do.
  • the malicious code intrusion prevention unit 440 changes the information recorded in a specific field in the data packet from which the malicious code is removed to information that induces disconnection of the session, that is, session termination identification information or error occurrence identification information. Through the session connected between the external device 300 and the terminal system 110 to be transmitted in the original transmission direction.
  • the specific field of the changed data packet is received. I will disconnect the session according to the information that induces disconnection of my recorded session.
  • the external device 300 or the terminal system 110 that receives the changed data packet checks the error occurrence identification information as information for inducing connection release, a failure of the communication network or the external device 300 or the terminal system It is recognized that an error occurs in data packet transmission between the external device 300 and the terminal system 110 through the session due to the failure of 110.
  • the external device 300 or the terminal system 110 that receives the changed data packet will release the session connection with the counterpart by performing a session disconnection procedure due to a preset series of errors.
  • the external device 300 or the terminal system 110 that receives the changed data packet checks the session termination identification information as information for inducing connection release, the external device 300 or the terminal system 110 may be configured. It is recognized that at least one request for terminating a session occurs.
  • the external device 300 or the terminal system 110 that receives the changed data packet will release the session connection with the counterpart by performing a session disconnection procedure caused by a preset session termination request.
  • the malware intrusion prevention system 400 determines whether the malware infection of the data packet transmitted through the session connected between the terminal system 110 and the external device 300 If it is judged that the data packet is infected with malicious code, instead of simply blocking the data packet infected with the malicious code as in the existing intrusion security solution (IPS), instead of blocking malicious intrusion from the outside, it is malicious. After changing the data packet infected with the code, it is transmitted in the original transmission direction through a session connected between the external device 300 and the terminal system 110.
  • IPS intrusion security solution
  • the malware intrusion prevention system 400 may disconnect the session according to the changed data packet in the external device 300 or the terminal system 110 that receives the changed data packet. As a result, it is possible to derive the effect of preventing the malicious intrusion from the outside and at the same time disconnecting the session normally.
  • the malware intrusion prevention system 400 may further include a session confirmation unit 420.
  • the session check unit 420 determines that the data packet is infected with the malicious code as a result of the determination of the malicious code infection determination unit 420 as described above, the session connected between the external device 300 and the terminal system 110 is connected to the terminal.
  • the system 110 checks whether a predetermined sharing session is established.
  • the malicious code intrusion prevention unit 440 determines that the data packet is infected with the malicious code as a result of the determination of the malicious code infection determination unit 420, the corresponding data packet infected with the malicious code is transmitted from the session checking unit 420. Only when it is confirmed that the session is a shared session, the data packet may be changed as described above and then transmitted through the session.
  • the malicious code intrusion prevention unit 440 determines that the data packet is infected with the malicious code as a result of the determination of the malicious code infection determination unit 420, the corresponding data packet infected with the malicious code is detected by the session verification unit 420. Only when it is confirmed that the transmitted session is a shared session, the data packet determined to be infected with the malware is analyzed as described above to remove the malware, and the information recorded in a specific field in the data packet from which the malware is removed is connected to the session. After changing to information that induces release, that is, session termination identification information or error occurrence identification information, the transmission is performed in the original transmission direction through a session connected between the external device 300 and the terminal system 110.
  • the packet in which the malicious code is removed and the cause of malicious intrusion is removed is transmitted in the direction of the original transmission through the session, and received it, the packet is changed as described above.
  • the session connection with the other party will be disconnected according to the information inducing the disconnection of the recorded session in the specific field of the data packet.
  • the malicious code intrusion prevention unit 440 determines that the data packet is infected with the malicious code as a result of the determination of the malicious code infection determination unit 420, the data packet infected by the malicious code in the session identification unit 420 is If the transmitted session is found not to be a shared session, it may be possible to prevent malicious intrusion from the outside by dropping the data packet infected with malware as in the existing intrusion security solution (IPS).
  • IPS intrusion security solution
  • the malware intrusion prevention system 400 of the present invention determines whether the malware infection of the data packet transmitted through the session connected between the terminal system 110 and the external device 300 If it is determined that the data packet is infected with the malicious code, only if the connected session is a shared session, the data packet infected with the malicious code is changed and then connected through the session connected between the external device 300 and the terminal system 110. To be transmitted in the original transmission direction.
  • the malware intrusion prevention system 400 of the present invention allows the external device 300 or the terminal system 110 to receive the changed data packet to disconnect the session according to the changed data packet. As a result, it is possible to derive the effect of preventing a malicious intrusion from the outside and disconnecting the session normally.
  • the malware intrusion prevention system monitors a data packet transmitted through a session connected between a terminal system and an external device, and detects the data packet infected with the malware, and detects the data packet. After changing (treatment (removal of malware), information recording to induce disconnection of session), it is transmitted in the original transmission direction, so that the external device or terminal system that receives the changed data packet is used to change the session according to the changed data packet.
  • the connection can be disconnected, thereby effectively preventing malicious intrusion from the outside, while effectively preventing the problem of neglecting a shared session caused by the intrusion prevention of the existing intrusion prevention solution (IPS).
  • IPS intrusion prevention solution
  • FIG. 3 a method of operating a malicious code intrusion prevention system according to an embodiment of the present invention will be described in detail with reference to FIG. 3.
  • FIGS. 1 and 2 the configuration shown in FIGS. 1 and 2 described above will be described with reference to the corresponding reference numerals.
  • the method of operating a malicious code intrusion prevention system checks a data packet transmitted through a session connected between the external device 300 and the terminal system 110 (S100).
  • the operation method of the malicious code intrusion prevention system is transmitted from the external device 300 to the terminal system 110 through a session connected between the external device 300 and the terminal system 110.
  • Each of the data packets and the data packets transmitted from the terminal system 110 to the terminal external device 300 are identified.
  • step S100 it is determined whether the data packet identified in step S100 is infected with malware (S110).
  • the operation method of the malware intrusion prevention system includes a data packet checked in step S100, that is, a data packet and a terminal system transmitted from the external device 300 to the terminal system 110.
  • a data packet checked in step S100 that is, a data packet and a terminal system transmitted from the external device 300 to the terminal system 110.
  • Each of the data packets transmitted from the 110 to the terminal external device 300 may be determined to be infected with a malicious code.
  • the data packet is transmitted in a direction in which it is originally transmitted through a session. (S140).
  • the session connected between the external device 300 and the terminal system 110 is a terminal.
  • the system 110 checks whether it is a predetermined sharing session (S120).
  • step S120 when it is determined in step S120 that the session in which the data packet infected with the malicious code is transmitted is a shared session, the data packet infected with the malicious code After changing (S130), to be transmitted through the session (S140).
  • the operation method of the malware intrusion prevention system changes the data packet infected with the malicious code only when it is confirmed that the session in which the data packet infected with the malicious code is transmitted is a shared session. After that (S130), by being transmitted in the original transmission direction through a session connected between the external device 300 and the terminal system 110 (S140), the external device 300 or the terminal system 110 for receiving the changed data packet ) To disconnect the session according to the changed data packet.
  • step S130 of changing the data packet, the operation method of the malware intrusion prevention system according to an embodiment of the present invention removing the malicious code from the data packet, and the session and the session in the data packet; By identifying a specific field indicating a related state, information in the specific field may be changed to information for inducing disconnection of the session.
  • the operation method of the malicious code intrusion prevention system analyzes the data packet determined to be infected with the malicious code and removes the malicious code.
  • the operation method of the malware intrusion prevention system according to an embodiment of the present invention by adopting any one of the existing malicious code treatment algorithm, finds the infected part in the data packet determined to be infected with the malicious code It will be possible to remove.
  • the method for operating a malicious code intrusion prevention system checks a specific field indicating a state related to a session in a data packet from which the malicious code is removed, and records information recorded in the identified specific field of the session. The information can be changed and recorded to induce disconnection.
  • the information for inducing the disconnection of the session may include predetermined error identification information to identify that an error occurs in data packet transmission through the session, and the external device 300 and the terminal system 110 connected through the session. It may include at least one of the predetermined session end identification information to identify that the session termination occurs by at least one of.
  • the information for inducing the disconnection of the session may include a session due to a failure of a communication network supporting a session connected between the external device 300 and the terminal system 110 or a failure of the external device 300 or the terminal system 110. It may include a predetermined error occurrence identification information according to the communication standard to indicate that an error occurs in the data packet transmission between the external device 300 and the terminal system 110 through.
  • the information for inducing the disconnection of the session includes session termination identification information previously designated according to a communication standard to indicate that a request for termination of the session occurs by at least one of the external device 300 and the terminal system 110. can do.
  • the method of operating the malware intrusion prevention system includes information recorded in a specific field in a data packet from which the malicious code is removed, information that induces disconnection of a session, that is, session termination identification information or an error. After the change to the identification information (S130), through the session connected between the external device 300 and the terminal system 110 to be transmitted in the original transmission direction (S140).
  • the specific field of the changed data packet is received. I will disconnect the session according to the information that induces disconnection of my recorded session.
  • the external device 300 or the terminal system 110 that receives the changed data packet checks the error occurrence identification information as information for inducing connection release, a failure of the communication network or the external device 300 or the terminal system It is recognized that an error occurs in the transmission of the data packet between the external device 300 and the terminal system 110 through the session due to a failure of 110, and thus, a session disconnection procedure due to a preset series of errors. By doing this, you will disconnect the session with the other party.
  • the external device 300 or the terminal system 110 that receives the changed data packet checks the session termination identification information as information for inducing connection release
  • the external device 300 or the terminal system 110 may be configured. It is recognized that the request for the end of the session is generated by at least one. Accordingly, the session connection with the counterpart will be released by performing a session disconnection procedure due to a preset series of end request.
  • the operation method of the malware intrusion prevention system if the session in which the corresponding data packet transmitted to the malicious code is transmitted in step S120 is confirmed that the shared session is not, the corresponding data infected with the malicious code By dropping the packet as in the conventional intrusion security solution (IPS) (S150), malicious intrusion from the outside may be prevented.
  • IPS intrusion security solution
  • the operation method of the malware intrusion prevention system monitors data packets transmitted through a session connected between a terminal system and an external device, and when a data packet infected with malware is found.
  • Modified data packet in the external device or terminal system that receives the changed data packet by changing the data packet (removal (removal of malware), recording the information to induce the disconnection of the session) and then transmitting it in the original transmission direction.
  • the session can be disconnected, thereby effectively preventing malicious intrusion from the outside and effectively solving the problem of neglecting the shared session caused by the intrusion prevention of the existing intrusion prevention solution (IPS).
  • IPS intrusion prevention solution
  • the method of operating a malicious code intrusion prevention system may be implemented in the form of program instructions that can be executed by various computer means and recorded in a computer readable medium.
  • the computer readable medium may include program instructions, data files, data structures, etc. alone or in combination.
  • Program instructions recorded on the media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks, such as floppy disks.
  • Magneto-optical media and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like.
  • program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.
  • the hardware device described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un système permettant d'éviter une invasion de logiciels malveillants et un procédé permettant d'utiliser le système de prévention d'invasion de logiciels malveillants. Des modes de réalisation de l'invention concernent une technologie qui surveille un paquet de données transmis par le biais d'une session connectée entre un système terminal et un dispositif externe, modifie le paquet de données pertinent (traite (supprime le logiciel malveillant) et enregistre des informations pour induire une déconnexion de la session) lorsque le paquet de données infecté par un logiciel malveillant est trouvé, et transmet le paquet de données modifié dans la direction de transmission d'origine. Le dispositif externe ou le système terminal qui reçoit le paquet de données modifié peut ainsi déconnecter la session d'après le paquet de données modifié. En conséquence, une invasion malveillante par une source externe peut être évitée de manière efficace, et le problème de négligence d'une session partagée provoqué par la prévention de l'invasion peut être résolu efficacement.
PCT/KR2014/000012 2013-01-02 2014-01-02 Système de prévention d'invasion de logiciels malveillants, et procédé d'utilisation dudit système de prévention d'invasion de logiciels malveillants WO2014107028A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020130000371A KR101375840B1 (ko) 2013-01-02 2013-01-02 악성코드 침입 방지시스템 및 악성코드 침입 방지시스템의 동작 방법
KR10-2013-0000371 2013-01-02

Publications (1)

Publication Number Publication Date
WO2014107028A1 true WO2014107028A1 (fr) 2014-07-10

Family

ID=50649048

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2014/000012 WO2014107028A1 (fr) 2013-01-02 2014-01-02 Système de prévention d'invasion de logiciels malveillants, et procédé d'utilisation dudit système de prévention d'invasion de logiciels malveillants

Country Status (2)

Country Link
KR (1) KR101375840B1 (fr)
WO (1) WO2014107028A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104899513B (zh) * 2015-06-01 2018-06-19 上海云物信息技术有限公司 一种工业控制系统恶意数据攻击的数据图检测方法
KR101848428B1 (ko) * 2017-10-20 2018-05-28 (주)세영통신 유선 통신기반의 보안 기능 향상을 위한 라우팅 방법 및 유선 통신기반의 보안 기능을 갖는 엔트리 라우터 시스템

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080076638A (ko) * 2007-02-16 2008-08-20 주식회사 아이앤아이맥스 네트워크로 연결된 컴퓨터 장치들에 대한 통신제어 기반의바이러스 치료 및 패칭 방법과 그 시스템
KR20090087726A (ko) * 2008-02-13 2009-08-18 한양대학교 산학협력단 악성 코드 탐지 방법 및 그 장치
KR100973076B1 (ko) * 2009-08-28 2010-07-29 (주)넷코아테크 분산 서비스 거부 공격 대응 시스템 및 그 방법

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080076638A (ko) * 2007-02-16 2008-08-20 주식회사 아이앤아이맥스 네트워크로 연결된 컴퓨터 장치들에 대한 통신제어 기반의바이러스 치료 및 패칭 방법과 그 시스템
KR20090087726A (ko) * 2008-02-13 2009-08-18 한양대학교 산학협력단 악성 코드 탐지 방법 및 그 장치
KR100973076B1 (ko) * 2009-08-28 2010-07-29 (주)넷코아테크 분산 서비스 거부 공격 대응 시스템 및 그 방법

Also Published As

Publication number Publication date
KR101375840B1 (ko) 2014-03-17

Similar Documents

Publication Publication Date Title
WO2013055091A1 (fr) Procédé et système de stockage d'informations à l'aide d'une communication tcp
WO2010062045A2 (fr) Système de sécurité et procédé pour système de communication sans fil
WO2012153913A1 (fr) Procédé de défense contre une attaque par usurpation d'identité à l'aide d'un serveur de blocage
WO2017034072A1 (fr) Système de sécurité de réseau et procédé de sécurité
WO2015129934A1 (fr) Procédé et dispositif de détection de canal de contrôle de commande
WO2019124976A1 (fr) Système et procédé pour la fourniture d'un réseau véhiculaire sécurisé
WO2011105659A1 (fr) Système, procédé, programme, et support d'enregistrement pour la détection et le blocage en temps réel de programmes nuisibles par le biais d'analyse comportementale d'un processus
WO2013002538A2 (fr) Procédé et appareil destinés à empêcher une attaque de déni de service distribuée
WO2013085217A1 (fr) Système de gestion de la sécurité ayant de multiples serveurs de relais, et procédé de gestion de la sécurité
WO2022235007A1 (fr) Système de commande d'accès au réseau basé sur un dispositif de commande, et son procédé
WO2004070583A2 (fr) Commande de reseau sans fil et systeme de protection
WO2021112494A1 (fr) Système et procédé de détection et de réponse de type gestion basée sur des points d'extrémité
JP2006243878A (ja) 不正アクセス検知システム
JP2008054204A (ja) 接続装置及び端末装置及びデータ確認プログラム
JP2008276457A (ja) ネットワーク保護プログラム、ネットワーク保護装置およびネットワーク保護方法
JP2011151514A (ja) トラフィック量監視システム
WO2014107028A1 (fr) Système de prévention d'invasion de logiciels malveillants, et procédé d'utilisation dudit système de prévention d'invasion de logiciels malveillants
JP4278593B2 (ja) アプリケーション型サービス不能攻撃に対する防御方法およびエッジ・ルータ
KR101463873B1 (ko) 정보 유출 차단 장치 및 방법
JP2007251906A (ja) フレーム中継装置及びフレーム検査装置
JP3966231B2 (ja) ネットワークシステムと不正アクセス制御方法およびプログラム
WO2018088680A1 (fr) Système de sécurité et procédé de traitement de demande d'accès à un site bloqué
WO2016200232A1 (fr) Système et procédé destinés à un serveur à distance en cas de défaillance d'un serveur de rétablissement
WO2018056582A1 (fr) Procédé d'inspection de paquet à l'aide d'une communication ssl
WO2019112215A1 (fr) Système de détermination de mauvaise conduite et procédé de détermination de mauvaise conduite dans un environnement de communication v2x

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14735326

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14735326

Country of ref document: EP

Kind code of ref document: A1