Abstract: An apparatus for controlling a vehicle includes a relay which is controlled to close to supply a power from a battery to an electric field load or is controlled to open to block the power, a sensor that detects a state of charge (SOC) value of the battery and opening and closing of a door of the vehicle, and a controller that is configured to control the relay to close based on the power supplied from the battery or a power of an external power device, when the controller concludes that the SOC value of the battery is less than a first reference value and that the door is opened, and charges the battery with the power supplied from the external electronic device.

Abstract: Provided is a method of operating a terminal. The method includes determining a profile item applicable to the profile view for the account based on an input received by the terminal and a coordinate indicating a position where the profile item is provided on the profile view. The method includes displaying the profile item on a screen of the terminal based on the determined profile item and the determined coordinate. The method includes receiving an input related to the profile item, and displaying a visual effect corresponding to the input on the screen.

Abstract: Provided is a method for detecting abnormal traffic. The method comprises collecting non-access stratum (NAS) traffic between a user equipment (UE) and a mobility management node, identifying a ciphering algorithm supported by the UE from a network access request message transmitted from the UE to the mobility management node, and identifying the UE as a first type of terminal at risk based on a determination that the UE only supports a null ciphering algorithm.

Abstract: Provided is a method for detecting abnormal traffic. The method comprises collecting non-access stratum (NAS) traffic between a user equipment (UE) and a mobility management node, identifying a ciphering algorithm supported by the UE from a network access request message transmitted from the UE to the mobility management node, and identifying the UE as a first type of terminal at risk based on a determination that the UE only supports a null ciphering algorithm.

Abstract: Provided are methods of detecting a Diameter spoofing attack. According to an embodiment, the method comprises, obtaining a normal International Mobile Subscriber Identity (IMSI) from a packet of a Diameter S6a protocol transmitted from a Mobile Management Entity (MME) to a Home Subscriber Server (HSS) of a home network, adding a record comprising the normal IMSI to a session table, obtaining an Insert Subscriber Data Request (IDR) message of the Diameter S6a protocol and determining a category of the IDR message.

Abstract: Disclosed is a method of detecting anomalies suspected of an attack based on time series statistics according to the present invention. The method of detecting anomalies suspected of an attack according to the present invention includes the steps of: collecting log data and traffic data in real-time and extracting at least one piece of preset traffic feature information from the collected log data and traffic data; and training through a time series analysis-based normal traffic training model using the extracted traffic feature information, and detecting abnormal network traffic according to a result of the training.

Abstract: A system for detecting malicious codes based on API includes: a malicious code management server storing first suspected malicious executable files extracted from traffic to be analyzed collected or inputted; and a virtualization analysis server executing the first suspected malicious executable files received from the malicious code management server, extracting first API call information called by malicious codes in user level and in kernel level, and transmitting the extracted first API call information to the malicious code management server.

Abstract: A system for analyzing large-scale malicious codes includes a malicious code management server dividing suspected malicious traffic collected into a plurality of first suspected malicious executable files and transmitting the plurality of first suspected malicious executable files to at least one or more virtualization analysis servers; and the at least one or more virtualization analysis servers executing the plurality of first suspected malicious executable files through a plurality of virtualization analysis agents load-balanced correspondingly to the plurality of first suspected malicious executable files and extracting first API call information called by malicious codes in user level and in kernel level.